Manual Chapter : High Availability Fail-safe

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP APM

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP Analytics

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP Link Controller

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP LTM

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP PEM

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP AFM

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP DNS

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0

BIG-IP ASM

  • 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

High Availability Fail-safe

About system fail-safe

When you configure system fail-safe, the BIG-IP system monitors various hardware components, as well as the heartbeat of various system services, and can take action if the system detects a heartbeat failure.
You can configure the BIG-IP system to monitor the switch board component and then take some action if the BIG-IP system detects a failure. Using the BIG-IP Configuration utility, you can specify the action that you want the BIG-IP system to take when the component fails. The BIG-IP system can perform these actions:
  • Reboot the BIG-IP system.
  • Restart all system services.
  • Go offline.
  • Go offline and cancel the TMM service.
  • Fail over and restart TMM.

Configure system fail-safe

You can use the BIG-IP Configuration utility to configure system fail-safe for the BIG-IP system. You configure system fail-safe when you want the system to take a specific action when it detects either a switch board failure or a heartbeat failure on a particular system service.
  1. On the Main tab, click
    System
    High Availability
    Fail-safe
    System
    .
    The System screen opens.
  2. In the System Trigger Properties area, for the
    Switch Board Failure
    setting, select the action that you want the BIG-IP system to take in the event of a switch board component failure.
  3. If you want to configure a heartbeat failure action for one or more system services, then in the System Services area:
    1. In the Name column, click a service name.
    2. From the
      Heartbeat
      list, select
      Enabled
      .
    3. From the
      Heartbeat Failure Action
      list, select the action that you want the system to take when the system detects a heartbeat failure for the service.
    4. Repeat these steps for each service for which you want to configure a heartbeat failure action.
  4. Click
    Update
    .

About gateway fail-safe

One type of network failure detection is known as gateway fail-safe, which applies to redundant system configurations only.
Gateway fail-safe
monitors traffic between an active BIG-IP system in a device group and a pool containing a gateway router. You configure the gateway fail-safe feature if you want the BIG-IP system to take an action, such as fail over, when some number of gateway routers in a pool of routers becomes unreachable.
You can configure gateway fail-safe using the BIG-IP Configuration utility. Configuring gateway fail-safe means designating a pool of routers as a gateway fail-safe pool. When you designate a pool as a gateway fail-safe pool, you provide this information:
  • The name of the pool.
  • The name of a BIG-IP device in a device group (either the local device or any other device group member).
  • The minimum number of gateway pool members that must be available to avoid the designated action.
  • The action that the BIG-IP system should take when the number of available gateway pool members drops below the designated threshold. The default value is
    Failover
    .
After you configure gateway fail-safe, by specifying an action of
Failover
, the named BIG-IP device (and only that device) fails over to another device group member whenever the number of available pool members falls below the specified threshold.
The BIG-IP system only monitors the gateway pool assigned to the local device and does not monitor gateway pools assigned to peer devices. When viewing the status of a peer gateway pool, you will observe an unchecked status (a blue square in the BIG-IP Configuration utility).

Configure gateway fail-safe

Before you can configure gateway fail-safe, you must have already created a gateway pool for the BIG-IP system to use to forward traffic.
When you configure gateway fail-safe, the system monitors traffic between a specified BIG-IP device group member and the specified gateway pool. If the number of available pool members falls below the specified threshold, the system takes the specified action. You can use the BIG-IP Configuration utility to configure gateway fail-safe for the BIG-IP system.
  1. On the Main tab, click
    System
    High Availability
    Fail-safe
    Gateway
    .
    The Gateway screen opens.
  2. Click
    Add
    .
  3. In the Configuration area, for the
    Gateway Pool
    setting, select a pool to use as the gateway fail-safe pool.
  4. For the
    Device
    setting, select a device name.
  5. For the
    Threshold
    setting, specify the minimum number of gateway pool members that must be available.
    The system triggers the gateway fail-safe action if the threshold falls below this value.
  6. For the
    Action
    setting, select the action that the system takes if the threshold falls below the minimum available members.
  7. Click
    Finished
    .

About VLAN fail-safe

For maximum reliability, the BIG-IP system supports failure detection on all VLANs. When you configure the fail-safe option for a VLAN, the BIG-IP system monitors network traffic going through that VLAN. If the BIG-IP system detects a loss of traffic on the VLAN and the fail-safe timeout period has elapsed, the BIG-IP system attempts to generate traffic by issuing ARP requests to nodes accessible through the VLAN. The BIG-IP system also generates an ARP request for the default route, if the default router is accessible from the VLAN. Failover is averted if the BIG-IP system is able to send and receive any traffic on the VLAN, including a response to its ARP request.
For a redundant system configuration, if the BIG-IP system does not receive traffic on the VLAN before the timeout period expires, the system can initiate failover to another device group member, reboot, or restart all system services. For a single device configuration, the system can either reboot or restart all system services. The default action for both configurations is
Reboot
.
You should configure the fail-safe option on a VLAN only after the BIG-IP system is in a stable production environment. Otherwise, routine network changes might cause failover unnecessarily.
Each interface card installed on the BIG-IP system is typically mapped to one or more different VLANs. Thus, when you set the fail-safe option on a particular VLAN, you need to know the interface to which the VLAN is mapped. You can use the BIG-IP Configuration utility to view VLAN names and their associated interfaces.

Configure VLAN fail-safe

Before you can configure VLAN fail-safe, you must have already created a VLAN for the BIG-IP system.
You configure fail-safe for a specific VLAN when you want the system to monitor traffic for that VLAN. If the system detects no traffic on the VLAN after some number of seconds has elapsed, the system takes the specified action. You can use the BIG-IP Configuration utility to configure VLAN fail-safe.
  1. On the Main tab, click
    System
    High Availability
    Fail-safe
    VLANs
    .
    The VLANs screen opens.
  2. Click
    Add
    .
  3. In the Configuration area, for the
    VLAN
    setting, select a VLAN.
  4. For the
    Timeout
    setting, specify the number of seconds that a system can run without detecting network traffic on this VLAN before it takes the fail-safe action.
  5. For the
    Action
    setting, select the action that the system takes when it does not detect any traffic on this VLAN.
  6. Click
    Finished
    .