I have setup a clustered VE BigIP appliances that are successfully sync'd but the issue is that from what I understand of the floating IPs for vip gateways and virtual servers is that they have to transfer over to the other device which takes around 10 seconds as it relies on API calls on AWS to do this transfer of IPs. I've contacted AWS support on whether they can see any API calls or not and they have confirmed that the devices are not making any calls. after exhausting google and aws and f5 support, I'm here to ask my questions.
1) How do I even begin to troubleshoot API calls from f5? Where do I go? what logs do I see? GUI or CLI?
2) How can I test the failover properly to use the API Call?
3) Why would the device not make an API call even though the permissions on the access key has Admin Rights?
4) is it possible to manually trigger this call? Where?
Someone please get me started, as I'm running out of options. Thanks in advance.
This is only a brief list as not back into work until next Tuesday where when I can test my F5 devices in AWS
Assume you have added aws credentials to the F5 config
Check your default route. Which interface are you going out of
API calls will be external to your networks so any access control lists will need to allow https to 0.0.0.0
Also check in AWS that each network interface with the secondary IP addresses has source/destination check disabled.
TCP dump on the command line monitoring the interface used for default routes should show calls to AWS when one of the F5 devices is taken offline. On an active standby pair of F5s you can make the active go to standby which should generate the API calls on the STANDBY F5 which then becomes the new active server
We have recently posted a guide on f5.com to help with HA in AWS.
Here is a link:
This guide has a troubleshooting topic that you might find helpful--it has a list of things to try if HA is not working.