F5 failover related suggestions/best practices.

Question

Folks,&nbsp;
I came across a setup with 2 core switches and F5 boxes connected to each of these core switch in a active/standby mode. i.e. Active F5 connected to Core-01 and Standby F5 connected to Core-02.&nbsp;
Recently this setup came across an outage where Core-01 switch went down and this was hosting the active F5 box.&nbsp;
The standby F5 did not take over during this scenario. I seen that in this setup the Active and Standby F5 were connected to each other with and HA link directly connected and this could be the reason. Is my understanding correct?&nbsp;
If yes, is there any best practice document or some design guidelines which can help prevent such an outage in future? I can think of is connect the HA pair over the switched infrastructure.&nbsp;
Regards, 
Nik&nbsp;

afedden_1985 · Answer

It depends on your HA configuration and the Code version.  In V11 the blue HA cable between the devices is no longer used.  If your using V11 I can share the configuration I use that works.&nbsp;

nitass · Answer

Recently this setup came across an outage where Core-01 switch went down and this was hosting the active F5 box.&nbsp;
The standby F5 did not take over during this scenario. I seen that in this setup the Active and Standby F5 were connected to each other with and HA link directly connected and this could be the reason. Is my understanding correct?&nbsp;

if you want f5 to failover when interface is down or vlan has no traffic, you have to configure ha group or vlan failsafe.&nbsp;
ha group&nbsp;
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-1-0/tmos_high_avail.html&nbsp;
sol13297: Overview of VLAN failsafe (10.x - 11.x)&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13297.html&nbsp;

nitass_89166 · Answer

Recently this setup came across an outage where Core-01 switch went down and this was hosting the active F5 box.&nbsp;
The standby F5 did not take over during this scenario. I seen that in this setup the Active and Standby F5 were connected to each other with and HA link directly connected and this could be the reason. Is my understanding correct?&nbsp;

if you want f5 to failover when interface is down or vlan has no traffic, you have to configure ha group or vlan failsafe.&nbsp;
ha group&nbsp;
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-1-0/tmos_high_avail.html&nbsp;
sol13297: Overview of VLAN failsafe (10.x - 11.x)&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13297.html&nbsp;

n_67263 · Answer

Hi Nitass,
one of my F5 pair has this option configured but it still did not failover. This is interesting, is there any reason we can think of?

Regards,
Nik

n_67263 · Answer

Hi Nitass,
one of my F5 pair has this option configured but it still did not failover. This is interesting, is there any reason we can think of?

Regards,
Nik

Forum Discussion

F5 failover related suggestions/best practices.

6 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Cipher Suite Practices and Pitfalls

Configuring AWS HA Failover Across AZs Without EIPs Using F5 Cloud Failover Extension (CFE)

Security Best Practices for BIG-IP & BIG-IQ systems