F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Device Service Clustering: Administration
  3. Managing Configuration Synchronization
Manual Chapter : Managing Configuration Synchronization

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP Analytics

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP Link Controller

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP LTM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP PEM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP DNS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP ASM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Managing Configuration Synchronization

About configuration synchronization

Configuration synchronization
 (also known as
config sync
) is the operation that the BIG-IP system performs to propagate BIG-IP configuration changes, including device trust information, to all devices in a device group. BIG-IP devices that contain the same configuration data can work in tandem to more efficiently process application traffic on the network.
If you want to exclude certain devices from config sync, you simply exclude them from membership in that particular device group.
You can sync some types of data on a global level across all BIG-IP devices, while syncing other data in a more granular way, on an individual application level to a subset of devices. For example, you can set up a large device group to sync resource and policy data (such as iRules and profiles) among all BIG-IP devices in a data center, while setting up a smaller device group for syncing application-specific data (such as virtual IP addresses) between the specific devices that are delivering those applications.
Whenever synchronization occurs, either automatically or manually, the BIG-IP system attempts to optimize performance by syncing only the data that changed since the last config sync operation.
To synchronize configuration data among device group members, all members must be running the same version of the BIG-IP system software.

Specifying an IP address for config sync

Before configuring the config sync address, verify that all devices in the device group are running the same version of BIG-IP system software.
You perform this task to specify the IP address on the local device that other devices in the device group will use to synchronize their configuration objects to the local device.
You must perform this task locally on each device in the device group.
  1. Confirm that you are logged in to the device you want to configure.
  2. On the Main tab, click
    Device Management
    Devices
    .
    This displays a list of device objects discovered by the local device.
  3. In the Name column, click the name of the device to which you are currently logged in.
  4. Near the top of the screen, click
    ConfigSync
    .
  5. From the
    Local Address
     list, retain the displayed IP address or select another address from the list.
    F5 Networks recommends that you use the default value, which is the self IP address for the internal VLAN. This address must be a non-floating (static) self IP address and not a management IP address.
    If the BIG-IP device you are configuring is accessed using Amazon Web Services, then the internal self IP address that you select must be an internal private IP address that you configured for this EC2 instance as the
    Local Address
    .
  6. Click
    Update
    .
After performing this task, the other devices in the device group can synchronize their configurations to the local device whenever a sync operation is initiated.

Viewing config sync status for the local device

You can use the BIG-IP Configuration utility to view the config sync status of the local device relative to the other members of the device group. If you have configured the device group for manual synchronization, you can use the config sync status information to determine whether you need to perform a manual sync operation.
  1. Display any BIG-IP Configuration utility screen.
  2. In the upper left corner of the screen, view the status of the device group:
    • If the sync status is green (
      In Sync
      ), the local device is synchronized with all device group members, and you do not need to perform a config sync operation.
    • If the sync status is yellow (
      Changes Pending
      ), the BIG-IP configuration on the local device is out of sync with one or more device group members, or device trust is not fully established. You must therefore ensure that a config sync operation occurs for the relevant device group. If the
      Automatic Sync
       setting is enabled for the device group, the BIG-IP system synchronizes the configuration automatically, and no user action is required.
For more details, you can click the status, which displays the Overview screen. Using this screen, you can view a detailed message about the status, as well as the status of each device group member.

Viewing config sync status for all device groups and members

You can use the BIG-IP Configuration utility to view the config sync status of any device group and each of its members, including the special Sync-Only device group for device trust. If the
Automatic Sync
 setting is disabled for a device group, you can use the config sync status information to determine whether you need to do a manual sync operation.
  1. On the Main tab, click
    Device Management
    Overview
    .
  2. In the Device Groups area of the screen, click the arrow next to the name of the relevant device group.
    The screen expands to show a summary and details of the sync status of the selected device group, as well as a list of the individual devices within the device group.
  3. In the Devices area of the screen, view the sync status of each device:
    • If all devices show a sync status of green, the configurations of all device members are synchronized, and you do not need to perform a config sync operation. Here is a sample Overview screen showing a status of
      In Sync
      :
    • If any device shows a sync status of
      Changes Pending
      , you must synchronize the configuration on that device to the other members of the device group. Here is a sample Overview screen showing a status of
      Changes Pending
      :
    A status of
    Changes Pending
     for a device indicates that the device contains recent configuration changes that have not yet been synchronized to the other members of the device group.

