Manual Chapter : Creating an Active-Standby Configuration Using the Setup Utility

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP APM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP Analytics

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP Link Controller

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP LTM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP AFM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP PEM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP DNS

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP ASM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
Manual Chapter

Creating an Active-Standby Configuration Using the Setup Utility

Overview: Creating a basic active-standby configuration

This implementation describes how to use the Setup utility to configure two new BIG-IP® devices that function as an active-standby pair. An active-standby pair is a pair of BIG-IP devices configured so that one device is actively processing traffic while the other device remains ready to take over if failover occurs. The two devices synchronize their configuration data and can fail over to one another in the event that one of the devices becomes unavailable.

Important: The same version of BIG-IP system software must be running on all devices in the device group.

First, you run the Setup utility on each device to configure base network components (that is, a management port, administrative passwords, and the default VLANs and their associated self IP addresses). Continue running it on each device to establish a trust relationship between the two devices, and create a Sync-Failover type of device group that contains two member devices.

After the Setup utility is run on both devices, each device contains the default traffic group that the BIG-IP system automatically created during setup. A traffic group represents a set of configuration objects (such as floating self IP addresses and virtual IP addresses) that process application traffic. This traffic group actively processes traffic on one of the two devices, making that device the active device. When failover occurs, the traffic group becomes active on (that is, floats to) the peer BIG-IP device.

By default, the traffic group contains the floating self IP addresses of the default VLANs. Whenever you create additional configuration objects such as self IP addresses, virtual IP addresses, and SNATs, the system automatically adds these objects to the default traffic group.

Example

In this configuration example, the device group is named Device Group A. This device group contains two BIG-IP devices, named Device 1 and Device 2, and these two devices are peers of one another. The default traffic group, named traffic-group-1, resides on each device.

Device 1 actively processes traffic because traffic-group-1 is in an Active state on that device. Device 2 remains idle until failover occurs because traffic-group-1 is in a Standby state on that device.

Example active-standby configuration

Example active-standby configuration

By implementing this configuration, you ensure that:

  • Each device has base network components (such as self IPs and VLANs) configured.
  • The two devices can synchronize their configuration to one another.
  • Failover capability and connection mirroring are enabled on each device.

Task summary

The configuration process for a BIG-IP® system entails running the Setup utility on each of the two BIG-IP devices. When you run the Setup utility, you perform several tasks. Completing these tasks results in both BIG-IP devices being configured properly for an active-standby implementation.

Important: After using the Setup utility to create an active-standby configuration, you can re-enter the utility at any time to adjust the configuration. Simply click the F5 logo in the upper-left corner of the BIG-IP Configuration utility, and on the Welcome screen, click Run the Setup Utility. Then page through the utility to find the appropriate screens.

Licensing and provisioning the BIG-IP system

Using the Setup utility, you can activate the license and provision the BIG-IP® system.
  1. From a workstation attached to the network on which you configured the management interface, type the following URL syntax where <management_IP_address> is the address you configured for device management:
    https://<management_IP_address>
  2. At the login prompt, type the default user name admin, and password admin, and click Log in.
    The Setup utility screen opens.
  3. Click Next.
  4. Click Activate.
    The License screen opens.
  5. In the Base Registration Key field, paste the registration key.
  6. Click Next and follow the process for licensing and provisioning the system.
    Note: When you perform the licensing task so that you can run the F5 cloud ADC, you can accept the default provisioning values.
  7. Click Next.
    This displays the screen for configuring general properties and user administration settings.
The BIG-IP system license is now activated, and the relevant BIG-IP modules are provisioned.

Configuring a device certificate

Import or verify the certificate for the BIG-IP device.
Do one of the following:
  • Click Import, import a certificate, click Import, and then click Next.
  • Verify the displayed information for the certificate and click Next.

