APM - ACTIVE/ACTIVE - NOT SUPPORTED

Hi,

You can also review this SOL for APM Active/Active and the F5 stance that it is not supported.

https://support.f5.com/kb/en-us/solutions/public/13000/900/sol13983.html

Seth

Mariappan,

Unfortunately, right now it is as written - APM is not supported in Active/Active configuration, so you will not be able to configure both devices in Active/Active mode. What license reasons are you referring to? Active/Active is generally not the best idea when we're talking about a pair of devices due to a greater possibility to overwhelm a second device in case of failover if the capacity is not provisioned properly. It makes more sense in a greater cluster - at least 3 or more devices - but I would advise against Active/Active deployment on a pair of devices unless there is some absolute compelling reason for that(even when it is supported).

Hi,

You can overcome this issue creating 2 Virtual Servers for the same VPN-SSL service. So then, you can use BIG-IP DNS to load balance your incoming VPN-SSL traffic to both internal BIG-IP APMs. Then you have an Active-Active Deployment with 2 BIG-IPs processing SSL/TLS VPN Traffic.

Ex.: For service vpn.pedrohaoa.cl, you can have one VS:200.100.50.X:443 and another VS:100.50.25.Y and LB your incoming traffic with BIG-IP DNS to deliver traffic to both BIG-IP APMs, each one with one VS in Active-Standby mode.

BIG-IP DNS+APM can creates the Active-Active Layer that you need.