Manual Chapter : Managing Failover

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 11.4.1, 11.4.0

BIG-IP APM

  • 11.4.1, 11.4.0

BIG-IP GTM

  • 11.4.1, 11.4.0

BIG-IP LTM

  • 11.4.1, 11.4.0

BIG-IP AFM

  • 11.4.1, 11.4.0

BIG-IP PSM

  • 11.4.1, 11.4.0

BIG-IP ASM

  • 11.4.1, 11.4.0
Manual Chapter

Introduction to failover

Failover within a device group means that one or more devices are available for the BIG-IP system to choose from to assume traffic processing for an off-line device. When you configure device service clustering (DSC) within the network, any device in a Sync-Failover device group can fail over one or more specific sets of application-related configuration objects to another device in a device group. This set of configuration objects is known as a floating traffic group. DSC failover gives you granular control of configuration objects that you want to include in failover operations.

If you want to exclude certain devices on the network from being peers in failover operations, you simply exclude them from membership in that particular device group.

About IP addresses for failover

Part of configuring a Sync-Failover device group is configuring failover. Configuring failover requires you to specify certain types of IP addresses on each device. Some of these IP addresses enable continual, high availability (HA) communication among devices in the device group, while other addresses ensure that application traffic processing continues uninterrupted when failover occurs.

The types of IP addresses that you need to specify on each device are:

A local, static self IP address for VLAN HA
This unicast self IP address is the main address that other devices in the device group use to communicate continually with the local device to assess the health of that device. When a device in the device group fails to receive a response from the local device, the BIG-IP system triggers failover.
A local management IP address
This unicast management IP address serves the same purpose as the static self IP address for VLAN HA, but is only used when the local device is unreachable through the HA static self IP address.
One or more floating IP addresses associated with a traffic group
These are the IP addresses that application traffic uses when passing through a BIG-IP system. Each traffic group on a device includes application-specific floating IP addresses as its members. Typical traffic group members are: floating self IP addresses, virtual addresses, NAT or SNAT translation addresses, and IP addresses associated with an iApp application service. When a device with active traffic groups becomes unavailable, each of the active traffic groups becomes active on another device in the device group. This ensures that application traffic processing continues with little to no interruption.

Specifying IP addresses for failover communication

You typically perform this task during initial Device Service Clustering (DSC) configuration, to specify the local IP addresses that you want other devices in the device group to use for continuous health-assessment communication with the local device. You must perform this task locally on each device in the device group.
Note: The IP addresses that you specify must belong to route domain 0.
  1. Confirm that you are logged in to the actual device you want to configure.
  2. On the Main tab, click Device Management > Devices. This displays a list of device objects discovered by the local device.
  3. In the Name column, click the name of the device to which you are currently logged in.
  4. From the Device Connectivity menu, choose Failover.
  5. For the Failover Unicast Configuration settings, click Add for each IP address on this device that other devices in the device group can use to exchange failover messages with this device. The unicast IP addresses you specify depend on the type of device:
    Platform Action
    Non-VIPRION Type a self IP address associated with an internal VLAN (preferably VLAN HA) and the management IP address for the device.
    VIPRION without vCMP Type the self IP address for an internal VLAN (preferably VLAN HA) and the management IP addresses for all slots in the VIPRION cluster. Note that if you also configure a multicast address (using the Use Failover Multicast Address setting), then these management IP addresses are not required.
    VIPRION with vCMP Type a self IP address that is defined on the guest and associated with an internal VLAN on the host (preferably VLAN HA). You must also specify the management IP addresses for all of the slots configured for the guest. Note that if you also configure a multicast address (using the Use Failover Multicast Address setting), then these management IP addresses are not required.
  6. To enable the use of a failover multicast address on a VIPRION platform (recommended), then for the Use Failover Multicast Address setting, select the Enabled check box.
  7. If you enabled Use Failover Multicast Address, either accept the default Address and Port values, or specify values appropriate for the device. If you revise the default Address and Port values, but then decide to revert to the default values, click Reset Defaults.
  8. Click Update.
After you perform this task, other devices in the device group can send failover messages to the local device using the specified IP addresses.

About traffic groups

A traffic group is a collection of related configuration objects, such as a floating self IP address, a virtual IP address, and a SNAT translation address, that run on a BIG-IP device. Together, these objects process a particular type of application traffic on that device. When a BIG-IP device becomes unavailable, a traffic group floats (that is, fails over) to another device in a device group to ensure that application traffic continues to be processed with little to no interruption in service. In general, a traffic group ensures that when a device becomes unavailable, all of the failover objects in the traffic group fail over to any one of the available devices in the device group.