Manually synchronizing the BIG-IP configuration

Before you perform this task, verify that device trust has been established and that all devices that you want to synchronize are members of a device group.
You perform this task when the automatic sync feature is disabled and you want to manually synchronize BIG-IP configuration data among the devices in the device group. This synchronization ensures that any device in the device group can process application traffic successfully. You can determine the need to perform this task by viewing sync status in the upper left corner of any BIG-IP Configuration utility screen. A status of
Changes Pending
 indicates that you need to perform a config sync within the device group.
You can log into any device in the device group to perform this task.
  1. On the Main tab, click
    Device Management
    Overview
    .
  2. In the Device Groups area of the screen, click the arrow next to the name of the relevant device group.
    The screen expands to show a summary and details of the sync status of the selected device group, as well as a list of the individual devices within the device group.
  3. In the Devices area of the screen, choose a device.
  4. In the Sync Options area of the screen, choose an option:
    Option
    Description
    Push the selected device configuration to the group
    Select this option when you want to synchronize the configuration of the selected device to the other device group members.
    Pull the most recent configuration to the selected device
    Select this option when you want to synchronize the most recent configurations of one or more device group members to the selected device.
  5. Click
    Sync
    .
After you initiate a manual config sync, the BIG-IP system compares the configuration data on the local device with the data on each device in the device group, and synchronizes the most recently-changed configuration data from one or more source devices to one or more target devices. Note that the system does not synchronize non-floating self IP addresses.

About automatic vs. manual sync

You can configure the BIG-IP system to synchronization configuration data automatically, or you can manually initiate synchronization:
Automatic
Automatic synchronization (also known as
auto sync
) ensures that the BIG-IP system automatically synchronizes the configuration among device group members whenever you make a change to any one of those devices.
Manual
If you do not enable auto sync, you must manually synchronize the BIG-IP configuration among device group members to ensure that the devices remain in sync. With manual synchronization, the BIG-IP system notifies you whenever configuration data within the group has changed and therefore needs to be synchronized.

Enabling and disabling automatic sync

You can use the BIG-IP Configuration utility to enable or disable automatic synchronization for device groups. When you enable automatic synchronization, a BIG-IP device in the device group automatically synchronizes its configuration data to the other members of the device group whenever its configuration data changes.
By default, the BIG-IP system syncs only the data that changed since the previous sync, rather than the entire set of configuration data.
  1. On the Main tab, click
    Device Management
    Device Groups
    .
  2. In the Group Name column, click the name of the relevant device group.
  3. For the
    Automatic Sync
     setting, select or clear the check box:
    Action
    Result
    Select (Enable)
    Select the check box when you want the BIG-IP system to automatically sync configuration data to device group members whenever a change occurs. When you enable this setting, the BIG-IP system automatically syncs, but does not save, the configuration change on each device (this is the default behavior). To save the updated configuration on each device, you can log in to each device and, at the
    tmsh
     prompt, type
    save sys config
    . Alternatively, you can change the default behavior so that the system automatically saves configuration changes on target devices after an automatic config sync. You make this change by logging in to one of the devices in the device group and, at the
    tmsh
     prompt, typing
    modify cm device-group
    name
     save-on-auto-sync true
    .
    Enabling the
    save-on-auto-sync
     option can unexpectedly impact system performance when the BIG-IP system automatically saves a large configuration change to each device.
    Automatically saving configuration changes on target devices can provide a best practice for synchronizing configuration changes throughout a device group; however, in some instances, there is a potential to lose changes made on a local device while a remote peer device in the device group is rebooting. To prevent the possibility of an older configuration on a remote peer device from overwriting the latest changed configuration on a local device, complete the following steps.
    1. Disable automatic sync on all device groups that include the local device with the latest changed configuration.
    2. Reboot the remote peer device. The device group indicates changes pending.
    3. Change an object, such as the device description, on the local device if it appears in all device groups, or on a local device in each device group.
    4. Manually sync the device group to each local device.
    5. Enable automatic sync on all device groups.
    Clear (Disable)
    Clear the check box when you want to disable automatic sync. When this setting is disabled, you must manually initiate each config sync operation. We recommend that you perform a config sync whenever configuration data changes on one of the devices in the device group. After you perform a manual config sync, the BIG-IP system automatically saves the configuration change on each device group member.
  4. Click
    Update
    .
After you enable automatic sync, the BIG-IP system automatically syncs future configuration changes to each device group member.
Whenever an automatic sync operation occurs, you must log in to each device group member and use the Traffic Management shell to save the configuration on the device. An alternative is to configure the tmsh
save-on-auto-sync
 option for the device group.

