Manual Chapter : Creating an Active-Standby Configuration Using the Setup Utility

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 15.0.0, 14.1.0

BIG-IP PEM

  • 15.0.0, 14.1.0

BIG-IP AFM

  • 15.0.0, 14.1.0

BIG-IP Analytics

  • 15.0.0, 14.1.0

BIG-IP ASM

  • 15.0.0, 14.1.0

BIG-IP AAM

  • 15.0.0, 14.1.0

BIG-IP APM

  • 15.0.0, 14.1.0

BIG-IP LTM

  • 15.0.0, 14.1.0
Manual Chapter

Creating an Active-Standby Configuration Using the Setup Utility

Overview: Creating a basic active-standby configuration

This implementation describes how to use the Setup utility to configure two new BIG-IP® devices that function as an active-standby pair. An
active-standby pair
is a pair of BIG-IP devices configured so that one device is actively processing traffic while the other device remains ready to take over if failover occurs. The two devices synchronize their configuration data and can fail over to one another in the event that one of the devices becomes unavailable.
The same version of BIG-IP system software must be running on all devices in the device group.
First, you run the Setup utility on each device to configure base network components (that is, a management port, administrative passwords, and the default VLANs and their associated self IP addresses). Continue running it on each device to establish a trust relationship between the two devices, and create a Sync-Failover type of device group that contains two member devices.
After the Setup utility is run on both devices, each device contains the default traffic group that the BIG-IP system automatically created during setup. A
traffic group
represents a set of configuration objects (such as floating self IP addresses and virtual IP addresses) that process application traffic. This traffic group actively processes traffic on one of the two devices, making that device the active device. When failover occurs, the traffic group becomes active on (that is, floats to) the peer BIG-IP device.
By default, the traffic group contains the floating self IP addresses of the default VLANs. Whenever you create additional configuration objects such as self IP addresses, virtual IP addresses, and SNATs, the system automatically adds these objects to the default traffic group.

Licensing and provisioning the BIG-IP system

Using the Setup utility, you can activate the license and provision the BIG-IP system.
  1. From a workstation attached to the network on which you configured the management interface, type the following URL syntax where
    <management_IP_address>
    is the address you configured for device management:
    https://<management_IP_address>
  2. At the login prompt, type the default user name
    admin
    , and password
    admin
    , and click
    Log in
    .
    The Setup utility screen opens.
  3. Click
    Next
    .
  4. Click
    Activate
    .
    The License screen opens.
  5. In the
    Base Registration Key
    field, paste the registration key.
  6. Click
    Next
    and follow the process for licensing and provisioning the system.
    When you perform the licensing task so that you can run the F5 cloud ADC, you can accept the default provisioning values.
  7. Click
    Next
    .
    This displays the screen for configuring general properties and user administration settings.
The BIG-IP system license is now activated, and the relevant BIG-IP modules are provisioned.

Configuring a device certificate

Import or verify the certificate for the BIG-IP device.
  1. Do one of the following:
    • Click
      Import
      , import a certificate, click
      Import
      , and then click
      Next
      .
    • Verify the displayed information for the certificate and click
      Next
      .

Configuring the management port and administrative user accounts

Configure the management port, time zone, and the administrative user names and passwords.
  1. On the screen for configuring general properties, for the
    Management Port Configuration
    setting, select
    Manual
    .
  2. For the
    Management Port 1
    setting, specify an IP address, network mask, and default gateway.
    You can leave the
    Management Port 2
    setting blank.
  3. In the
    Host Name
    field, type a fully-qualified domain name (FQDN) for the system.
    The FQDN can consist of letters, numbers, and/or the characters underscore ( _ ), dash ( - ), or period ( . ).
  4. For the
    Host IP Address
    setting, retain the default value
    Use Management Port IP Address
    .
  5. From the
    Time Zone
    list, select a time zone.
    The time zone you select typically reflects the location of the F5 system.
  6. For the
    Root Account
    setting, type and confirm a password for the
    root
    account.
    The
    root
    account provides console access only.
  7. For the
    Admin Account
    setting, type and confirm a password.
    Typing a password for the
    admin
    account causes the system to terminate the login session. When this happens, log in to the F5 Configuration utility again, using the new password. The system returns to the appropriate screen in the Setup utility.
  8. For the
    SSH Access
    setting, select or clear the check box.
  9. Click
    Next
    .
  10. In the Standard Network Configuration area of the screen, click
    Next
    .
    This displays the screen for enabling configuration synchronization and high availability.