A traffic group is initially active on the device on which you create it, until the traffic group fails over to another device. For example, if you initially create three traffic groups on Device A, these traffic groups remain active on Device A until one or more traffic groups fail over to another device. If you want an active traffic group to become active on a different device in the device group when failover has not occurred, you can intentionally force the traffic group to switch to a standby state, thereby causing failover to another device.

Only objects with floating IP addresses can be members of a traffic group.

An example of a set of objects in a traffic group is an iApps application service. If a device with this traffic group is a member of a device group, and the device becomes unavailable, the traffic group floats to another member of the device group, and that member becomes the device that processes the application traffic.

Note: A Sync-Failover device group can support a maximum of 15 floating traffic groups.

Failover objects and traffic group association

Any traffic group that you explicitly create on the BIG-IP system is a floating traffic group. The types of configuration objects that you can associate with a floating traffic group are:

  • Virtual IP addresses
  • NATs
  • SNAT translation addresses
  • Self IP addresses
  • Folders (such as an iApps folder)

You can associate configuration objects with a traffic group in these ways:

  • You can rely on the folders in which the objects reside to inherit the traffic group that you assign to the root folder.
  • You can use the BIG-IP Configuration utility to directly associate a traffic group with an iApp application service, a virtual IP address, a NAT or SNAT translation address, or a floating self IP address.
  • You can use the BIG-IP Configuration utility to directly associate a traffic group with a folder.
Important: By default, floating objects that you create with the BIG-IP Configuration utility are associated with traffic-group-1. Non-floating objects are associated with traffic-group-local-only. You can change these associations by using the BIG-IP Configuration utility to change the traffic group that is associated with each floating IP address on the system.
Note: The only non-floating traffic group that resides on the system is the default non-floating traffic group named traffic-group-local-only.

Pre-configured traffic groups

Each BIG-IP device contains two pre-configured traffic groups:

  • A floating traffic group named traffic-group-1 initially contains the floating self IP addresses that you configured for VLANs internal and external, as well as any iApps application services, virtual IP addresses, NATs, or SNAT translation addresses that you have configured on the device.
  • A non-floating traffic group named traffic-group-local-only contains the static self IP addresses that you configured for VLANs internal and external. This traffic group never fails over to another device.

Before you configure a traffic group

The following considerations apply to traffic groups:

  • On each device in a Sync-Failover device group, the BIG-IP system automatically assigns the default floating traffic group name to the root and /Common folders.
  • The BIG-IP system creates all traffic groups in the /Common folder, regardless of the partition to which the system is currently set.
  • Any traffic group named other than traffic-group-local-only is a floating traffic group.
  • You can specify a floating traffic group on a folder only when the device group that is set on the folder is a Sync-Failover type of device-group.
  • You can set a floating traffic group on only those objects that reside in a folder with a device group of type Sync-Failover.
  • Setting the traffic group on a failover object to traffic-group-local-only prevents the system from synchronizing that object to other devices in the device group.

Creating a traffic group

If you intend to specify a MAC masquerade address when creating a traffic group, you must first create the address, using an industry-standard method for creating a locally administered MAC address.

Perform this task when you want to create a traffic group for a BIG-IP device. You can perform this task on any BIG-IP device within the device group, and the traffic group becomes active on the local device.

