Applies To:Show Versions
BIG-IQ Centralized Management
Adding a Standby BIG-IQ to Create a High Availablity Auto Failover
Using BIG-IQ in a high availability configuration with auto failover
The BIG-IQ currently managing all BIG-IP devices.
The standby BIG-IQ that has the same configuration as the active BIG-IQ. The standby BIG-IQ automatically becomes active if the active BIG-IQ fails over.
A quorum data collection device (DCD) makes the deciding vote for which BIG-IQ will become active if communication is disrupted between the components of the BIG-IQ high availability configuration. If the quorum DCD is able to communicate with one of the BIG-IQ in the pair during the disruption, that BIG-IQ becomes active. The quorum DCD is not a peer BIG-IQ in an HA configuration.
Before you set up BIG-IQ in an HA configuration with auto failover enabled
- If you're using a floating IP address for your HA configuration, the active and standby BIG-IQ must be in the same data center and in the same broadcast domain to allow GARP LAN protocol to succeed. The quorum DCD can be elsewhere. When you use a floating IP address, the address can move from the active to the standby BIG-IQ if failover occurs.
- For failover to work properly, the following ports must be open on the active and standby BIG-IQ, as well as the quorum DCD: TCP port 2224, UDP port 5404, and UDP port 5405.
Add SSL certificates to the active BIG-IQ with SSL verification
enabled in an auto-failover HA configuration
- Save the BIG-IQ and DCD quorum public key certificates on your local system.
- At the top of the screen, clickSystem.
- On the left, clickSSL CERTIFICATION VERIFICATION.
- Click theImportbutton.
- From theImport Typelist, selectCertificate.
- In theNamebox, type a name for this BIG-IQ certificate.BIG-IQ stores and identifies this certificate by the name you specify here. Therefore, if the certificate you are importing is currently namedmycertificate.crt, but you when you import it you name itf5.crt, BIG-IQ renames the certificate as you specified, tof5.crt.
- Click theUpload Filebutton and navigate to the certificate.
- Repeat steps 4 - 8 to add the standby BIG-IQ system's certificate device to this active BIG-IQ system.
Add a standby BIG-IQ to create an HA configuration with auto failover
- At the top of the screen, clickSystem.
- On the left, clickBIG-IQ HA.
- Click theAdd Standbybutton.
- In theIP Addressfield, type the discovery address you want to set up as the standby BIG-IQ.This is the same IP address the peers in a high availability configuration use to communicate.
- Type the local administrativeUsernameandPasswordfor the system.
- Type theRoot Passwordfor the system.
- For theFailover setting, selectAuto Failover.For auto failover to work, you must have the following ports open on the active and standby BIG-IQ as well as the quorum DCD.
- TCP port 2224
- UDP port 5404
- UDP port 5405
- For auto failover, you must associate a quorum DCD. If you do not have a DCD set up, click theSet Up Quorum Devicebutton to specify the DCD you want to use. If you've already have a Quorum DCD for auto failover, select it from the list and type itsRoot Password.
- If you do not have a DCD set up, click theSet Up Quorum Devicebutton to specify the DCD you want to use.
- you already have a Quorum DCD for auto failover, select it from the list and type itsRoot Password.
- If you want BIG-IQ to use a floating IP address when automatically failing over to the standby BIG-IQ, select theEnable Floating IPEnablecheck box and type the address.The floating IP address must be on the same network segment as the local management address (interface eth0) of the BIG-IQ systems in the HA configuration, and not any of the discovery addresses (self IP addresses). This does not restrict HA traffic; HA traffic can be on any of the available interfaces.Floating IP addresses are not supported if your BIG-IQ active and standby systems in an HA pair are in a public cloud environment, such as AWS, Azure, or VMware.If you choose not to use a floating IP address and the active BIG-IQ fails over, you'll have to provide all users access to the newly active BIG-IQ by providing the IP address.
- Click theAddbutton to add this device to this high availability configuration.