How to Configure High-Availability in F5--
Before connecting the device to HA device, Make sure -
-->> All devices in the device group are running the same version of BIG-IP system software
-->> Configure NTP and verify that both devices show same date and time.
There are some steps below to configure HA.
Step 1- Create dedicated VLAN and Self IP for HA:
Chosen interface 1.1 for HA function
Chosen an unused subnet 192.168.1.1/24 for HA heartbeat to work. You now configure the active device as 192.168.255.1 and peer as 192.168.1.2. Make sure you configure these Self IPs as non-floating.
Step 2 - Configure Sync config--
Define IP address that is used to synchronize their configuration objects by other devices in the device group
Go into Device Management > Devices > Device Connectivity menu, choose ConfigSync
Then Choose the non-floating self-IP address and not a management IP address configured
For peer device, choose exmaple - 192.168.1.2 (ha) for Config Sync
Step 3- Failover Unicast Configuration -->>
Device Management > Devices > From Device Connectivity menu, choose FailoverAdd for each IP address on this device that other devices in the device group can use to exchange failover messages with this device
Self IP address associated with an internal VLAN and the management IP address. When the device reboots, Management IP becomes active first before Self IPs, hence to avoid both devices operate as active and cause unexpected results, we add management IP on the heartbeat list.
Step 4- Configure Device Trust - You are going to add the peer device on the trusted device list. Before that, you set and force the peer device to be Offline. Login to ‘peer’ device, choose Devices, select the listed device and click Force Offline
On the peer device, perform same steps and specify device IP address
Step 5 - Create Sync-Failover device group -
-->> Click Device Management > Device Groups > Click Create
-->> Type the name of the service group
-->> Choose group type as Sync-Failover
-->> Add all available members that you want to include in sync-failover device group.
Network Failover: You must enable network failover for any device group that contains three or more members.
Automatic Sync : F5 recommends that you manually sync the configuration changes to peer device so if you accidentally misconfigured your active device, you can quickly sync and recover the configuration from peer device. So keep this unchecked.
Full Sync: Select the check box when you want all sync operations to be full syncs. In this case, the BIG-IP system syncs the entire set of BIG-IP configuration data whenever a config sync operation is required.
Note - if you enable incremental synchronization, the BIG-IP system might occasionally perform a full sync for internal reasons
Step 6 - Configure Network mirroring (Connection mirroring):
When an active unit becomes unavailable, the connections are dropped unless you have configured network mirroring. Network mirroring feature on the BIG-IP system duplicates a units state (that is, real-time connection and persistence information) on the peer unit.
-->> Click Device Management > Devices
-->> Click device name to which you are currently logged in.
-->> Under Device Connectivity menu, choose Mirroring
-->> The recommended IP address is the self IP address for either VLAN HA or VLAN internal.
-->> The secondary Local Mirror address is optional. The system uses this IP address in the event that the primary mirroring address becomes unavailable.
Using the below CLI command to check HA -
tmsh show sys availability --- Check system availability status
tmsh show sys ha-status --- Check HA status
tmsh show ltm virtual --- Check connection status on VS
show /cm failover-status
show /sys ha-status all-properties
exp-
No comments