Applies To:
Show VersionsBIG-IP AAM
- 11.4.1, 11.4.0
BIG-IP APM
- 11.4.1, 11.4.0
BIG-IP GTM
- 11.4.1, 11.4.0
BIG-IP LTM
- 11.4.1, 11.4.0
BIG-IP AFM
- 11.4.1, 11.4.0
BIG-IP PSM
- 11.4.1, 11.4.0
BIG-IP ASM
- 11.4.1, 11.4.0
Introduction to failover
Failover within a device group means that one or more devices are available for the BIG-IP system to choose from to assume traffic processing for an off-line device. When you configure device service clustering (DSC) within the network, any device in a Sync-Failover device group can fail over one or more specific sets of application-related configuration objects to another device in a device group. This set of configuration objects is known as a floating traffic group. DSC failover gives you granular control of configuration objects that you want to include in failover operations.
If you want to exclude certain devices on the network from being peers in failover operations, you simply exclude them from membership in that particular device group.
About IP addresses for failover
Part of configuring a Sync-Failover device group is configuring failover. Configuring failover requires you to specify certain types of IP addresses on each device. Some of these IP addresses enable continual, high availability (HA) communication among devices in the device group, while other addresses ensure that application traffic processing continues uninterrupted when failover occurs.
The types of IP addresses that you need to specify on each device are:
- A local, static self IP address for VLAN HA
- This unicast self IP address is the main address that other devices in the device group use to communicate continually with the local device to assess the health of that device. When a device in the device group fails to receive a response from the local device, the BIG-IP system triggers failover.
- A local management IP address
- This unicast management IP address serves the same purpose as the static self IP address for VLAN HA, but is only used when the local device is unreachable through the HA static self IP address.
- One or more floating IP addresses associated with a traffic group
- These are the IP addresses that application traffic uses when passing through a BIG-IP system. Each traffic group on a device includes application-specific floating IP addresses as its members. Typical traffic group members are: floating self IP addresses, virtual addresses, NAT or SNAT translation addresses, and IP addresses associated with an iApp application service. When a device with active traffic groups becomes unavailable, each of the active traffic groups becomes active on another device in the device group. This ensures that application traffic processing continues with little to no interruption.
Specifying IP addresses for failover communication
About traffic groups
A traffic group is a collection of related configuration objects, such as a floating self IP address, a virtual IP address, and a SNAT translation address, that run on a BIG-IP device. Together, these objects process a particular type of application traffic on that device. When a BIG-IP device becomes unavailable, a traffic group floats (that is, fails over) to another device in a device group to ensure that application traffic continues to be processed with little to no interruption in service. In general, a traffic group ensures that when a device becomes unavailable, all of the failover objects in the traffic group fail over to any one of the available devices in the device group.
A traffic group is initially active on the device on which you create it, until the traffic group fails over to another device. For example, if you initially create three traffic groups on Device A, these traffic groups remain active on Device A until one or more traffic groups fail over to another device. If you want an active traffic group to become active on a different device in the device group when failover has not occurred, you can intentionally force the traffic group to switch to a standby state, thereby causing failover to another device.
Only objects with floating IP addresses can be members of a traffic group.
An example of a set of objects in a traffic group is an iApps application service. If a device with this traffic group is a member of a device group, and the device becomes unavailable, the traffic group floats to another member of the device group, and that member becomes the device that processes the application traffic.
Failover objects and traffic group association
Any traffic group that you explicitly create on the BIG-IP system is a floating traffic group. The types of configuration objects that you can associate with a floating traffic group are:
- Virtual IP addresses
- NATs
- SNAT translation addresses
- Self IP addresses
- Folders (such as an iApps folder)
You can associate configuration objects with a traffic group in these ways:
- You can rely on the folders in which the objects reside to inherit the traffic group that you assign to the root folder.
- You can use the BIG-IP Configuration utility to directly associate a traffic group with an iApp application service, a virtual IP address, a NAT or SNAT translation address, or a floating self IP address.
- You can use the BIG-IP Configuration utility to directly associate a traffic group with a folder.
Pre-configured traffic groups
Each BIG-IP device contains two pre-configured traffic groups:
- A floating traffic group named traffic-group-1 initially contains the floating self IP addresses that you configured for VLANs internal and external, as well as any iApps application services, virtual IP addresses, NATs, or SNAT translation addresses that you have configured on the device.
- A non-floating traffic group named traffic-group-local-only contains the static self IP addresses that you configured for VLANs internal and external. This traffic group never fails over to another device.