About full vs. incremental sync

You can configure the BIG-IP system to perform either full or incremental synchronization operations whenever a config sync is required:
Full
When you enable
full sync
, the BIG-IP system syncs the entire set of BIG-IP configuration data whenever a config sync operation occurs. You can only do a full sync operation if you have enabled manual sync; Full sync operations are not available when automatic sync is enabled.
Incremental
When you enable
incremental sync
, the BIG-IP system syncs only the changes that are more recent than those on the target device. The BIG-IP system accomplishes this by comparing the commit ID and configuration changes, and then applying the delta. F5 networks recommends that you use incremental sync, for optimal performance. The incremental sync feature is a performance improvement feature and is the default value. You can use incremental sync with either automatic or manual sync operations.
You can also configure the cache size for any configuration changes slated for incremental sync. (This applies to incremental sync only.) For example, using the default cache size value of
1024
, if you make more than 1024 KB worth of incremental changes, the system performs a full synchronization operation. Using incremental synchronization operations can reduce the per-device sync/load time for configuration changes.

Enabling and disabling full sync

You can enable or disable full synchronization for device groups. When you enable
full sync
, the BIG-IP system syncs the entire set of configuration data whenever a sync operation occurs. When you disable full synchronization, the BIG-IP system performs
incremental synchronization
, which causes the system to sync only the changes that are more recent than the changes on the target device. The incremental sync feature is a performance improvement feature.
  1. On the Main tab, click
    Device Management
    Device Groups
    .
  2. In the Group Name column, click the name of the relevant device group.
  3. For the
    Full Sync
     setting, specify whether the system synchronizes the entire configuration during synchronization operations:
    • Select the check box when you want all sync operations to be full syncs. In this case, every time a config sync operation occurs, the BIG-IP system synchronizes all configuration data associated with the device group. This setting has a performance impact and is not recommended for most customers.
    • Clear the check box when you want all sync operations to be incremental (the default setting). In this case, the BIG-IP system syncs only the changes that are more recent than those on the target device. When you select this option, the BIG-IP system compares the configuration data on each target device with the configuration data on the source device and then syncs the delta of each target-source pair.
    If you enable incremental synchronization, the BIG-IP system might occasionally perform a full sync for internal reasons. This is a rare occurrence and no user intervention is required.
  4. Click
    Update
    .
After you configure this feature, the BIG-IP system performs either a full or an incremental sync whenever a sync operation occurs.

Troubleshooting the config sync process

The BIG-IP® Configuration utility displays a number of different statuses and messages to help you diagnose and correct a config sync problem. These statuses and messages pertain to both device groups and individual device group members.

