Layer 2 LTM cluster setup in 11.4.x

Hmmm, interesting. Will you not have any L3 virtual servers at all?

No, there will be no layer 3 Virtual servers, this is how we have it today in the 9.4.6 code.

OK, so that document I'm sure you've read is just demonstrating the expected set-up with L3 Traffic Groups. Certain parts are not essential. I guess the question is, what are you looking for HA wise? What function is actually going to move between devices? How are surrounding devices going to know to route via the newly active devices?

We want the basic active/standby cluster, where all resources are active on the active unit. The vs communicat via there vlan gateway which is on a firewall and not the F5.

The vs use broadcasts to communicate within their own vlan.

OK, I'm not sure I understand the full picture on how this works but perhaps that's not necessary. So, if you use a dedicated VLAN and some nonsense addresses between devices you can use network failover with HA-groups or all the failsafe features. Alternatively you could drop even those addresses and use the serial failover cable instead. Regardless you'd need to create the relevant device group and trusts but this can be done through the management interfaces. Does that help?

What I did is similar to your suggestion, I created three vlans that are not used in our network and did not put them on th etrunk interface (HA,Internal, and External) and linked the 1.1, 1.2, and 1.3 interfaces to the respective vlans. I then used crossover patch cables and connected the standby unit to the primary unit respective interfaces. This brought up the interface and I was able to complete the cluster configuration. All seems fine and works as expected but I still wonder if what I did is truly necessary.

Oh, I do have failover configured for the serial cable, not the network.

Thank You for your input.

It's my understanding that that was all unnecessary. You should be able to create the trust via the management interfaces. Still, a HA VLAN would be good so you can ConfigSync (this can't be done via the mgmt interface). Seeing as you'll use a HA VLAN you probably shouldn't use serial failover and should rely on network instead.

So, I think it should look like this;

1) Just keep the HA VLAN, use 'dummy' addressing

2) Cable this via the same switches as the other VLANs but different interfaces (so it'll cause a failover if a switch fails)

3) Enable VLAN fail-safe on all VLANs

4) Configure ConfigSync and network failover on the HA VLAN only

5) Don't use the serial cable

6) Take a look at the System Fail-safe feature too

Any issues or questions, let me know.