Before you configure a traffic group
The following considerations apply to traffic groups:
- On each device in a Sync-Failover device group, the BIG-IP system automatically assigns the default floating traffic group name to the root and /Common folders.
- The BIG-IP system creates all traffic groups in the /Common folder, regardless of the partition to which the system is currently set.
- Any traffic group named other than traffic-group-local-only is a floating traffic group.
- You can specify a floating traffic group on a folder only when the device group that is set on the folder is a Sync-Failover type of device-group.
- You can set a floating traffic group on only those objects that reside in a folder with a device group of type Sync-Failover.
- Setting the traffic group on a failover object to traffic-group-local-only prevents the system from synchronizing that object to other devices in the device group.
Creating a traffic group
Perform this task when you want to create a traffic group for a BIG-IP device. You can perform this task on any BIG-IP device within the device group, and the traffic group becomes active on the local device.
Adding members to a traffic group
You perform this task to add members to a newly-created or existing traffic group. Traffic group members are the floating IP addresses associated with application traffic passing through the BIG-IP system. Typical members of a traffic group are: a floating self IP address, a floating virtual address, and a floating SNAT translation address.
Viewing a list of traffic groups for a device
- On the Main tab, click .
- In the Name column, view the names of the traffic groups on the local device.
Viewing the members of a traffic group
Traffic group properties
This table lists and describes the properties of a traffic group.
Property | Description |
---|---|
Name | The name of the traffic group, such as Traffic-Group-1. |
Partition / Path | The name of the folder or sub-folder in which the traffic group resides. |
Description | A user-defined description of the traffic group. |
Current Device | The device on which a traffic group is currently running. |
Next-Active Device | The device currently most available to accept a traffic group if failover of that traffic group should occur. |
Traffic Load | A numeric value representing the application traffic load of this traffic group relative to other active traffic groups on the same device. |
MAC Masquerade Address | A user-created MAC address that floats on failover, to minimize ARP communications and dropped connections. |
Auto Failback | The condition where the traffic group tries to fail back to the first device in the ordered failover list, when that device (and that device only) is available. |
Auto Failback Timeout | The number of seconds before auto failback expires. This setting appear only when you enable the Auto Failback setting. |
Failover Order | An ordered list of devices that the BIG-IP system uses to determine the next-active device for the traffic group. |
Active and standby states
During any config sync operation, each traffic group within a device group is synchronized to the other device group members. Therefore, on each device, a particular traffic group is in either an active state or a standby state. In an active state, a traffic group on a device processes application traffic. In a standby state, a traffic group on a device is idle.
For example, on Device A, traffic-group-1 might be active, and on Device B, traffic-group-1 might be standby. Similarly, on Device B, traffic-group-2 might be active, and on Device A, traffic-group-2 might be standby.
When a device with an active traffic group becomes unavailable, the traffic group floats to (that is, becomes active on) another device. The BIG-IP system chooses the target device based on how you initially configured the traffic group when you created it. Note that the term floats means that on the target device, the traffic group switches from a standby state to an active state.
When Device A comes back online, the traffic group becomes standby on Device A.
Viewing the failover state of a device
- Display any screen of the BIG-IP Configuration utility.
- In the upper left corner of the screen, view the failover state of the device.
Viewing the state of a traffic group
- On the Main tab, click .
- In the Failover Status area of the screen, view the state of all traffic groups on the device.
Forcing a traffic group to a standby state
Performing this task causes the selected traffic group on the local device to switch to a Standby state. By forcing the traffic group into a Standby state, the traffic group becomes active on another device in the device group. For device groups with more than two members, you can choose the specific device to which the traffic group fails over.
About active-standby vs. active-active configurations
A device group that contains only one traffic group is known as an active-standby configuration.
A device group that contains two or more traffic groups is known as an active-active configuration. For example, if you configure multiple virtual IP addresses on the BIG-IP system to process traffic for different applications, you might want to create separate traffic groups that each contains a virtual IP address and its relevant floating self IP address. You can then choose to make all of the traffic groups active on one device in the device group, or you can balance the traffic group load by making some of the traffic groups active on other devices in the device group.
Description of current and next-active devices
Within a Sync-Failover type of device group, a BIG-IP device sometimes has a specific designation with respect to a traffic group: either a current device or a next-active device.
