Manual Chapter : High Availability (HA) Failover

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
Manual Chapter

High Availability (HA) Failover

High Availability (HA) Failover

Overview

A BIG-IP® system provides high availability via packet mirroring across two chassis. When discussing redundancy, one should consider more than the initial failover. If the backup chassis also fails a fail-back will be required. The following tables provides a quick summary of the initial failover and the fail-back scenarios. Note, a BIG-IP system does not support Geo-Redundant failover. In other words, a BIG-IP system supports the concept of a local HA Pair. However, a BIG-IP system does not support a second HA Pair which will take over if the first HA Pair fails. This type of scenario is required where multiple redundant data centers are available to handle geographic failure scenarios.

SIP HA Support

SIP HA Support
Control Messages
Media
Failover (active failed)
Supported
Supported
Failback (new active failed after old active came back online)
Supported
Partial Support
The above table shows that after the initial failover, if a second failover happens, the media streams, created after the failover, will be maintained. However, media streams created prior to the initial failover will be dropped.

Configuration Guideline

For each BIG-IP in Traffic Group

  1. Check the tmm count to be same on each blade as well as each device.
    1. tmsh list sys db provision.tmmcountactual.
  2. Load the stable build from your branch. (Make sure it’s the same build on each device)
  3. Load the default config. (Start Fresh)
    1. tmsh load sys config default
      .
  4. Configure hostname/users on each device
  5. Provision the device with Management – “Small”, LTM – “Nominal”
  6. Exit wizard by clicking ‘Finished’ on each device
  7. Create vlans (internal/external/HA – advised to create 3 vlans to keep traffic discrete)
    1. GUI:
      1. Network >> vlans >> new
    2. TMSH:
      1. tmsh create net vlan <VLAN_NAME> interfaces add {1.1 {tagged}} tag <TAG_ID>
  8. Create self-ip for each vlan and floating self-ip for both internal and external vlan ( internal,external and HA- with traffic-group-local-only and internal_float, external_float with traffic-group-1)
    1. GUI:
      1. Network >> self-ips >> new
    2. TMSH:
      1. tmsh create net self <SELF_IP_NAME> address <IP_ADDRESS/PREFIX> allow-service default traffic-group <TRAFFIC-GROUP-NAME> vlan <VLAN_NAME>.
  9. Set Config sync address:
    1. GUI:
      1. Device Management >> Devices >> (self device) >> Device Connectivity >> ConfigSync
      2. Specify HA self ip
    2. TMSH:
      1. tmsh modify cm device <DEVICE_NAME> configsync-ip <SYNC_SELF_IP>
  10. Set Mirror address (if mirroring is desired): (For clusters make sure network mirroring is “Between Clusters”.)
    1. GUI:
      1. Device Management >> Devices >> (self device) >> Device Connectivity >> Mirroring
      2. Specify HA self ip
    2. TMSH:
      1. tmsh modify cm device <DEVICE_NAME> mirror-ip <MIRROR_SELF_IP>
  11. Set Failover unicast address(es): (GUI preferred)
    1. GUI:
      1. Device Management >> Devices >> (self device) >> Device Connectivity >> Failover
      2. Add
      3. Specify HA self ip (as well as mgmt. Ip for backup)
    2. TMSH:
      1. tmsh modify cm device <DEVICE_NAME> unicast-address { { effective-ip <HA_IP_ADDRESS>} { effective-ip <MGMT_IP_ADDRESS>}}

Primary BIG-IP

  1. Discover device(s) for trust: (GUI Preferred)
    1. GUI:
      1. Device Management >> Device Trust >> Peer List
      2. Add…
      3. Enter IP and credentials for peer device
    2. TMSH:
      1. tmsh modify cm trust-domain /Common/Root ca-devices add { <IP_OF_REMOTE_DEVICE>} name <NAME_OF_REMOTE_DEVICE> username admin password <ADMIN_PASSWORD>
  2. Each device should now have a trust-sync created device group (not visible) and should show as ‘In Sync’ and ACTIVE
  3. Create a device-group of type sync-failover
    1. GUI:
      1. Device Management >> Device Groups
      2. new
      3. Enter name
      4. Specify type of sync-failover
      5. Specify network failover
      6. Add both devices
      7. Save
    2. TMSH:
      1. tmsh create cm device-group <DGFO_NAME> devices add {<DEVICE_1_NAME>… <DEVICE_2_NAME>} type sync-failover network-failover enabled
  4. Perform initial sync of device-group failover.
    1. GUI:
      1. Device Management >> Overview >> Select device-group failover >> Select a device
      2. Click ‘Sync’
    2. TMSH:
      1. tmsh run cm config-sync to-group <DGFO_NAME>
  5. Devices should now show as ‘In sync’, but one should be ACTIVE the other STANDBY.