Sync status for device groups

At all times, the BIG-IP system displays a specific sync status for each device group.
Possible sync status for device groups
Sync Status
Summary Message
Explanation and Recommended Action
In Sync
All devices in the device group are in sync
All devices in the device group contain the current configuration.
Recommended action: None.
Standalone
None.
The local trust domain contains one member only, which is the local device.
Recommended action: None. You an optionally add other devices to the local trust domain.
Awaiting Initial Sync
The device group is awaiting the initial config sync.
All devices have been recently added to the device group and are awaiting an initial config sync.
Recommended action: Sync any one of the devices to the device group.
Awaiting Initial Sync
Device_name1
,
device_name2
, etc. awaiting the initial config sync
One or more of the devices in the device group has either not yet synchronized its data to the device group members or has not yet received a sync from another member.
Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the other devices.
Syncing
None.
A sync operation is in progress.
Recommended action: None.
Changes Pending
Changes Pending
One or more devices in the device group has recent configuration changes that have not yet been synchronized to the other members of the device group.
Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the device group.
Changes Pending
There is a possible change conflict between
device_name1
,
device_name2
, etc.
There is a possible conflict among two or more devices because more than one device contains changes that have not been synchronized to the device group.
Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the device group.
Not All Devices Synced
Device_name1
,
device_name2
, etc. did not receive last sync successfully.
One or more of the devices in the device group does not contain the most current configuration.
Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the device group.
Sync Failure
A validation error occurred while syncing to a remote device
Because of a validation error, the named device was unable to accept a sync successfully.
Recommended action: Review the
/var/log/ltm
 file on the affected device.
Unknown
The local device is not a member of the selected device group
The device that you are logged into is not a member of the selected device group.
Recommended action: Add the local device to the device group to view sync status for the device group.
Unknown
Not logged into the primary cluster member
The system cannot determine the sync status of the device group because you are logged in to a secondary cluster member instead of the primary cluster member. Pertains to VIPRION systems only.
Recommended action: Log out and then log in to the primary cluster member, using the primary cluster IP address.
Unknown
Error in trust domain
The trust relationships among devices in the device group are not properly established.
Recommended action: On the local device, reset device trust and then re-add all relevant devices to the local trust domain.
None.
X
 devices with
Y
 different configurations
The configuration time for two or more devices in the device group differs from the configuration time of the other device group members. This condition causes one of these status messages to appear for each relevant device:
  • Device_name
     awaiting initial config sync
  • Device_name
     made last configuration change on
    date_time
Recommended action: Identify a device with the most current configuration and sync the device to the device group.

Sync status for device group members

At all times, the BIG-IP system displays a specific sync status for each device within a device group.
Possible sync status for individual devices
Sync Status
Explanation and Recommended Action
Awaiting Initial Sync
The local device is waiting for the initial ConfigSync. The device has not received a sync frm another device and has no configuration changes to be synced to other members of the device group.
Recommended action: Determine the device that has the latest or most desired configuration and sync the configuration from that device.
Changes Pending
The device has recent configuration changes that have not been synced to other device group members.
Recommended action: Sync the device with the most recent configuration to the other members of the device group.
Awaiting Initial Sync with Changes Pending
This status indicates one of the following conditions:
  • The configuration on the device has changed since the device joined the device group.
    Recommended action: Sync the device to the device group.
  • The device has not yet received a sync from another device but has configuration changes to be synced to other members of the device group.
    Recommended action: Sync the device with the most recent configuration to this device.
Does not have the last synced configuration, and has changes pending
The device received at least one sync previously but did not receive the last synced configuration, and the configuration on the device has changed since the last sync.
Recommended action: Determine the device that has the latest or most desired configuration and sync the configuration from that device.
Disconnected
The iQuery communication channel between the devices was terminated or disrupted. This may be a result of one of the following:
  • The disconnected device is not a member of the local trust domain.
  • The disconnected device does not have network access to one or more device group members.
Recommended actions:
  • View the screens at
    Device Management
    Device Trust
    to see if the disconnected device is a member of the local trust domain, and if not, add the device to the domain.
  • Use the screen at
    Device Management
    Devices
     to view the specified config sync address of the disconnected device and determine whether the local device has a route to that address.

Advanced config sync properties for a device

A device in a device group has several advanced properties.
Property
Description
Current Commit Time
Indicates either the last time that a user updated the configuration locally, or, if the configuration on the device was synced from a remote device group member, the actual time that the synced configuration change was made on that remote device.
Current Commit Originator
Indicates the source of the most recent change to the configuration on the relevant device. More specifically, the CID originator is either:
  • The relevant device itself (due to locally-made changes)
  • Another device in the device group that synchronized a change to the relevant device
Previous Commit Time
Indicates the actual time that the synced configuration change was made on a remote device group member. Whenever a device in the device group syncs its configuration to the other device group members, the LSS time on each device is updated to reflect the Commit ID time of the configuration change on the device that initiated the sync operation.
Previous Commit Originator
Indicates the device that most recently performed a successful sync operation to the relevant device.
Device Last Sync Time
Indicates the last time that a sync was initiated or forced to or from the relevant device.
Device Last Sync Type
Indicates the type of sync. Possible values are:
Manual Full Load
,
Manual Incremental
, and
Automatic
.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information