Designation | Description |
---|---|
Current Device | A current device is the device on which a traffic group is currently active. For example, if Device A is currently processing traffic using the objects in Traffic-Group-1, then Device A is the current device. If Device A becomes unavailable and Traffic-Group-1 fails over to Device C, then Device C becomes the current device. |
Next-Active Device | A next-active device is the device on which a traffic group will become active if that traffic group eventually fails over to another device. For every active traffic group, the BIG-IP system assigns a corresponding next-active device. The next-active device for a traffic group is system-selected, based on criteria you specify when you configure the traffic group. |
About the next-active device
For every active traffic group on a device, the BIG-IP system identifies the device that is to be the next-active device if failover of that active traffic group occurs. A next-active device is the device on which a traffic group will become active if that traffic group eventually fails over to another device. This next-active designation can change continually depending on which devices are currently available in the device group.
There are two ways that you can affect the BIG-IP system's selection of the next-active device for failover. You can either:
- Configure a feature known as load-aware failover
- Create an ordered list of devices
What is load-aware failover?
Load-aware failover is a BIG-IP feature designed for use in a Sync-Failover device group. Configuring load-aware failover ensures that the traffic load on all devices in a device group is as equivalent as possible, factoring in any differences in device capacity and the amount of application traffic that traffic groups process on a device.
For example, suppose you have a heterogeneous three-member device group in which one device (Bigip_C) has twice the hardware capacity of the other two devices (Bigip_A and Bigip_B).
If the device group has four active traffic groups that each process the same amount of application traffic, then the load on all devices is equivalent when devices Bigip_A and Bigip_B each contain one active traffic group, while device Bigip_C contains two active traffic groups.
The BIG-IP system implements load-aware failover by calculating a numeric, current utilization score for each device, based on numeric values that you specify for each device and traffic group relative to the other devices and traffic groups in the device group. The system then uses this current utilization score to determine which device is the best device in the group to become the next-active device when failover occurs for a traffic group.
The overall result is that the traffic load on each device is as equivalent as possible in a relative way, that is, factoring in individual device capacity and application traffic load per traffic group.
About device utilization calculation
The BIG-IP system on each device performs a calculation to determine the device's current level of utilization. This utilization level indicates the ability for the device to be the next-active device in the event that an active traffic group on another device must fail over within a heterogeneous device group.
The calculation that the BIG-IP performs to determine the current utilization of a device is based on these factors:
- Device capacity
- A local device capacity relative to other device group members.
- Active local traffic groups
- The number of active traffic groups on the local device.
- Active remote traffic groups
- The number of remote active traffic groups for which the local device is the next-active device.
- A multiplying load factor for each active traffic group
- A multiplier value for each traffic group. The system uses this value to weight each active traffic group's traffic load compared to the traffic load of each of the other active traffic groups in the device group.
The BIG-IP system uses all of these factors to perform a calculation to determine, at any particular moment, a score for each device that represents the current utilization of that device. This utilization score indicates whether the BIG-IP system should, in its attempt to equalize traffic load on all devices, designate the device as a next-active device for an active traffic group on another device in the device group.
The calculation that the BIG-IP performs for each device is:
(The sum of local active traffic group loads + The sum of remote active traffic group loads) / device capacityAbout HA capacity
For each device in a BIG-IP device group, you can assign a high availability (HA) capacity value. An HA capacity value is a number that represents the relative processing capacity of that device compared to the other devices in a device group. Assigning different HA capacity values to the devices in the device group is useful when the device group contains heterogeneous hardware platforms.
For example, if the device group has two devices with equal capacity and a third device that has twice the capacity of each of the other two devices, then you can assign values of 2, 2, and 4, respectively. You can assign any number to represent the HA capacity, as long as the number reflects the device's relative capacity compared to the other devices in the device group.
Specifying the HA capacity of a device
You perform this task when you have more than one type of hardware platform in a device group and you want to configure load-aware failover. Load-aware failover ensures that the BIG-IP system can intelligently select the next-active device for each active traffic group in the device group when failover occurs. As part of configuring load-aware failover, you define an HA capacity to establish the amount of computing resource that the device provides relative to other devices in the device group.
About the HA load factor
For each traffic group on a BIG-IP device, you can assign an high availability (HA) load factor. An HA load factor is a number that represents the relative application traffic load that an active traffic group processes compared to other active traffic groups in the device group.
For example, if the device group has two active traffic groups, and one traffic group processes twice the amount of application traffic as the other, then you can assign values of 4 and 2, respectively. You can assign any number for the HA load factor, as long as the number reflects the traffic group's relative load compared to the other active traffic groups.