Important: This procedure creates a traffic group but does not automatically associate it with failover objects. You associate a traffic group with specific failover objects when you create or modify each object.
  1. On the Main tab, click Device Management > Traffic Groups.
  2. On the Traffic Group List screen, click Create.
  3. In the Name field, type a name for the new traffic group.
  4. In the Description field, type a description for the new traffic group.
  5. In the HA Load Factor field, specify a value that represents the application load for this traffic group relative to other active traffic groups on the local device. The BIG-IP system ignores this setting if you configure the Failover Order setting, unless all devices in the Failover Order list are currently unavailable. In this case, the system uses the HA Load Factor setting to determine the next active device for this traffic group.
    Important: If you configure this setting, you must configure the setting on every traffic group in the device group.
  6. In the MAC Masquerade Address field, type a MAC masquerade address. When you specify a MAC masquerade address, you reduce the risk of dropped connections when failover occurs. This setting is optional.
  7. Select or clear the check box for the Auto Failback option.
    • Select the check box to cause the traffic group, after failover, to become active on the first device in the traffic group's ordered list, when that device (and only that device) is available.
    • Clear the check box to cause the traffic group, after failover, to remain active on its current device until failover occurs again.
    You can enable auto-failback only when you configure the Failover Order setting.
  8. If auto-failback is enabled, in the Auto Failback Timeout field, type the number of seconds that you want the system to wait before failing back to the default device. The range is from 0 to 300 seconds. The default is 60. A value of 40 to 60 seconds allows for state mirroring information to be re-mirrored for traffic groups.
  9. For the Failover Order setting, in the Available box, select a device name and using the Move button, move the device name to the Enabled box. Repeat for each device that you want to include in the ordered list. This setting is optional. Only devices that are members of the relevant Sync-Failover device group are available for inclusion in the ordered list. If auto-failback is enabled and the first device in the Failover Order list is unavailable, no auto-failback occurs and the traffic group continues to run on the current device. Also, if none of the devices in the list is currently available when failover occurs, the BIG-IP system ignores the Failover Order setting and performs load-aware failover instead, using the HA Load Factor setting.
  10. Confirm that the displayed traffic group settings are correct.
  11. Click Finished.
You now have a floating traffic group with zero members.
After creating the traffic group, you must add members to it. Possible members are floating IP addresses such as self IP addresses, virtual addresses, NAT or SNAT translation addresses, and iApp application services. Also, if you want the traffic group to become active on a device other than this local device, you can use the Force to Standby button. By forcing the traffic group into a standby state on the local device, you cause the traffic group to become active on another device.

Adding members to a traffic group

Before performing this task, verify that the traffic group exists on the BIG-IP system.

You perform this task to add members to a newly-created or existing traffic group. Traffic group members are the floating IP addresses associated with application traffic passing through the BIG-IP system. Typical members of a traffic group are: a floating self IP address, a floating virtual address, and a floating SNAT translation address.

  1. From the Main tab, display the properties page for an existing BIG-IP object, such as a self IP address or a virtual address. For example, from the Main tab, click Network > Self IPs, and then from the Self IPs list, click a self IP address.
  2. From the Traffic Group list, select the floating traffic group that you want the BIG-IP object to join.
  3. Click Update.
After performing this task, the BIG-IP object belongs to the selected traffic group.
Repeat this task for each BIG-IP object that you want to be a member of the traffic group.

Viewing a list of traffic groups for a device

You can view a list of traffic groups for the device group. Using this list, you can add floating IP addresses to a traffic group, force a traffic group into a Standby state, and view information such as the current and next-active devices for a traffic group and its HA load factor.
  1. On the Main tab, click Device Management > Traffic Groups.
  2. In the Name column, view the names of the traffic groups on the local device.

Viewing the members of a traffic group

You can use the BIG-IP Configuration utility to view a list of all failover objects associated with a specific traffic group. For each failover object, the list shows the name of the object, the type of object, and the folder in which the object resides.
  1. On the Main tab, click Device Management > Traffic Groups.
  2. In the Name column, click the name of the traffic group for which you want to view the associated objects. This displays a list of all failover objects for the traffic group.

Traffic group properties

This table lists and describes the properties of a traffic group.

Property Description
Name The name of the traffic group, such as Traffic-Group-1.
Partition / Path The name of the folder or sub-folder in which the traffic group resides.
Description A user-defined description of the traffic group.
Current Device The device on which a traffic group is currently running.
Next-Active Device The device currently most available to accept a traffic group if failover of that traffic group should occur.
Traffic Load A numeric value representing the application traffic load of this traffic group relative to other active traffic groups on the same device.
MAC Masquerade Address A user-created MAC address that floats on failover, to minimize ARP communications and dropped connections.
Auto Failback The condition where the traffic group tries to fail back to the first device in the ordered failover list, when that device (and that device only) is available.
Auto Failback Timeout The number of seconds before auto failback expires. This setting appear only when you enable the Auto Failback setting.
Failover Order An ordered list of devices that the BIG-IP system uses to determine the next-active device for the traffic group.

Active and standby states

During any config sync operation, each traffic group within a device group is synchronized to the other device group members. Therefore, on each device, a particular traffic group is in either an active state or a standby state. In an active state, a traffic group on a device processes application traffic. In a standby state, a traffic group on a device is idle.

For example, on Device A, traffic-group-1 might be active, and on Device B, traffic-group-1 might be standby. Similarly, on Device B, traffic-group-2 might be active, and on Device A, traffic-group-2 might be standby.

