Manual Chapter :
Creating an Active-Standby Configuration Using the Setup Utility
Applies To:
Show Versions
BIG-IP AAM
- 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP APM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP Analytics
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP Link Controller
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP LTM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP PEM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP AFM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP DNS
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP ASM
- 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Creating an Active-Standby Configuration Using the Setup Utility
Overview: Creating a basic active-standby configuration
This implementation describes how to use the Setup utility to configure two new BIG-IP® devices that function as an active-standby pair. An
active-standby pair
is a pair of BIG-IP devices configured so that one device is
actively processing traffic while the other device remains ready to take over if failover occurs.
The two devices synchronize their configuration data and can fail over to one another in the
event that one of the devices becomes unavailable.The same version of BIG-IP system software must be running on all devices
in the device group.
First, you run the Setup utility on each device to configure base network components (that is,
a management port, administrative passwords, and the default VLANs and their associated self IP
addresses). Continue running it on each device to establish a trust relationship between the two
devices, and create a Sync-Failover type of device group that contains two member devices.
After the Setup utility is run on both devices, each device contains the default traffic group
that the BIG-IP system automatically created during setup. A
traffic group
represents a set of configuration objects (such as floating self IP addresses and virtual IP
addresses) that process application traffic. This traffic group actively processes traffic on one
of the two devices, making that device the active device. When failover occurs, the traffic group
becomes active on (that is, floats to) the peer BIG-IP device.By default, the traffic group contains the floating self IP addresses of the default VLANs.
Whenever you create additional configuration objects such as self IP addresses, virtual IP
addresses, and SNATs, the system automatically adds these objects to the default traffic
group.
Licensing and provisioning the BIG-IP system
Using the Setup utility, you can activate the license and provision the BIG-IP system.
- From a workstation attached to the network on which you configured the management interface, type the following URL syntax where<management_IP_address>is the address you configured for device management:https://<management_IP_address>
- At the login prompt, type the default user nameadmin, and passwordadmin, and clickLog in.The Setup utility screen opens.
- ClickNext.
- ClickActivate.The License screen opens.
- In theBase Registration Keyfield, paste the registration key.
- ClickNextand follow the process for licensing and provisioning the system.When you perform the licensing task so that you can run the F5 cloud ADC, you can accept the default provisioning values.
- ClickNext.This displays the screen for configuring general properties and user administration settings.
The BIG-IP system license is now activated, and the relevant BIG-IP modules are provisioned.
Configuring a device certificate
Import or verify the certificate for the BIG-IP device.
- Do one of the following:
- ClickImport, import a certificate, clickImport, and then clickNext.
- Verify the displayed information for the certificate and clickNext.
Configuring the
management port and administrative user accounts
Configure the management port, time zone, and the administrative user names and passwords.
- On the screen for configuring general properties, for theManagement Port Configurationsetting, selectManual.
- For theManagement Port 1setting, specify an IP address, network mask, and default gateway.You can leave theManagement Port 2setting blank.
- In theHost Namefield, type a fully-qualified domain name (FQDN) for the system.The FQDN can consist of letters, numbers, and/or the characters underscore ( _ ), dash ( - ), or period ( . ).
- For theHost IP Addresssetting, retain the default valueUse Management Port IP Address.
- From theTime Zonelist, select a time zone.The time zone you select typically reflects the location of the F5 system.
- For theRoot Accountsetting, type and confirm a password for therootaccount.Therootaccount provides console access only.
- For theAdmin Accountsetting, type and confirm a password.Typing a password for theadminaccount causes the system to terminate the login session. When this happens, log in to the F5 Configuration utility again, using the new password. The system returns to the appropriate screen in the Setup utility.
- For theSSH Accesssetting, select or clear the check box.
- ClickNext.
- In the Standard Network Configuration area of the screen, clickNext.This displays the screen for enabling configuration synchronization and high availability.
Enabling ConfigSync and high availability
When you perform this task, you set up config sync and connection mirroring, and
you can specify the failover method (network, serial, or both).
- For theConfig Syncsetting, select theDisplay configuration synchronization optionscheck box.This causes an additional ConfigSync screen to be displayed later.
- For theHigh Availabilitysetting, select theDisplay failover and mirroring optionscheck box.This displays theFailover Methodlist and causes additional failover screens to be displayed later.
- From theFailover Methodlist, selectNetwork and serial cable.If you have a VIPRION system, selectNetwork.
- ClickNext.This displays the screen for configuring the default VLANinternal.
Configuring the
internal network
You can use the Setup utility to specify self IP
addresses and settings for a VLAN on the BIG-IP internal network. The default VLAN for
the internal network is named
internal
.- Specify theSelf IPsetting for the internal network:
- In theAddressfield, type a self IP address.
- In theNetmaskfield, type a network mask for the self IP address.
- For thePort Lockdownsetting, retain the default value.