Specifying an HA load factor
About metrics for the HA load factor
User-specified values for the HA load factor can be based on different metrics. For example, suppose you have the three devices Bigip_A, Bigip_B, and Bigip_C, and each device has one active traffic group with an HA load factor of 2, 4, or 8 respectively. These values could indicate either of the following:
- If each traffic group contains one virtual address, then the sample factor values could indicate that the virtual server for Bigip_B processes twice the amount of traffic as that of Bigip_A, and the virtual server for Bigip_C processes twice the amount of traffic as that of Bigip_B.
- If the traffic group on Bigip_A contains one virtual address, the traffic group on Bigip_B contains two virtual addresses, and the traffic group on Bigip_C contains four virtual addresses, this could indicate that the virtual servers corresponding to those virtual addresses each process the same amount of traffic compared to the others.
Viewing an HA traffic factor summary
This tmsh output shows a sample device group with two members and a total of two traffic groups. The user has configured a traffic load value (HA traffic factor) of 1 for tg-1 and 4 for tg-2. Both devices are the same hardware platform and so have a relative HA capacity value set to 0 (not shown).
For each device, the BIG-IP system determines the overall utilization score by adding together the loads for the active traffic groups. Thus:
- For bigip_A, the system adds together traffic loads of 1 (for its active traffic group) and 4 (if tg-2 fails over to bigip_A).
- For bigip_B, the system adds together traffic loads of 4 (for its active traffic group) and 1 (if tg-1 fails over to bigip_B).
Examples of device utilization scores
The utilization scores that the BIG-IP system calculates for the devices in a device group vary depending on:
- The differences in hardware capacity of the device group members
- The application load on each traffic group
- The number of active traffic groups on each device
Homogeneous device group with equivalent traffic group loads
In this example, all devices are the same hardware platform, and all three active traffic groups process equivalent application traffic load. Because the load is equivalent for all three traffic groups, the configured HA load factor for each traffic group is the same (in this case, 1).
The device utilization that the BIG-IP system calculates in this example is the sum of the two traffic load values (one per active traffic group).
HA Capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
0 | Traffic-group-1 | 1 | Traffic-group-2 | 1 | 1 + 1 = 2 |
HA Capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
0 | Traffic-group-2 | 1 | Traffic-group-3 | 1 | 1 + 1 = 2 |
HA Capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
0 | Traffic-group-3 | 1 | Traffic-group-1 | 1 | 1 + 1 = 2 |
Homogeneous device group with disparate traffic group loads
In this example, all devices are the same hardware platform. Also, each user-specified traffic group load factor is defined simply as 1, 4, or 8, to indicate that traffic-group-2 processes four times the application load of traffic-group-1, and that traffic-group-3 processes twice the application load of traffic-group-2.
The device utilization that the BIG-IP system calculates in this example is the sum of the two traffic load values (one per active traffic group).
HA capacity | Active traffic group | Traffic load | Potential traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
0 | Traffic-group-1 | 1 | Traffic-group-2 | 4 | 1 + 4 = 5 |
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
0 | Traffic-group-2 | 4 | Traffic-group-3 | 8 | 4 + 8 = 12 |
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
0 | Traffic-group-3 | 8 | Traffic-group-1 | 1 | 8 + 1 = 9 |
This example shows that device Bigip_A is currently the least-used device, with a score of 5, while Bigip_B is the most used, with a score of 12. Therefore, the BIG-IP system would currently choose Bigip_A to receive failover traffic, to ensure that the application traffic load remains as equivalent as possible on all devices.
Heterogeneous device group with disparate traffic group loads
In this example, the load-aware configuration consists of a user-specified relative capacity for each device and a relative load for each active traffic group. The device group contains three heterogeneous devices, each with one active traffic group. Being different hardware platforms, the three devices each have a different user-specified relative device capacity, and each traffic group on a device has a different application traffic load.
The device utilization score that the BIG-IP system calculates in this example is the sum of two traffic load values on a device divided by the device capacity.
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
10 | Traffic-group-1 | 1 | Traffic-group-2 | 4 | 5/10 = .50 |
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
80 | Traffic-group-2 | 4 | Traffic-group-3 | 8 | 12/80 = .15 |
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
20 | Traffic-group-3 | 8 | Traffic-group-1 | 1 | 9/20 = .45 |
This example shows the results of the calculations that the BIG-IP system performs for each device in the device group. For each device, the BIG-IP system factors in the device capacity, the load of the device's active traffic group, and the load of the next-active traffic group, to determine the current utilization of that device. The example shows that device Bigip_B, with a utilization score of .15, has the most available resource, despite having the heaviest traffic load. This is due to the large device capacity of 80 that the user specified relative to the other devices. Bigip_B is therefore most able to accept failover traffic from another device.