When a device with an active traffic group becomes unavailable, the traffic group floats to (that is, becomes active on) another device. The BIG-IP system chooses the target device based on how you initially configured the traffic group when you created it. Note that the term floats means that on the target device, the traffic group switches from a standby state to an active state.

The following illustration shows a typical device group configuration with two devices and one traffic group (named my_traffic_group). In this illustration, the traffic group is active on Device A and standby on Device B prior to failover.
Traffic group states before failover Traffic group states before failover
If failover occurs, the traffic group becomes active on the other device. In the following illustration, Device A has become unavailable, causing the traffic group to become active on Device B and process traffic on that device.
Traffic group states after failover Traffic group states after failover

When Device A comes back online, the traffic group becomes standby on Device A.

Viewing the failover state of a device

You can use the BIG-IP Configuration utility to view the current failover state of a device in a device group. An Active failover state indicates that at least one traffic group is currently active on the device. A Standby failover state indicates that all traffic groups on the device are in a Standby state.
  1. Display any screen of the BIG-IP Configuration utility.
  2. In the upper left corner of the screen, view the failover state of the device.

Viewing the state of a traffic group

You can use the BIG-IP Configuration utility to view the current state of all traffic groups on the device.
  1. On the Main tab, click Device Management > Traffic Groups.
  2. In the Failover Status area of the screen, view the state of all traffic groups on the device.

Forcing a traffic group to a standby state

Performing this task causes the selected traffic group on the local device to switch to a Standby state. By forcing the traffic group into a Standby state, the traffic group becomes active on another device in the device group. For device groups with more than two members, you can choose the specific device to which the traffic group fails over.

  1. Log in to the device on which the traffic group is currently active.
  2. On the Main tab, click Device Management > Traffic Groups.
  3. In the Name column, locate the name of the traffic group that you want to run on the peer device.
  4. Select the check box to the left of the traffic group name. If the check box is unavailable, the traffic group is not active on the device to which you are currently logged in. Perform this task on the device on which the traffic group is active.
  5. Click Force to Standby. This displays target device options.
  6. Choose one of these actions:
    • If the device group has two members only, click Force to Standby. This displays the list of traffic groups for the device group and causes the local device to appear in the Next Active Device column.
    • If the device group has more than two members, then from the Target Device list, select a value and click Force to Standby.
The selected traffic group is now in a standby state on the local device and active on another device in the device group.

About active-standby vs. active-active configurations

A device group that contains only one traffic group is known as an active-standby configuration.

A device group that contains two or more traffic groups is known as an active-active configuration. For example, if you configure multiple virtual IP addresses on the BIG-IP system to process traffic for different applications, you might want to create separate traffic groups that each contains a virtual IP address and its relevant floating self IP address. You can then choose to make all of the traffic groups active on one device in the device group, or you can balance the traffic group load by making some of the traffic groups active on other devices in the device group.

Description of current and next-active devices

Within a Sync-Failover type of device group, a BIG-IP device sometimes has a specific designation with respect to a traffic group: either a current device or a next-active device.

Table 1. Current and next-active devices described
Designation Description
Current Device A current device is the device on which a traffic group is currently active. For example, if Device A is currently processing traffic using the objects in Traffic-Group-1, then Device A is the current device. If Device A becomes unavailable and Traffic-Group-1 fails over to Device C, then Device C becomes the current device.
Next-Active Device A next-active device is the device on which a traffic group will become active if that traffic group eventually fails over to another device. For every active traffic group, the BIG-IP system assigns a corresponding next-active device. The next-active device for a traffic group is system-selected, based on criteria you specify when you configure the traffic group.

About the next-active device

For every active traffic group on a device, the BIG-IP system identifies the device that is to be the next-active device if failover of that active traffic group occurs. A next-active device is the device on which a traffic group will become active if that traffic group eventually fails over to another device. This next-active designation can change continually depending on which devices are currently available in the device group.

There are two ways that you can affect the BIG-IP system's selection of the next-active device for failover. You can either:

  • Configure a feature known as load-aware failover
  • Create an ordered list of devices

What is load-aware failover?

Load-aware failover is a BIG-IP feature designed for use in a Sync-Failover device group. Configuring load-aware failover ensures that the traffic load on all devices in a device group is as equivalent as possible, factoring in any differences in device capacity and the amount of application traffic that traffic groups process on a device.

For example, suppose you have a heterogeneous three-member device group in which one device (Bigip_C) has twice the hardware capacity of the other two devices (Bigip_A and Bigip_B).