Enabling ConfigSync and high availability

When you perform this task, you set up config sync and connection mirroring, and you can specify the failover method (network, serial, or both).
  1. For the
    Config Sync
    setting, select the
    Display configuration synchronization options
    check box.
    This causes an additional ConfigSync screen to be displayed later.
  2. For the
    High Availability
    setting, select the
    Display failover and mirroring options
    check box.
    This displays the
    Failover Method
    list and causes additional failover screens to be displayed later.
  3. From the
    Failover Method
    list, select
    Network and serial cable
    .
    If you have a VIPRION system, select
    Network
    .
  4. Click
    Next
    .
    This displays the screen for configuring the default VLAN
    internal
    .

Configuring the internal network

You can use the Setup utility to specify self IP addresses and settings for a VLAN on the BIG-IP internal network. The default VLAN for the internal network is named
internal
.
  1. Specify the
    Self IP
    setting for the internal network:
    1. In the
      Address
      field, type a self IP address.
    2. In the
      Netmask
      field, type a network mask for the self IP address.
    3. For the
      Port Lockdown
      setting, retain the default value.
  2. Specify the
    Floating IP
    setting:
    1. In the
      Address
      field, type a floating IP address.
      This address should be distinct from the address you type for the
      Self IP
      setting.
      If the BIG-IP device you are configuring is accessed using Amazon Web Services and the device needs to failover to a device group peer, use the second, Secondary Private IP address for the floating IP address.
    2. For the
      Port Lockdown
      setting, retain the default value.
  3. For the
    VLAN Tag ID
    setting, retain the default value,
    auto
    .
    This is the recommended value.
  4. For the
    Interfaces
    setting:
    1. From the
      Interface
      list, select an interface number.
    2. From the
      Tagging
      list, select
      Tagged
      or
      Untagged
      .
      Select
      Tagged
      when you want traffic for that interface to be tagged with a VLAN ID.
    3. Click
      Add
      .
  5. Click
    Next
    .
    This completes the configuration of the internal self IP addresses and VLAN, and displays the screen for configuring the default VLAN
    external
    .

Configuring the external network

You can use the Setup utility to specify self IP addresses and settings for a VLAN on the BIG-IP external network. The default VLAN for the external network is named
external
.
  1. Specify the
    Self IP
    setting for the external network:
    1. In the
      Address
      field, type a self IP address.
    2. In the
      Netmask
      field, type a network mask for the self IP address.
    3. For the
      Port Lockdown
      setting, retain the default value.
  2. In the
    Default Gateway
    field, type the IP address that you want to use as the default gateway to VLAN
    external
    .
  3. Specify the
    Floating IP
    setting:
    1. In the
      Address
      field, type a floating IP address.
      This address should be distinct from the address you type for the
      Self IP
      setting.
      If the BIG-IP device you are configuring is accessed using Amazon Web Services and the device needs to failover to a device group peer, use the second, Secondary Private IP address for the floating IP address.
    2. For the
      Port Lockdown
      setting, retain the default value.
  4. For the
    VLAN Tag ID
    setting, retain the default value,
    auto
    .
    This is the recommended value.
  5. For the
    Interfaces
    setting:
    1. From the
      Interface
      list, select an interface number.
    2. From the
      Tagging
      list, select
      Tagged
      or
      Untagged
      .
      Select
      Tagged
      when you want traffic for that interface to be tagged with a VLAN ID.
    3. Click
      Add
      .
  6. Click
    Next
    .
    This completes the configuration of the external self IP addresses and VLAN, and displays the screen for configuring the default VLAN
    HA
    .

