Forum Discussion

Anthony_Cheng_1's avatar
Anthony_Cheng_1
Icon for Nimbostratus rankNimbostratus
May 01, 2014

LTM/GTM in a active/active Data Center design

For a active/active Data center design where there is a layer 2 LAN extension, there will be 1 GTM per DC, now the best practice is to have an Active/Passive LTM pair in each DC, but let's say for budget reason where they can only go for 2 LTM instead of 4, I know you can do active/active LTM (although again not necessarily recommended) and it is easier in 11.x with DSC and traffic groups.

 

But the question is what is the latency requirement between the 2 DC, at what point do I say, (e.g. beyond 10ms) that this is not going to work as active/active? Assume the LTM will run 11.x.

 

And slight off-topic but in looking at the LTM 4000 vs. 4200v, I notice on the datasheet that the 4000 has something called On-Demand Upgradable, what is that?

 

4 Replies

  • I do believe the F5 recommendation is not to do an active/active pair between geographically separate data centers. Are you wanting to do this for ease of management or maximum up-time in the event of a failure? F5 does have a tool and I'm not very familiar with it though, but it is called Enterprise manager and I believe that would fit the bill in helping upkeep two separate GTM systems.

     

    I've operated other active/active products before between data centers and depending on the stability of the connection it can be a nightmare.

     

    If someone on here is running an BIG-IP active/active pair I'd like hear their experiences with it.

     

  • Hi Anthony,

     

    the v11 implementation of active/active is based on traffic groups.

     

    The traffic groups contain failover objects like floating self IPs, VIPs, NATs, SNATs and allow grouping of associated elements.

     

    Since v11.5 the failover mechanism was improved by allowing multiple HA groups to be combined with traffic groups. So active/active becomes more interesting and you have better control than before.

     

    Very often an active/actice deployment will require to apply SNAT. Will it work in your environment? Btw, most times it does from my perspective. Whithout applying SNAT there is a risk to run into asymmetric traffic flow. Yes, there are methods to allow it by running virtuals in FastL4 with "loose init/close" enabled or be disabling VLAN keyed connections. But these "workarounds" are limiting the available features and make your setup less secure.

     

    Regarding latency: I´m not aware of a specification on maximum delay or round trip time between device group members. And I won´t be concerned of heartbeat and config sync. But if you apply traffic mirroring, a high round trip time may limit the mirroring capacity and increase the amount of allocated memory to buffer this traffic. (Mirroring more or less means to duplicate the traffic to the failover peer.)

     

    You are mentioning a combination of LTM and GTM controllers. I always avoided to combine these functions on the same appliances. Make sure to use separate appliances and run your GTMs as standalone units in a GTM sync group. (dicussing this would be a separate thread)

     

    Thanks,

     

    Stephan

     

  • Without using Active - Active, there is ways to get the same level of performance, redundancy etc... As you mentioned in your question L2 domain is extended to secondary DC use "priority groups" with correct priority, that will do the trick. Same time you have to maintain same config from both sides (Opposite Priority DC-2) . BIGIQ or Enterprise manager will help with administration perspective.