If the device group has four active traffic groups that each process the same amount of application traffic, then the load on all devices is equivalent when devices Bigip_A and Bigip_B each contain one active traffic group, while device Bigip_C contains two active traffic groups.

The BIG-IP system implements load-aware failover by calculating a numeric, current utilization score for each device, based on numeric values that you specify for each device and traffic group relative to the other devices and traffic groups in the device group. The system then uses this current utilization score to determine which device is the best device in the group to become the next-active device when failover occurs for a traffic group.

The overall result is that the traffic load on each device is as equivalent as possible in a relative way, that is, factoring in individual device capacity and application traffic load per traffic group.

About device utilization calculation

The BIG-IP system on each device performs a calculation to determine the device's current level of utilization. This utilization level indicates the ability for the device to be the next-active device in the event that an active traffic group on another device must fail over within a heterogeneous device group.

The calculation that the BIG-IP performs to determine the current utilization of a device is based on these factors:

Device capacity
A local device capacity relative to other device group members.
Active local traffic groups
The number of active traffic groups on the local device.
Active remote traffic groups
The number of remote active traffic groups for which the local device is the next-active device.
A multiplying load factor for each active traffic group
A multiplier value for each traffic group. The system uses this value to weight each active traffic group's traffic load compared to the traffic load of each of the other active traffic groups in the device group.

The BIG-IP system uses all of these factors to perform a calculation to determine, at any particular moment, a score for each device that represents the current utilization of that device. This utilization score indicates whether the BIG-IP system should, in its attempt to equalize traffic load on all devices, designate the device as a next-active device for an active traffic group on another device in the device group.

The calculation that the BIG-IP performs for each device is:

(The sum of local active traffic group loads + The sum of remote active traffic group loads) / device capacity

About HA capacity

For each device in a BIG-IP device group, you can assign a high availability (HA) capacity value. An HA capacity value is a number that represents the relative processing capacity of that device compared to the other devices in a device group. Assigning different HA capacity values to the devices in the device group is useful when the device group contains heterogeneous hardware platforms.

For example, if the device group has two devices with equal capacity and a third device that has twice the capacity of each of the other two devices, then you can assign values of 2, 2, and 4, respectively. You can assign any number to represent the HA capacity, as long as the number reflects the device's relative capacity compared to the other devices in the device group.

Specifying the HA capacity of a device
Before you perform this task, verify that this device is a member of a device group and that the device group contains three or more devices.

You perform this task when you have more than one type of hardware platform in a device group and you want to configure load-aware failover. Load-aware failover ensures that the BIG-IP system can intelligently select the next-active device for each active traffic group in the device group when failover occurs. As part of configuring load-aware failover, you define an HA capacity to establish the amount of computing resource that the device provides relative to other devices in the device group.

Note: If all devices in the device group are the same hardware platform, you can skip this task.
  1. On the Main tab, click Device Management > Devices. This displays a list of device objects discovered by the local device.
  2. In the Name column, click the name of the device for which you want to view properties. This displays a table of properties for the device.
  3. In the HA Capacity field, type a relative numeric value. You need to configure this setting only when you have varying types of hardware platforms in a device group and you want to configure load-aware failover. The value you specify represents the relative capacity of the device to process application traffic compared to the other devices in the device group.
    Important: If you configure this setting, you must configure the setting on every device in the device group.
    If this device has half the capacity of a second device and a third of the capacity of a third device in the device group, you can specify a value of 100 for this device, 200 for the second device, and 300 for the third device. When choosing the next active device for a traffic group, the system considers the capacity that you specified for this device.
  4. Click Update.
After you perform this task, the BIG-IP system uses the HA Capacity value to calculate the current utilization of the local device, to determine the next-active device for failover of other traffic groups in the device group.

About the HA load factor

For each traffic group on a BIG-IP device, you can assign an high availability (HA) load factor. An HA load factor is a number that represents the relative application traffic load that an active traffic group processes compared to other active traffic groups in the device group.

For example, if the device group has two active traffic groups, and one traffic group processes twice the amount of application traffic as the other, then you can assign values of 4 and 2, respectively. You can assign any number for the HA load factor, as long as the number reflects the traffic group's relative load compared to the other active traffic groups.

