Multi-Site LTM Deployment

Question

I'm looking for some design guidance for a multi-Site deployment. We've purchased 2 pair of Big-IPs. Each pair is installed in a separate data center. What we would like to do is be able to have each of these pairs act as active passive in each individual location, but also be able to sync between locations. In the event we lose Datacenter A, Datacenter B will be ready to accept connections with no effort.&nbsp;
We aren't using GTM since it was costly and these DC's are terribly geographically diverse. We'll be using a DNS monitoring service that would update queries to the new external IP's. From an internal networking perspective, these two locations are layer 2 adjacent, but we may have pool members in separate networks in each location.&nbsp;
My initial thought is to configure a sync-failover group locally, with a seperate sync-only group to include all devices. Is this the right way to do it? I've only worked with LTM's installed in single sites, so this is new to me. &nbsp;
Thanks&nbsp;

graham_mainwar1 · Answer

Do you mean that, in a failure of Datacenter A, you want the Big-IPs in Datacenter B to take on the same IP addresses for the same pools and virtual servers, possibly sending traffic to pool members still operating in Datacenter A?&nbsp;
Or do you mean you have different pools virtual servers on the two pairs of LTMs, and you want to implement automatic DNS-based failover between them without using GTM?&nbsp;

cory_50405 · Answer

We'll be using a DNS monitoring service that would update queries to the new external IP's.&nbsp;

This statement leads me to believe that you'll be using different external facing IP addresses at datacenter B than at datacenter A in the event of a failover.  Since your objects are going to be different (at least your virtual server IP addresses), I'm not sure sync is going to meet your needs.&nbsp;
If you are going to be using the same external facing addresses for your virtual servers at each datacenter, then not only DNS, but also routing would need to be modified to use datacenter B in the event of a failure at datacenter A.  However in this scenario, a sync-only group should work.&nbsp;

nitass · Answer

My initial thought is to configure a sync-failover group locally, with a seperate sync-only group to include all devices.&nbsp;

just wondering what object you are going to put in the sync-only device group.&nbsp;

nathe · Answer

I agree with Cory, with different external IPs then I don't think sync only would work.&nbsp;
If you had the same IP addresses for the VIPs could you create more of an active/active scenario across all 4 bigips? You could still have active/passive locally if you want i.e. traffic group 1 is active on bigip 1 and standby on bigip 2,3 and 4 with a Failover Order (TMOS 11.4 onwards) selecting the local bigip as the first in the list. If the whole DC went down then the traffic group would float to bigip 3 or 4 in the other DC.&nbsp;
See if this link could help Active-Active&nbsp;
Just a thought to see if it might help.&nbsp;
N&nbsp;

Forum Discussion

Multi-Site LTM Deployment

4 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Considerations

VMware Cloud for AWS - BIG-IP in Single-Site, Hybrid, and Multi-Cloud Deployments

LTM VE behind Sophos Firewall deployment - configuration/setup question

VLAN Group and Asymmetric Deployment

Your BIG-IP Deployment FastPass