Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

LTM HA - network or hardware failover?

Just wondering if people use network or hardware failover or both?

I'm setting up two LTMs in an active/standby config, and am a little confused

It seems hardware failover will be preferred over network if both are configured.  But what if if the switch port which connects to the active unit goes down?  will the device failover to the backup unit using hardware failover?


I have the following requirements:

Failover if network connectivity is lost to active device
failover if active device looses power
Management of devices using a floating IP
All VLANs to be synchronized across both devices.

I'm thinking network failover is best for this... would appreciate some feedback


0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
But what if if the switch port which connects to the active unit goes down? will the device failover to the backup unit using hardware failover?
i assume you mean all network connectivities are down. if so, bigip won't failover (since hardware failover is there) unless you also configure vlan failsafe or ha-group.

Failover if network connectivity is lost to active device
i think this can be done using vlan failsafe or ha-group.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Yes, if network connectivity to one unit is down i will need it to failover (obviously) so i guess VLAN fail safe would be what I want.  Does that work OK with hardware failover? I mean can vLAN fail safe and hardware failover be used together?

Also, I have noticed that when I create a new VLAN on one unit and then sync the config, the new vlan does not show up on the standby unit....  Is this normal?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Does that work OK with hardware failover? I mean can vLAN fail safe and hardware failover be used together?
why not? ;-)

Also, I have noticed that when I create a new VLAN on one unit and then sync the config, the new vlan does not show up on the standby unit.... Is this normal?
yes, that is normal since vlan is not shared configuration. only shared configuration such as virtual, pool, node will be synchronized.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Posted By nitass on 05/16/2012 06:14 AM
Does that work OK with hardware failover? I mean can vLAN fail safe and hardware failover be used together?
why not? ;-)

Also, I have noticed that when I create a new VLAN on one unit and then sync the config, the new vlan does not show up on the standby unit.... Is this normal?
yes, that is normal since vlan is not shared configuration. only shared configuration such as virtual, pool, node will be synchronized.

That kinda sucks.... I'm going to have over 100 VLANS (all with self IPs)
I have an API that can configure vlans, VIPs, pools, nodes etc etc at any time via a web portal that our customers can use...

If they don't get configured on the backup device and a failover occurs traffic wont flow.  Is it possible to get this synchronised somehow at all?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I use both VLAN Failsave and hardware failover. It is normal to assign both units a shared IP address - the Active unit is responsible for responding with the shared address. Even after a failover, there is always an Active unit so the shared address should be responding (unless something really unusual happened). You designate an IP address as "shared" by selecting the "Floating IP" checkbox (in 10.2.0, at least). Yes, unfortunately you have to create this shared address on both units. But once it's set up, both units can respond to it (though as I mentioned, only the Active unit will).

In addition to creating a floating IP address, I also assign a floating MAC address - referred to as a "Masquerade MAC". It works the same way as a floating IP - only the Active unit responds to it. The benefit is that when there is a failover event, the router does not need to update it's ARP table - which has been problematic several times for me. Assigning a Masquerade MAC has resolved that, and it makes sense intuitively - just like a floating IP does.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
@luca That's interesting, is it for one client? Or are you offering shared services to multiple clients?

Just sounds like you would have to build some logic to build the non syncable items on the peer..
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Posted By iRuleYou on 05/17/2012 07:05 AM
@luca That's interesting, is it for one client? Or are you offering shared services to multiple clients?

Just sounds like you would have to build some logic to build the non syncable items on the peer..

Its a public cloud service.  Customers can go to a web portal and create load balancing rules which then get programmed into the F5 via an API.

Previously we have just run a single F5 but now we are expanding we have a new HA cluster.  So yes looks like we will have to modify the API to create the VLANs and self IPs on both units.
0