Specifying an HA load factor
You perform this task when you want to configure load-aware failover. Load-aware failover ensures that the BIG-IP system can intelligently select the next-active device for each active traffic group in the device group when failover occurs. As part of configuring load-aware failover, you define an application traffic load (HA load factor) for a traffic group, to establish the amount of computing resource that an active traffic group uses relative to other active traffic groups.
  1. On the Main tab, click Device Management > Traffic Groups.
  2. In the Name column, click the name of a traffic group on the local device. This displays the properties of the traffic group.
  3. In the HA Load Factor field, specify a value that represents the application load for this traffic group relative to other active traffic groups on the local device. The BIG-IP system ignores this setting if you configure the Failover Order setting, unless all devices in the Failover Order list are currently unavailable. In this case, the system uses the HA Load Factor setting to determine the next active device for this traffic group.
    Important: If you configure this setting, you must configure the setting on every traffic group in the device group.
  4. Click Update.
After performing this task, the BIG-IP system uses the HA Load Factor value as a factor in calculating the current utilization of the local device, to determine whether this device should be the next-active device for failover of other traffic groups in the device group.
About metrics for the HA load factor

User-specified values for the HA load factor can be based on different metrics. For example, suppose you have the three devices Bigip_A, Bigip_B, and Bigip_C, and each device has one active traffic group with an HA load factor of 2, 4, or 8 respectively. These values could indicate either of the following:

  • If each traffic group contains one virtual address, then the sample factor values could indicate that the virtual server for Bigip_B processes twice the amount of traffic as that of Bigip_A, and the virtual server for Bigip_C processes twice the amount of traffic as that of Bigip_B.
  • If the traffic group on Bigip_A contains one virtual address, the traffic group on Bigip_B contains two virtual addresses, and the traffic group on Bigip_C contains four virtual addresses, this could indicate that the virtual servers corresponding to those virtual addresses each process the same amount of traffic compared to the others.

Viewing an HA traffic factor summary

Before performing this task, verify that you have configured load-aware failover for the Sync-Failover device group.
You can perform this task to view statistics about load-aware failover. More specifically, you can view the specified traffic load (HA traffic factor) for each traffic group on a current device and for each traffic group on a next-active device.
  1. Open a console window on a device in the Sync-Failover device group.
  2. At the tmsh command line prompt, type this command: tmsh show cm traffic-group all-properties Name Device Status Next Load Next Times Last Active Active Became Became Load Active Active tg-1 bigip_B standby true - 1 0 - tg-1 bigip_A active false 1 - 4 15:57:24 tg-2 bigip_B active false 4 - 1 11:11:45 tg-2 bigip_A standby true - 4 1 11:08:49 tg-local-only

This tmsh output shows a sample device group with two members and a total of two traffic groups. The user has configured a traffic load value (HA traffic factor) of 1 for tg-1 and 4 for tg-2. Both devices are the same hardware platform and so have a relative HA capacity value set to 0 (not shown).

For each device, the BIG-IP system determines the overall utilization score by adding together the loads for the active traffic groups. Thus:

  • For bigip_A, the system adds together traffic loads of 1 (for its active traffic group) and 4 (if tg-2 fails over to bigip_A).
  • For bigip_B, the system adds together traffic loads of 4 (for its active traffic group) and 1 (if tg-1 fails over to bigip_B).
In this example, because there are only two devices with one active traffic group each, the two devices have the same utilization score (not shown), which is 5.

Examples of device utilization scores

The utilization scores that the BIG-IP system calculates for the devices in a device group vary depending on:

  • The differences in hardware capacity of the device group members
  • The application load on each traffic group
  • The number of active traffic groups on each device
Homogeneous device group with equivalent traffic group loads

In this example, all devices are the same hardware platform, and all three active traffic groups process equivalent application traffic load. Because the load is equivalent for all three traffic groups, the configured HA load factor for each traffic group is the same (in this case, 1).

The device utilization that the BIG-IP system calculates in this example is the sum of the two traffic load values (one per active traffic group).

Table 2. Calculating the utilization score for Bigip_A
HA Capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
0 Traffic-group-1 1 Traffic-group-2 1 1 + 1 = 2
Table 3. Calculating the utilization score for Bigip_B
HA Capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
0 Traffic-group-2 1 Traffic-group-3 1 1 + 1 = 2
Table 4. Calculating the utilization score for Bigip_C
HA Capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
0 Traffic-group-3 1 Traffic-group-1 1 1 + 1 = 2
Homogeneous device group with disparate traffic group loads

In this example, all devices are the same hardware platform. Also, each user-specified traffic group load factor is defined simply as 1, 4, or 8, to indicate that traffic-group-2 processes four times the application load of traffic-group-1, and that traffic-group-3 processes twice the application load of traffic-group-2.

The device utilization that the BIG-IP system calculates in this example is the sum of the two traffic load values (one per active traffic group).

