Forum Discussion

damian_19221's avatar
damian_19221
Icon for Nimbostratus rankNimbostratus
Feb 17, 2015

Traffic failover in AWS

Hi, We're currently investigating the AWS platform and have moved a clone of all of our business applications to EC2. The last step is to sort out load balancing. As our current "real" F5s use way above the 1gb limit of the AWS F5 platform, we've split traffic up into various traffic groups to have an active/active/active/... etc cluster. We've done this on real hardware (BIP 1800s & VIPRION) before with no issues.

 

We've managed to get two Ec2 instances to talk to eachother, share config, sync etc, but still can't get traffic to fail from one unit to another. If I go to Device Management each device is set to Active Device = Self, Next Active Device = partner F5. I select traffic-group-1 to Force to Standby and the partner F5 goes from Standby to Active. However the IP address of the virtual servers is no longer pingable and I see this in the logs of the destination F5:

 

Feb 17 11:42:16 awsif5e01a2 notice sod[29926]: 010c002e:5: Traffic group /Common/traffic-group-1 received a go high score command. Feb 17 11:42:17 awsif5e01a2 notice sod[29926]: 010c006d:5: Leaving Standby for Active (best load): NextActive:. Feb 17 11:42:17 awsif5e01a2 notice sod[29926]: 010c0053:5: Active for traffic group /Common/traffic-group-1. Feb 17 11:42:17 awsif5e01a2 notice sod[29926]: 010c0019:5: Active Feb 17 11:42:17 awsif5e01a2 notice logger: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): Started. Feb 17 11:42:18 awsif5e01a2 notice logger: /usr/bin/tmipsecd --tmmcount 2 ==> /usr/bin/bigstart start racoon Feb 17 11:42:20 awsif5e01a2 err logger: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): Failed to reassign address: 10.242.20.21 on interface eni-01d2c258.

 

Have I missed a step somewhere?

 

Thanks,

 

Damian

 

2 Replies

  • Hi Damian, this is the problematic error:

     

    Feb 17 11:42:20 awsif5e01a2 err logger: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): Failed to reassign address: 10.242.20.21 on interface eni-01d2c258.

     

    Something is causing the API call from BIP to AWS to fail. The question is, why does it fail? Have you correctly configured your AWS API key and secret on the BIGIP? If you follow this: https://www.youtube.com/watch?v=MVtZdYaU6BE on a fresh set of Instances, does failover then work?

     

  • Hi Daniel, thanks for the headsup! I didn't realise F5 had published YouTube videos detailing how to set up AWS so we did it with (educated) guesswork. Turns out the only thing we didn't do was tick "Allow reassignment" when creating the secondary IPs for each Virtual Server on our external interface. Nice easy fix!