Applies To:
Show VersionsBIG-IP AAM
- 11.4.1, 11.4.0
BIG-IP APM
- 11.4.1, 11.4.0
BIG-IP GTM
- 11.4.1, 11.4.0
BIG-IP LTM
- 11.4.1, 11.4.0
BIG-IP AFM
- 11.4.1, 11.4.0
BIG-IP PSM
- 11.4.1, 11.4.0
BIG-IP ASM
- 11.4.1, 11.4.0
About configuration synchronization
Configuration synchronization (also known as config sync) is the operation that the BIG-IP system performs to propagate BIG-IP configuration changes to all devices in a device group. BIG-IP devices that contain the same configuration data can work in tandem to more efficiently process application traffic on the network.
If you want to exclude certain devices from config sync, you simply exclude them from membership in that particular device group.
You can sync some types of data on a global level across all BIG-IP devices, while syncing other data in a more granular way, on an individual application level to a subset of devices. For example, you can set up a large device group to sync resource and policy data (such as iRules and profiles) among all BIG-IP devices in a data center, while setting up a smaller device group for syncing application-specific data (such as virtual IP addresses) between the specific devices that are delivering those applications.
Whenever synchronization occurs, either automatically or manually, the BIG-IP system attempts to optimize performance by syncing only the data that changed since the last config sync operation.
About automatic and manual sync
You can configure the BIG-IP system to synchronization configuration data automatically, or you can manually initiate synchronization:
- Automatic
- Automatic synchronization (also known as auto sync) ensures that the BIG-IP system automatically synchronizes the configuration among device group members whenever you make a change to any one of those devices.
- Manual
- If you do not enable auto sync, you must manually synchronize the BIG-IP configuration among device group members to ensure that the devices remain in sync. With manual synchronization, the BIG-IP system notifies you whenever configuration data within the group has changed and therefore needs to be synchronized.
Enabling and disabling automatic sync
You can use the BIG-IP Configuration utility to enable or disable automatic synchronization for Sync-Failover and Sync-Only device groups. When you enable automatic synchronization, a BIG-IP device in the device group automatically synchronizes its configuration data to the other members of the device group whenever its configuration data changes.
By default, the BIG-IP system syncs only the data that changed since the previous sync, rather than the entire set of configuration data.
- On the Main tab, click .
- In the Group Name column, click the name of the relevant device group.
-
For the Automatic Sync setting, select or clear the
check box:
Action Result Select (Enable) Select the check box when you want the BIG-IP system to automatically sync configuration data to device group members whenever a change occurs. When you enable this setting, the BIG-IP system automatically syncs, but does not save, the configuration change on each device (this is the default behavior). To save the updated configuration on each device, you can log into each device and, at the tmsh prompt, type save sys config. Alternatively, you can change the default behavior so that the system automatically saves configuration changes on target devices after an automatic config sync. You make this change by logging into one of the devices in the device group and, at the tmsh prompt, typing modify cm trust-domain Root save-on-auto-sync true. Warning: Enabling the save-on-auto-sync option can unexpectedly impact system performance when the BIG-IP system automatically saves a large configuration change to each device.Clear (Disable) Clear the check box when you want to disable automatic sync. When this setting is disabled, you must manually initiate each config sync operation. F5 Networks recommends that you perform a config sync whenever configuration data changes on one of the devices in the device group. After you perform a manual config sync, the BIG-IP system automatically saves the configuration change on each device group member. - Click Update.
Manually synchronizing the BIG-IP configuration
- Compares the configuration data on the local device with the data on each device in the device group.
- Synchronizes the most recently-changed configuration data from one or more source devices to one or more target devices.
- Saves the synced configuration changes on each device group member.
About full and incremental sync
You can configure the BIG-IP system to perform either full or incremental synchronization operations whenever a config sync is required:
- Full
- When you enable full sync, the BIG-IP system syncs the entire set of BIG-IP configuration data whenever a config sync operation occurs.
- Incremental
- When you enable incremental sync, the BIG-IP system syncs only the changes that are more recent than those on the target device. The BIG-IP system accomplishes this by comparing the configuration data on each target device with the configuration data on the source device and then syncs the delta of each target-source pair. F5 networks recommends that you use incremental sync, for optimal performance. The incremental sync feature is a performance improvement feature and is the default value.
You can also configure the cache size for any configuration changes slated for incremental sync. (This applies to incremental sync only.) For example, using the default cache size value of 1024, if you make more than 1024 KB worth of incremental changes, the system performs a full synchronization operation. Using incremental synchronization operations can reduce the per-device sync/load time for configuration changes.
Enabling and disabling full sync
You can enable or disable full synchronization for Sync-Failover and Sync-Only device groups. When you enable full sync, the BIG-IP system syncs the entire set of configuration data whenever a sync operation occurs. When you disable full synchronization, the BIG-IP system performs incremental synchronization, which causes the system to sync only the changes that are more recent than the changes on the target device. The incremental sync feature is a performance improvement feature.
Specifying an IP address for config sync
Viewing config sync status for the local device
- Display any BIG-IP Configuration utility screen.
-
In the upper left corner of the screen, view the status of the device group:
- If the sync status is green (In Sync), the local device is synchronized with all device group members, and you do not need to perform a config sync operation.
- If the sync status is yellow (Changes Pending), the local device is out of sync with one or more device group members. You must therefore ensure that a config sync operation occurs for the local device. If the Automatic Sync setting is enabled for the device group, the BIG-IP system synchronizes the configuration automatically, and no user action is required.
- If the status pertains to config sync specifically, you can click on the status displays the Overview screen. Using this screen, you can view a detailed message about the status, as well as the status of each device group member.
