Manual Chapter : High Availability Fail-safe

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP APM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP GTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP Analytics

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP Link Controller

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP LTM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP PEM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP AFM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1

BIG-IP ASM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Manual Chapter

High Availability Fail-safe

 

About system fail-safe

When you configure system fail-safe, the BIG-IP® system monitors various hardware components, as well as the heartbeat of various system services, and can take action if the system detects a heartbeat failure.

You can configure the BIG-IP system to monitor the switch board component and then take some action if the BIG-IP system detects a failure. Using the BIG-IP Configuration utility, you can specify the action that you want the BIG-IP system to take when the component fails. The BIG-IP system can perform these actions:

  • Reboot the BIG-IP system.
  • Restart all system services.
  • Go offline.
  • Go offline and cancel the TMM service.
  • Fail over and restart TMM.

Configuring system fail-safe

You can use the BIG-IP® Configuration utility to configure system fail-safe for the BIG-IP system. You configure system fail-safe when you want the system to take a specific action when it detects either a switch board failure or a heartbeat failure on a particular system service.
  1. On the Main tab, click System > High Availability > Fail-safe > System .
    The System screen opens.
  2. In the System Trigger Properties area, for the Switch Board Failure setting, select the action that you want the BIG-IP system to take in the event of a switch board component failure.
  3. If you want to configure a heartbeat failure action for one or more system services, then in the System Services area:
    1. In the Name column, click a service name.
    2. From the Heartbeat list, select Enabled.
    3. From the Heartbeat Failure Action list, select the action that you want the system to take when the system detects a heartbeat failure for the service.
    4. Repeat these steps for each service for which you want to configure a heartbeat failure action.
  4. Click Update.

About gateway fail-safe

One type of network failure detection is known as gateway fail-safe, which applies to redundant system configurations only. Gateway fail-safe monitors traffic between an active BIG-IP® system in a device group and a pool containing a gateway router. You configure the gateway fail-safe feature if you want the BIG-IP system to take an action, such as fail over, when some number of gateway routers in a pool of routers becomes unreachable.

You can configure gateway fail-safe using the BIG-IP Configuration utility. Configuring gateway fail-safe means designating a pool of routers as a gateway fail-safe pool. When you designate a pool as a gateway fail-safe pool, you provide this information:

  • The name of the pool.
  • The name of a BIG-IP device in a device group (either the local device or any other device group member).
  • The minimum number of gateway pool members that must be available to avoid the designated action.
  • The action that the BIG-IP system should take when the number of available gateway pool members drops below the designated threshold. The default value is Failover.

After you configure gateway fail-safe, by specifying an action of Failover, the named BIG-IP device (and only that device) fails over to another device group member whenever the number of available pool members falls below the specified threshold. The BIG-IP system only monitors the gateway pool assigned to the local device and does not monitor gateway pools assigned to peer devices. When viewing the status of a peer gateway pool, you will observe an unchecked status (a blue square in the BIG-IP Configuration utility).

Configuring gateway fail-safe

Before you can configure gateway fail-safe, you must have already created a gateway pool for the BIG-IP® system to use to forward traffic.
When you configure gateway fail-safe, the system monitors traffic between a specified BIG-IP device group member and the specified gateway pool. If the number of available pool members falls below the specified threshold, the system takes the specified action. You can use the BIG-IP Configuration utility to configure gateway fail-safe for the BIG-IP system.
  1. On the Main tab, click System > High Availability > Fail-safe > Gateway .
    The Gateway screen opens.
  2. Click Add.
  3. In the Configuration area, for the Gateway Pool setting, select a pool to use as the gateway fail-safe pool.
  4. For the Device setting, select a device name.
  5. For the Threshold setting, specify the minimum number of gateway pool members that must be available.
    The system triggers the gateway fail-safe action if the threshold falls below this value.
  6. For the Action setting, select the action that the system takes if the threshold falls below the minimum available members.
  7. Click Finished.

About VLAN fail-safe

For maximum reliability, the BIG-IP® system supports failure detection on all VLANs. When you configure the fail-safe option for a VLAN, the BIG-IP system monitors network traffic going through that VLAN. If the BIG-IP system detects a loss of traffic on the VLAN and the fail-safe timeout period has elapsed, the BIG-IP system attempts to generate traffic by issuing ARP requests to nodes accessible through the VLAN. The BIG-IP system also generates an ARP request for the default route, if the default router is accessible from the VLAN. Failover is averted if the BIG-IP system is able to send and receive any traffic on the VLAN, including a response to its ARP request.

For a redundant system configuration, if the BIG-IP system does not receive traffic on the VLAN before the timeout period expires, the system can initiate failover to another device group member, reboot, or restart all system services. For a single device configuration, the system can either reboot or restart all system services. The default action for both configurations is Reboot.

Warning: You should configure the fail-safe option on a VLAN only after the BIG-IP system is in a stable production environment. Otherwise, routine network changes might cause failover unnecessarily.

Each interface card installed on the BIG-IP system is typically mapped to one or more different VLANs. Thus, when you set the fail-safe option on a particular VLAN, you need to know the interface to which the VLAN is mapped. You can use the BIG-IP Configuration utility to view VLAN names and their associated interfaces.

Configuring VLAN fail-safe

Before you can configure VLAN fail-safe, you must have already created a VLAN for the BIG-IP® system.
You configure fail-safe for a specific VLAN when you want the system to monitor traffic for that VLAN. If the system detects no traffic on the VLAN after some number of seconds has elapsed, the system takes the specified action. You can use the BIG-IP Configuration utility to configure VLAN fail-safe.
  1. On the Main tab, click System > High Availability > Fail-safe > VLANs .
    The VLANs screen opens.
  2. Click Add.
  3. In the Configuration area, for the VLAN setting, select a VLAN.
  4. For the Timeout setting, specify the number of seconds that a system can run without detecting network traffic on this VLAN before it takes the fail-safe action.
  5. For the Action setting, select the action that the system takes when it does not detect any traffic on this VLAN.
  6. Click Finished.