Configure High Availability (Active/Standby) of BIG-IP F5 LTMs

HA Prerequisites:

  1. All devices in device group are running the same version of BIG-IP system software.
  2. Configure NTP and verify that both devices show same date and time.

 

You must perform this task locally on each device in the device group.

Step 1: Create dedicated VLAN and Self IP for HA:

Here we have chosen interface 1.1 for HA function and a cross network cable is connected back to back between both F5 devices. Keep VLAN configuration exactly as below, as untagged interface.

f5-ha-interface-configuration

I have chosen an unused subnet 192.168.255.1/24 for HA heartbeat to work. You now configure active device as 192.168.255.1 and peer as 192.168.255.2. Make sure you configure these Self IPs as non-floating.

f5-self-ip-ha

HostGator $2.75 per month
HostGator
24/7/365 Technical Support, Free Site Building Tools, 4500 Website Templates, Free Shopping Cart Software, Ideal for WordPress, 45 Day Money Back Guarantee

On the peer device, configure similar HA VLAN and IP address as 192.168.255.1

 

All in One WordPress Hosting Starts at 30$ per month
All in One WordPress Hosting
WordPress
High optimized WordPress hosting, secure firewall, HTTPS, Backup, hack-fix guarantee and many others at 30$ per month

Step 2: Configure ‘config sync’:

Specify IP address that is used to synchronize their configuration objects by other devices in the device group to the local device.

  1. Click Device Management > Devices
  2. Click device name to which you are currently logged in.
  3. Under Device Connectivity menu, choose ConfigSync
  4. Choose the self IP address configured earlier and Update. This address must be a non-floating self IP address and not a management IP address. In v10, you were able to choose Management address, however on v11 onwards, you cannot choose it.

f5-configsync-ip-address

On the peer device, choose 192.168.255.2 (ha) for Config Sync.

 

Step 3: Configure ‘Failover’ communication:

Specify the local IP addresses that you want other devices in the device group to use for continuous health-assessment communication with the local device.

  1. Click Device Management > Devices
  2. Click name of the device that you are currently logged in
  3. From Device Connectivity menu, choose Failover
  4. Click Add for each IP address on this device that other devices in the device group can use to exchange failover messages with this device.

Type a self IP address associated with an internal VLAN (preferably VLAN HA) and the management IP address ( its 172.20.135.31). When the device reboots, Management IP becomes active first before Self IPs, hence to avoid both devices operate as active and cause unexpected results, we add management IP on the heart beat list.

f5-failover

On the peer device, choose 192.168.255.2 (VLAN HA) and 172.20.135.32 (management IP address).

 

Step 4. Establish Device Trust:

Now you are going to add the peer device on the trusted device list. Before that, you set and force the peer device to be Offline. Login to ‘peer’ device, choose Devices, select the listed device and click Force Offline.

Now come back to active device,

  1. Click Device Management > Device Trust > Peer List > Click Add
  2. Type IP address 172.20.135.32, username and password of the remote BIG-IP device with which you want to establish trust.
  3. Click Retrieve Device Information
  4. Verify name of remote device is correct and click Finished.

f5-device-trust-peer-list

On the peer device, perform same steps and specify device IP address as 172.20.135.31

 

Step 5: Create Sync-Failover device group:

If an active device in a Sync-Failover device group becomes unavailable, the configuration objects fail over to another member of the device group and traffic processing is unaffected. You perform this task on any one of the authority devices within the local trust domain.

  1. Click Device Management > Device Groups > Click Create
  2. Type name of the service group
  3. Choose group type as Sync-Failover
  4.  Add all available members that you want to include in sync-failover device group.

f5-device-group-sync-failover

Network Failover: You must enable network failover for any device group that contains three or more members. Select the checkbox if you want device group members to handle failover communications by way of network connectivity. Clear the check box if you want device group members to handle failover communications by way of serial cable (hard-wired) connectivity.

Automatic Sync : F5 recommends that you manually sync the configuration changes to peer device so if you accidentally misconfigured your active device, you can quickly sync and recover the configuration from peer device. So keep this unchecked.

Full Sync: Select the check box when you want all sync operations to be full syncs. In this case, the BIG-IP system syncs the entire set of BIG-IP configuration data whenever a config sync operation is required.

Clear the check box when you want all sync operations to be incremental (the default setting). In this case, the BIG-IP system syncs only the changes that are more recent than those on the target device. When you select this option, the BIG-IP system compares the configuration data on each target device with the configuration data on the source device and then syncs the delta of each target-source pair.

If you enable incremental synchronization, the BIG-IP system might occasionally perform a full sync for internal reasons. This is a rare occurrence and no user intervention is required.

  1. Click Finished.

 

Step 6: Sync configuration to the device group: This task synchronizes the BIG-IP configuration data from the local device to the devices in the device group.

When synchronizing self IP addresses, the BIG-IP system synchronizes floating self IP addresses only. Except for non-floating self IP addresses, the entire set of BIG-IP configuration data is replicated on each device in the device group.

  1. Click Device Management > Overview
  2. In the Devices area of the screen, in the Sync Status column, select the device that shows a sync status of Changes Pending.
  3. Click Sync Devices to Group
  4. Click Sync

 

Step 7: Configure Network mirroring (Connection mirroring): 

When an active unit becomes unavailable, the connections are dropped unless you have configured network mirroring. Network mirroring feature on the BIG-IP system duplicates a units state (that is, real-time connection and persistence information) on the peer unit.

  1. Click Device Management > Devices
  2. Click device name to which you are currently logged in.
  3. Under Device Connectivity menu, choose Mirroring
  4. The recommended IP address is the self IP address for either VLAN HA or VLAN internal.
  5. The secondary Local Mirror address is optional. The system uses this IP address in the event that the primary mirroring address becomes unavailable.

f5-mirror-ha-address