Configuring the management port and administrative user accounts

Configure the management port, time zone, and the administrative user names and passwords.
  1. On the screen for configuring general properties, for the Management Port Configuration setting, select Manual and specify the IP address, network mask, and default gateway.
  2. In the Host Name field, type a fully-qualified domain name (FQDN) for the system.
    The FQDN can consist of letters, numbers, and/or the characters underscore ( _ ), dash ( - ), or period ( . ).
  3. For the Host IP Address setting, retain the default value Use Management Port IP Address.
  4. From the Time Zone list, select a time zone.
    The time zone you select typically reflects the location of the F5® system.
  5. For the Root Account setting, type and confirm a password for the root account.
    The root account provides console access only.
  6. For the Admin Account setting, type and confirm a password.
    Typing a password for the admin account causes the system to terminate the login session. When this happens, log in to the F5 Configuration utility again, using the new password. The system returns to the appropriate screen in the Setup utility.
  7. For the SSH Access setting, select or clear the check box.
  8. From the SSH IP Allow list, retain the default value of *All Addresses, or specify a range.
  9. Click Next.
  10. In the Standard Network Configuration area of the screen, click Next.
    This displays the screen for enabling configuration synchronization and high availability.

Enabling ConfigSync and high availability

When you perform this task, you set up config sync and connection mirroring, and you can specify the failover method (network, serial, or both).
  1. For the Config Sync setting, select the Display configuration synchronization options check box.
    This causes an additional ConfigSync screen to be displayed later.
  2. For the High Availability setting, select the Display failover and mirroring options check box.
    This displays the Failover Method list and causes additional failover screens to be displayed later.
  3. From the Failover Method list, select Network and serial cable.
    If you have a VIPRION® system, select Network.
  4. Click Next.
    This displays the screen for configuring the default VLAN internal.

Configuring the internal network

You can use the Setup utility to specify self IP addresses and settings for a VLAN on the BIG-IP® internal network. The default VLAN for the internal network is named internal.
  1. Specify the Self IP setting for the internal network:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
    3. For the Port Lockdown setting, retain the default value.
  2. Specify the Floating IP setting:
    1. In the Address field, type a floating IP address.
      This address should be distinct from the address you type for the Self IP setting.
      Important: If the BIG-IP device you are configuring is accessed using Amazon Web Services and the device needs to failover to a device group peer, use the second, Secondary Private IP address for the floating IP address.
    2. For the Port Lockdown setting, retain the default value.
  3. For the VLAN Tag ID setting, retain the default value, auto.
    This is the recommended value.
  4. For the Interfaces setting:
    1. From the Interface list, select an interface number.
    2. From the Tagging list, select Tagged or Untagged.
      Select Tagged when you want traffic for that interface to be tagged with a VLAN ID.
    3. Click Add.
  5. Click Next.
    This completes the configuration of the internal self IP addresses and VLAN, and displays the screen for configuring the default VLAN external.

Configuring the external network

You can use the Setup utility to specify self IP addresses and settings for a VLAN on the BIG-IP® external network. The default VLAN for the external network is named external.
  1. Specify the Self IP setting for the external network:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
    3. For the Port Lockdown setting, retain the default value.
  2. In the Default Gateway field, type the IP address that you want to use as the default gateway to VLAN external.
  3. Specify the Floating IP setting:
    1. In the Address field, type a floating IP address.
      This address should be distinct from the address you type for the Self IP setting.
      Important: If the BIG-IP device you are configuring is accessed using Amazon Web Services and the device needs to failover to a device group peer, use the second, Secondary Private IP address for the floating IP address.
    2. For the Port Lockdown setting, retain the default value.
  4. For the VLAN Tag ID setting, retain the default value, auto.
    This is the recommended value.
  5. For the Interfaces setting:
    1. From the Interface list, select an interface number.
    2. From the Tagging list, select Tagged or Untagged.
      Select Tagged when you want traffic for that interface to be tagged with a VLAN ID.
    3. Click Add.
  6. Click Next.
    This completes the configuration of the external self IP addresses and VLAN, and displays the screen for configuring the default VLAN HA.