- Specify theFloating IPsetting:
- In theAddressfield, type a floating IP address.This address should be distinct from the address you type for theSelf IPsetting.If the BIG-IP device you are configuring is accessed using Amazon Web Services and the device needs to failover to a device group peer, use the second, Secondary Private IP address for the floating IP address.
- For thePort Lockdownsetting, retain the default value.
- For theVLAN Tag IDsetting, retain the default value,auto.This is the recommended value.
- For theInterfacessetting:
- From theInterfacelist, select an interface number.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- ClickAdd.
- ClickNext.This completes the configuration of the internal self IP addresses and VLAN, and displays the screen for configuring the default VLANexternal.
Configuring the
external network
You can use the Setup utility to specify self IP
addresses and settings for a VLAN on the BIG-IP external network. The default VLAN for
the external network is named
external
.- Specify theSelf IPsetting for the external network:
- In theAddressfield, type a self IP address.
- In theNetmaskfield, type a network mask for the self IP address.
- For thePort Lockdownsetting, retain the default value.
- In theDefault Gatewayfield, type the IP address that you want to use as the default gateway to VLANexternal.
- Specify theFloating IPsetting:
- In theAddressfield, type a floating IP address.This address should be distinct from the address you type for theSelf IPsetting.If the BIG-IP device you are configuring is accessed using Amazon Web Services and the device needs to failover to a device group peer, use the second, Secondary Private IP address for the floating IP address.
- For thePort Lockdownsetting, retain the default value.
- For theVLAN Tag IDsetting, retain the default value,auto.This is the recommended value.
- For theInterfacessetting:
- From theInterfacelist, select an interface number.
- From theTagginglist, selectTaggedorUntagged.SelectTaggedwhen you want traffic for that interface to be tagged with a VLAN ID.
- ClickAdd.
- ClickNext.This completes the configuration of the external self IP addresses and VLAN, and displays the screen for configuring the default VLANHA.
Configuring the
network for high availability
To configure a network for high availability,
specify self IP addresses and settings for VLAN
HA
, which is the VLAN that the system
will use for failover and connection mirroring. - For theHigh Availability VLANsetting, retain the default value,Create VLAN HA.
- Specify theSelf IPsetting for VLANHA:
- In theAddressfield, type a self IP address.
- In theNetmaskfield, type a network mask for the self IP address.
- For theVLAN Tag IDsetting, retain the default value,auto.This is the recommended value.
- For theInterfacessetting,
- From theInterfacelist, select an interface number.
- From theTagginglist, selectUntagged.
- ClickAdd.
- ClickNext.This configures the self IP address and VLAN that the system will use for high availability and displays the default IP address that the system will use for configuration synchronization.
Configuring a
ConfigSync address
Use this task to specify the address that you
want the system to use for configuration synchronization.
- From theLocal Addresslist, select a self IP address.Do not select a management IP address.
- ClickNext.This displays the screen for configuring unicast and multicast failover addresses.
Configuring
failover and mirroring addresses
Follow these task steps to specify the unicast IP
addresses of the local device that you want the system to use for failover. Typically,
you specify the self IP address for the local VLAN
HA
, as well as the IP address for the
management port of the local device. If you are configuring a VIPRION system, configure
a multicast failover address as well. When
configuring failover and mirroring IP addresses, you select addresses of the local
device only. Later, during the process of device discovery, the two devices in the
device group discover each other's addresses.
- Locate the Failover Unicast Configuration area of the screen.
- Under Local Address, confirm that there are entries for the self IP addresses that are assigned to theHAandinternalVLANs and for the local management IP address for this device. If these entries are absent, click theAddbutton to add the missing entries to the list of Failover Unicast Addresses.
- For theAddresssetting, select the address for the VLAN you need to add (eitherHAorinternal).
- In thePortfield, type a port number or retain the default port number,1026.
- ClickRepeatto add additional self IP addresses, or clickFinished.
- Repeat these steps to add a management IP address.
- ClickNext.
- From thePrimary Local Mirror Addresslist, retain the default value, which is the self IP address for VLANHA.
- From theSecondary Local Mirror Addresslist, select the address for VLANinternal.
- ClickFinished.This causes you to leave the Setup utility.
Discovering a peer device
You can use the Setup utility to discover a peer device for the purpose of exchanging
failover and mirroring information.
- UnderStandard Pair Configuration, clickNext.
- If this is the first device of the pair that you are setting up, then underConfigure Peer Device, clickFinished.To activate device discovery, you must first run the Setup utility on the peer device.
- If this is the second device of the pair that you are setting up:
- UnderDiscover Configured Peer Device, clickNext.
- UnderRemote Device Credentials, specify theManagement IP address,Administrator Username, andAdministrator Password.
- ClickRetrieve Device Information.
- ClickFinished.
After the second device has discovered the first device, the two devices have a
trust relationship and constitute a two-member device group. Also, each device in the
pair contains a default traffic group named
Traffic-Group-1
. By
default, this traffic group contains the floating IP addresses that you defined for
VLANs internal
and external
.