- If the status pertains to an issue with device trust, you can click on the status displays the Device Trust screen. Using this screen, you can re-establish trust among all device group members or add devices to the trust domain.
Viewing config sync status for all device groups and members
Troubleshooting the config sync process
The BIG-IP Configuration utility displays a number of different statuses and messages to help you diagnose and correct a config sync problem. These statuses and messages pertain to both device groups and individual device group members.
Sync status for device groups
At all times, the BIG-IP system displays a specific sync status for each device group.
Color | Sync Status | Summary Message | Explanation and Recommended Action |
---|---|---|---|
Green | In Sync | All devices in the device group are in sync |
All devices in the device group contain the current configuration. Recommended action: None. |
Green | Standalone | None. |
The local trust domain contains one member only, which is the local device. Recommended action: None. You an optionally add other devices to the local trust domain. |
Blue | Awaiting Initial Sync | None. |
All devices have been recently added to the device group and are awaiting an initial config sync. Recommended action: Sync any one of the devices to the device group. |
Blue | Awaiting Initial Sync | Device_name1, device_name2, etc. awaiting the initial config sync |
One or more of the devices in the device group has either not yet synchronized its data to the device group members or has not yet received a sync from another member. Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the other devices. |
Green | Syncing | None. |
A sync operation is in progress. Recommended action: None. |
Yellow | Changes Pending | Changes Pending |
One or more devices in the device group has recent configuration changes that have not yet been synchronized to the other members of the device group. Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the device group. |
Yellow | Changes Pending | There is a possible change conflict between device_name1, device_name2, etc. |
There is a possible conflict among two or more devices because more than one device contains changes that have not been synchronized to the device group. Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the device group. |
Red | Not All Devices Synced | Device_name1, device_name2, etc. did not receive last sync successfully. |
One or more of the devices in the device group does not contain the most current configuration. Recommended action: View the individual sync status of each device group member, and then sync the device with the most current configuration to the device group. |
Red | Sync Failure | A validation error occurred while syncing to a remote device |
Because of a validation error, the named device was unable to accept a sync successfully. Recommended action: Review the error message and determine corrective action on the device. |
Blue | Unknown | The local device is not a member of the selected device group |
The device that you are logged into is not a member of the selected device group. Recommended action: Add the local device to the device group to view sync status for the device group. |
Blue | Unknown | Not logged into the primary cluster member |
The system cannot determine the sync status of the device group because you are logged in to a secondary cluster member instead of the primary cluster member. Pertains to VIPRION systems only. Recommended action: Log out and then log in to the primary cluster member, using the primary cluster IP address. |
Red | Unknown | Error in trust domain |
The trust relationships among devices in the device group are not properly established. Recommended action: On the local device, reset device trust and then re-add all relevant devices to the local trust domain. |
None. | None. | X devices with Y different configurations |
The configuration time for two or more devices in the device group differs from the configuration time of the other device group members. This condition causes one of these status messages to appear for each relevant device:
Recommended action: Identify a device with the most current configuration and sync the device to the device group. |
Sync status for device group members
At all times, the BIG-IP system displays a specific sync status for each device within a device group.
Color | Sync Status | Explanation and Recommended Action |
---|---|---|
Green | None. |
This status indicates one of the following conditions:
Recommended action: None. |
Blue | Awaiting Initial Sync |
This status indicates one of the following conditions:
Recommended action: Perform the appropriate type of config sync. |
Yellow | Changes Pending |
The device has recent configuration changes sync the last sync that have not yet been synchronized to the other members of the device group. Recommended action: Sync the device with the most recent configuration to the other members of the device group. |
Yellow | Awaiting Initial Sync with Changes Pending |
This status indicates one of the following conditions:
|
Red | Does not have the last synced configuration, and has changes pending |
The device received at least one sync previously but did not receive the last synced configuration, and the configuration on the device has changed since the last sync. Recommended action: Sync the device with the most recent configuration to this device. |
Red | Disconnected |
The local device does not recognize the disconnected device. Recommended actions:
|
Red | Device does not recognize membership in this group |
The device does not recognize that it is a member of the device group. Recommended action: Log into the relevant device and view the screens at to see if the device is a member of the device group. If not, add the device to the device group. |
Red | No config sync address has been specified for this device. |
The device does not have a config sync address. Recommended action: Log into the relevant device, and using the screen at , specify the IP address that you want remote devices to use to sync configuration data to the device. As a best practice, this address should be a non-floating self IP address associated with an internal VLAN. The address must either be on the same subnet as the other devices in the device group or have a route to that address defined on the other devices. |
Red | Does not have the last synced configuration |
The device previously received the configuration from other members of the device group but did not receive the last synced configuration. Recommended action: Sync the device group to the device. |
Advanced config sync properties for a device
A device in a device group has several advanced properties.
Property | Description |
---|---|
CID Originator | Commit ID originator. This indicates the source of the most recent change to the
configuration on the relevant device. More specifically, the CID originator is either:
|
CID Time | Commit ID time. This indicates either the last time that a user updated the configuration locally, or, if the configuration on the device was synced from a remote device group member, the actual time that the synced configuration change was made on that remote device. |
Last Sync Time | This is the last time that a sync was initiated or forced to or from the relevant device. |
Last Sync Type | This is the type of sync. Possible values are: Manual Full Load, Manual Incremental, and Automatic. |
LSS Originator | Last Successful Sync originator. This is the device that most recently performed a successful sync operation to the relevant device. |
LSS Time | This is the actual time that the synced configuration change was made on a remote device group member. Whenever a device in the device group syncs its configuration to the other device group members, the LSS time on each device is updated to reflect the Commit ID time of the configuration change on the device that initiated the sync operation. |