Heterogeneous device group with multiple active traffic groups on a single device
In this example, the load-aware configuration consists of a user-specified relative high availability (HA) capacity for each device and relative load for each active traffic group. The device group contains three heterogeneous devices, where Bigip_A and Bigip_B currently have one active traffic group each, while Bigip_C has two active traffic groups. Being different hardware platforms, the three devices each have a different user-specified relative device capacity, and each traffic group has a different relative application traffic load.
The device utilization score that the BIG-IP system calculates in this example is the sum of all traffic load values on a device divided by the device capacity.
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
10 | Traffic-group-1 | 1 | Traffic-group-2 | 4 | 5/10 = .5 |
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
80 | Traffic-group-2 | 4 | Traffic-group-3 | 8 | 12/80 = .15 |
HA capacity | Active traffic group | Traffic load | Potential active traffic group | Traffic load | Device utilization score |
---|---|---|---|---|---|
20 | Traffic-group-3 and Traffic-group-4 | 8 and 6 | Traffic-group-1 | 1 | 15/20 = .75 |
This example shows the results of the calculations that the BIG-IP system performs for each device in the device group. The example shows that device Bigip_B has the most available resource due to its low utilization score of .15. Conversely, Bigip_C has the highest utilization score (.75), due to having an additional active traffic group (Traffic-group-4) on the device with a relatively high traffic load value (6). In this case, Bigip_C is unlikely to become the next-active device on failover.
About matching device utilization values
In rare cases, the BIG-IP system might calculate that two or more devices in a device group have the same lowest device utilization score. In this case, the BIG-IP system needs an additional method for choosing the next-active device for an active traffic group.
The way that the BIG-IP system chooses the next-active device when device utilization scores match is by determining the management IP address of each matching device and then calculating a score based on the highest management IP address of those devices.
For example, if Bigip_A has an IP address of 192.168.20.11 and Bigip_B has an IP address of 192.168.20.12, and their utilization scores match, the BIG-IP system calculates a score based on the address 192.168.20.12.
What is an ordered failover list?
If you do not want to use the load-aware feature to determine the next-active device for a traffic group, you can configure a traffic group to use a static, ordered list of devices instead. This list of devices specifies the order in which you want those devices to become active for the traffic group if the traffic group must fail over.
If failover occurs and the first device in the list is unavailable, the BIG-IP system tries to make the traffic group active on the second device in the list. If the second device is also unavailable, the BIG-IP system tries to make the traffic group active on the third device, and so on.
If you do not specify an ordered list or if none of the devices in the list is available, the BIG-IP system attempts to use load-aware failover to choose the next-active device.
Creating an ordered failover list
About auto-failback
The failover feature includes an option known as auto-failback. When you enable auto-failback, a traffic group that has failed over to another device fails back to a preferred device when that device is available. If you do not enable auto-failback for a traffic group, and the traffic group fails over to another device, the traffic group remains active on that device until that device becomes unavailable.
You can enable auto-failback on a traffic group only when you have configured an ordered list with at least one entry, for that traffic group. In this case, if auto-failback is enabled and the traffic group has failed over to another device, then the traffic group fails back to the first device in the traffic group's ordered list when that device becomes available.
Managing auto-failback
About MAC masquerade addresses
A MAC masquerade address is a unique, floating Media Access Control (MAC) address that you create and control. You can assign one MAC masquerade address to each traffic group on a BIG-IP device. By assigning a MAC masquerade address to a traffic group, you indirectly associate that address with any floating IP addresses (services) associated with that traffic group. With a MAC masquerade address per traffic group, a single VLAN can potentially carry traffic and services for multiple traffic groups, with each service having its own MAC masquerade address.
A primary purpose of a MAC masquerade address is to minimize ARP communications or dropped packets as a result of a failover event. A MAC masquerade address ensures that any traffic destined for the relevant traffic group reaches an available device after failover has occurred, because the MAC masquerade address floats to the available device along with the traffic group. Without a MAC masquerade address, on failover the sending host must relearn the MAC address for the newly-active device, either by sending an ARP request for the IP address for the traffic or by relying on the gratuitous ARP from the newly-active device to refresh its stale ARP entry.
The assignment of a MAC masquerade address to a traffic group is optional. Also, there is no requirement for a MAC masquerade address to reside in the same MAC address space as that of the BIG-IP device.