Configuring the network for high availability

To configure a network for high availability, specify self IP addresses and settings for VLAN HA, which is the VLAN that the system will use for failover and connection mirroring.
  1. For the High Availability VLAN setting, retain the default value, Create VLAN HA.
  2. Specify the Self IP setting for VLAN HA:
    1. In the Address field, type a self IP address.
    2. In the Netmask field, type a network mask for the self IP address.
  3. For the VLAN Tag ID setting, retain the default value, auto.
    This is the recommended value.
  4. For the Interfaces setting,
    1. From the Interface list, select an interface number.
    2. From the Tagging list, select Untagged.
    3. Click Add.
  5. Click Next.
    This configures the self IP address and VLAN that the system will use for high availability and displays the default IP address that the system will use for configuration synchronization.

Configuring a ConfigSync address

Use this task to specify the address that you want the system to use for configuration synchronization.
  1. From the Local Address list, select a self IP address.
    Do not select a management IP address.
  2. Click Next.
    This displays the screen for configuring unicast and multicast failover addresses.

Configuring failover and mirroring addresses

Follow these steps to specify the local unicast and mirroring addresses that you want the BIG-IP® system to use for high availability. During the final step of running the Setup utility, the system exchanges these addresses with its trusted peer. If you are configuring a VIPRION® system, configure a multicast failover address as well.
  1. Locate the Failover Unicast Configuration area of the screen.
  2. Under Local Address, confirm that there are entries for the self IP addresses that are assigned to the HA and internal VLANs and for the local management IP address for this device. If these entries are absent, click the Add button to add the missing entries to the list of Failover Unicast Addresses.
    1. For the Address setting, select the address for the VLAN you need to add (either HA or internal).
    2. In the Port field, type a port number or retain the default port number, 1026.
    3. Click Repeat to add additional self IP addresses, or click Finished.
    4. Repeat these steps to add a management IP address.
  3. Click Next.
  4. From the Primary Local Mirror Address list, retain the default value, which is the self IP address for VLAN HA.
  5. From the Secondary Local Mirror Address list, select the address for VLAN internal.
  6. Click Finished.

Discovering a peer device

You can use the Setup utility to discover a peer device for the purpose of exchanging failover and mirroring information.

  1. Under Standard Pair Configuration, click Next.
  2. If this is the first device of the pair that you are setting up, then under Configure Peer Device, click Finished.
    To activate device discovery, you must first run the Setup utility on the peer device.
  3. If this is the second device of the pair that you are setting up:
    1. Under Discover Configured Peer Device, click Next.
    2. Under Remote Device Credentials, specify the Management IP address, Administrator Username, and Administrator Password.
    3. Click Retrieve Device Information.
  4. Click Finished.
After the second device has discovered the first device, the two devices have a trust relationship and constitute a two-member device group. Also, each device in the pair contains a default traffic group named Traffic-Group-1. By default, this traffic group contains the floating IP addresses that you defined for VLANs internaland external.

Implementation result

To summarize, you now have the following BIG-IP® configuration on each device of the pair:

  • A management port, management route, and administrative passwords defined.
  • A VLAN named internal, with one static and one floating IP address.
  • A VLAN named external, with one static and one floating IP address.
  • A VLAN named HA with a static IP address.
  • Configuration synchronization, failover, and mirroring enabled.
  • Failover methods of serial cable and network (or network-only, for a VIPRION® platform.
  • A designation as an authority device, where trust was established with the peer device.
  • A Sync-Failover type of device group with two members defined.
  • A default traffic group that floats to the peer device to process application traffic when this device becomes unavailable. This traffic group contains two floating self IP addresses for VLANs internal and external.
  • One end of an iSession™ connection for WAN traffic optimization.

On either device in the device group, you can create additional configuration objects, such as virtual IP addresses and SNATs. The system automatically adds these objects to Traffic-Group-1.