Table 5. Calculating the utilization score for Bigip_A
HA capacity Active traffic group Traffic load Potential traffic group Traffic load Device utilization score
0 Traffic-group-1 1 Traffic-group-2 4 1 + 4 = 5
Table 6. Calculating the utilization score for Bigip_B
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
0 Traffic-group-2 4 Traffic-group-3 8 4 + 8 = 12
Table 7. Calculating the utilization score for Bigip_C
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
0 Traffic-group-3 8 Traffic-group-1 1 8 + 1 = 9

This example shows that device Bigip_A is currently the least-used device, with a score of 5, while Bigip_B is the most used, with a score of 12. Therefore, the BIG-IP system would currently choose Bigip_A to receive failover traffic, to ensure that the application traffic load remains as equivalent as possible on all devices.

Heterogeneous device group with disparate traffic group loads

In this example, the load-aware configuration consists of a user-specified relative capacity for each device and a relative load for each active traffic group. The device group contains three heterogeneous devices, each with one active traffic group. Being different hardware platforms, the three devices each have a different user-specified relative device capacity, and each traffic group on a device has a different application traffic load.

The device utilization score that the BIG-IP system calculates in this example is the sum of two traffic load values on a device divided by the device capacity.

Table 8. Calculating the utilization score for Bigip_A
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
10 Traffic-group-1 1 Traffic-group-2 4 5/10 = .50
Table 9. Calculating the utilization score for Bigip_B
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
80 Traffic-group-2 4 Traffic-group-3 8 12/80 = .15
Table 10. Calculating the utilization score for Bigip_C
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
20 Traffic-group-3 8 Traffic-group-1 1 9/20 = .45

This example shows the results of the calculations that the BIG-IP system performs for each device in the device group. For each device, the BIG-IP system factors in the device capacity, the load of the device's active traffic group, and the load of the next-active traffic group, to determine the current utilization of that device. The example shows that device Bigip_B, with a utilization score of .15, has the most available resource, despite having the heaviest traffic load. This is due to the large device capacity of 80 that the user specified relative to the other devices. Bigip_B is therefore most able to accept failover traffic from another device.

Heterogeneous device group with multiple active traffic groups on a single device

In this example, the load-aware configuration consists of a user-specified relative high availability (HA) capacity for each device and relative load for each active traffic group. The device group contains three heterogeneous devices, where Bigip_A and Bigip_B currently have one active traffic group each, while Bigip_C has two active traffic groups. Being different hardware platforms, the three devices each have a different user-specified relative device capacity, and each traffic group has a different relative application traffic load.

The device utilization score that the BIG-IP system calculates in this example is the sum of all traffic load values on a device divided by the device capacity.

Table 11. Calculating the utilization score for Bigip_A
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
10 Traffic-group-1 1 Traffic-group-2 4 5/10 = .5
Table 12. Calculating the utilization score for Bigip_B
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
80 Traffic-group-2 4 Traffic-group-3 8 12/80 = .15
Table 13. Calculating the utilization score for Bigip_C
HA capacity Active traffic group Traffic load Potential active traffic group Traffic load Device utilization score
20 Traffic-group-3 and Traffic-group-4 8 and 6 Traffic-group-1 1 15/20 = .75

This example shows the results of the calculations that the BIG-IP system performs for each device in the device group. The example shows that device Bigip_B has the most available resource due to its low utilization score of .15. Conversely, Bigip_C has the highest utilization score (.75), due to having an additional active traffic group (Traffic-group-4) on the device with a relatively high traffic load value (6). In this case, Bigip_C is unlikely to become the next-active device on failover.

About matching device utilization values

In rare cases, the BIG-IP system might calculate that two or more devices in a device group have the same lowest device utilization score. In this case, the BIG-IP system needs an additional method for choosing the next-active device for an active traffic group.

The way that the BIG-IP system chooses the next-active device when device utilization scores match is by determining the management IP address of each matching device and then calculating a score based on the highest management IP address of those devices.

For example, if Bigip_A has an IP address of 192.168.20.11 and Bigip_B has an IP address of 192.168.20.12, and their utilization scores match, the BIG-IP system calculates a score based on the address 192.168.20.12.

What is an ordered failover list?

If you do not want to use the load-aware feature to determine the next-active device for a traffic group, you can configure a traffic group to use a static, ordered list of devices instead. This list of devices specifies the order in which you want those devices to become active for the traffic group if the traffic group must fail over.