Configuring the network for high availability

To configure a network for high availability, specify self IP addresses and settings for VLAN
HA
, which is the VLAN that the system will use for failover and connection mirroring.
  1. For the
    High Availability VLAN
    setting, retain the default value,
    Create VLAN HA
    .
  2. Specify the
    Self IP
    setting for VLAN
    HA
    :
    1. In the
      Address
      field, type a self IP address.
    2. In the
      Netmask
      field, type a network mask for the self IP address.
  3. For the
    VLAN Tag ID
    setting, retain the default value,
    auto
    .
    This is the recommended value.
  4. For the
    Interfaces
    setting,
    1. From the
      Interface
      list, select an interface number.
    2. From the
      Tagging
      list, select
      Untagged
      .
    3. Click
      Add
      .
  5. Click
    Next
    .
    This configures the self IP address and VLAN that the system will use for high availability and displays the default IP address that the system will use for configuration synchronization.

Configuring a ConfigSync address

Use this task to specify the address that you want the system to use for configuration synchronization.
  1. From the
    Local Address
    list, select a self IP address.
    Do not select a management IP address.
  2. Click
    Next
    .
    This displays the screen for configuring unicast and multicast failover addresses.

Configuring failover and mirroring addresses

Follow these task steps to specify the unicast IP addresses of the local device that you want the system to use for failover. Typically, you specify the self IP address for the local VLAN
HA
, as well as the IP address for the management port of the local device. If you are configuring a VIPRION system, configure a multicast failover address as well.
When configuring failover and mirroring IP addresses, you select addresses of the local device only. Later, during the process of device discovery, the two devices in the device group discover each other's addresses.
  1. Locate the Failover Unicast Configuration area of the screen.
  2. Under Local Address, confirm that there are entries for the self IP addresses that are assigned to the
    HA
    and
    internal
    VLANs and for the local management IP address for this device. If these entries are absent, click the
    Add
    button to add the missing entries to the list of Failover Unicast Addresses.
    1. For the
      Address
      setting, select the address for the VLAN you need to add (either
      HA
      or
      internal
      ).
    2. In the
      Port
      field, type a port number or retain the default port number,
      1026
      .
    3. Click
      Repeat
      to add additional self IP addresses, or click
      Finished
      .
    4. Repeat these steps to add a management IP address.
  3. Click
    Next
    .
  4. From the
    Primary Local Mirror Address
    list, retain the default value, which is the self IP address for VLAN
    HA
    .
  5. From the
    Secondary Local Mirror Address
    list, select the address for VLAN
    internal
    .
  6. Click
    Finished
    .
    This causes you to leave the Setup utility.

Discovering a peer device

You can use the Setup utility to discover a peer device for the purpose of exchanging failover and mirroring information.
  1. Under
    Standard Pair Configuration
    , click
    Next
    .
  2. If this is the first device of the pair that you are setting up, then under
    Configure Peer Device
    , click
    Finished
    .
    To activate device discovery, you must first run the Setup utility on the peer device.
  3. If this is the second device of the pair that you are setting up:
    1. Under
      Discover Configured Peer Device
      , click
      Next
      .
    2. Under
      Remote Device Credentials
      , specify the
      Management IP address
      ,
      Administrator Username
      , and
      Administrator Password
      .
    3. Click
      Retrieve Device Information
      .
  4. Click
    Finished
    .
After the second device has discovered the first device, the two devices have a trust relationship and constitute a two-member device group. Also, each device in the pair contains a default traffic group named
Traffic-Group-1
. By default, this traffic group contains the floating IP addresses that you defined for VLANs
internal
and
external
.