If failover occurs and the first device in the list is unavailable, the BIG-IP system tries to make the traffic group active on the second device in the list. If the second device is also unavailable, the BIG-IP system tries to make the traffic group active on the third device, and so on.

If you do not specify an ordered list or if none of the devices in the list is available, the BIG-IP system attempts to use load-aware failover to choose the next-active device.

Note: When the auto-failback feature is enabled for a traffic group, the BIG-IP system tries to ensure that the traffic group is active on the first device in the list. If the first device in the list is unavailable, no fail-back occurs.

Creating an ordered failover list

You can use this task to create an ordered list on an existing traffic group. The BIG-IP system uses this list to determine the next-active device for this traffic group.
  1. On the Main tab, click Device Management > Traffic Groups.
  2. In the Name column, click the name of a traffic group on the local device. This displays the properties of the traffic group.
  3. For the Failover Order setting, in the Available box, select a device name and using the Move button, move the device name to the Enabled box. Repeat for each device that you want to include in the ordered list. This setting is optional. Only devices that are members of the relevant Sync-Failover device group are available for inclusion in the ordered list. If auto-failback is enabled and the first device in the Failover Order list is unavailable, no auto-failback occurs and the traffic group continues to run on the current device. Also, if none of the devices in the list is currently available when failover occurs, the BIG-IP system ignores the Failover Order setting and performs load-aware failover instead, using the HA Load Factor setting.
  4. Click Update.
After you perform this task, the BIG-IP system designates the first available device that is highest in the ordered list as the next-active device for the traffic group.

About auto-failback

The failover feature includes an option known as auto-failback. When you enable auto-failback, a traffic group that has failed over to another device fails back to a preferred device when that device is available. If you do not enable auto-failback for a traffic group, and the traffic group fails over to another device, the traffic group remains active on that device until that device becomes unavailable.

You can enable auto-failback on a traffic group only when you have configured an ordered list with at least one entry, for that traffic group. In this case, if auto-failback is enabled and the traffic group has failed over to another device, then the traffic group fails back to the first device in the traffic group's ordered list when that device becomes available.

Important: If the first device in the ordered list is unavailable, no fail-back occurs. The traffic group does not fail back to the next available device in the list and instead remains on its current device.

Managing auto-failback

You can use the BIG-IP Configuration utility to manage the auto-failback option for a traffic group.
Note: If you enable auto-failback and you have configured an ordered failover list on a traffic group, the traffic group always fails back to the first device in the ordered list, if that device is available.
  1. On the Main tab, click Device Management > Traffic Groups.
  2. In the Name column, click the name of the traffic group for which you want to view the associated objects. This displays a list of all failover objects for the traffic group.
  3. Select or clear the check box for the Auto Failback option.
    • Select the check box to cause the traffic group, after failover, to become active on the first device in the traffic group's ordered list, when that device (and only that device) is available.
    • Clear the check box to cause the traffic group, after failover, to remain active on its current device until failover occurs again.
    You can enable auto-failback only when you configure the Failover Order setting.
  4. If auto-failback is enabled, in the Auto Failback Timeout field, type the number of seconds that you want the system to wait before failing back to the default device. The range is from 0 to 300 seconds. The default is 60. A value of 40 to 60 seconds allows for state mirroring information to be re-mirrored for traffic groups.
  5. Click Update.

About MAC masquerade addresses

A MAC masquerade address is a unique, floating Media Access Control (MAC) address that you create and control. You can assign one MAC masquerade address to each traffic group on a BIG-IP device. By assigning a MAC masquerade address to a traffic group, you indirectly associate that address with any floating IP addresses (services) associated with that traffic group. With a MAC masquerade address per traffic group, a single VLAN can potentially carry traffic and services for multiple traffic groups, with each service having its own MAC masquerade address.

A primary purpose of a MAC masquerade address is to minimize ARP communications or dropped packets as a result of a failover event. A MAC masquerade address ensures that any traffic destined for the relevant traffic group reaches an available device after failover has occurred, because the MAC masquerade address floats to the available device along with the traffic group. Without a MAC masquerade address, on failover the sending host must relearn the MAC address for the newly-active device, either by sending an ARP request for the IP address for the traffic or by relying on the gratuitous ARP from the newly-active device to refresh its stale ARP entry.

The assignment of a MAC masquerade address to a traffic group is optional. Also, there is no requirement for a MAC masquerade address to reside in the same MAC address space as that of the BIG-IP device.

Note: When you assign a MAC masquerade address to a traffic group, the BIG-IP system sends a gratuitous ARP to notify other hosts on the network of the new address.