Forum Discussion

Bryan_Fung_9473's avatar
Bryan_Fung_9473
Icon for Nimbostratus rankNimbostratus
Jan 06, 2016

Configuration sync between Production and DR

Our production has a pair of Active/Standby F5 LTM and DR has a standalone F5 LTM. The hardware of production and DR are different; but they are running the same version and HF of the LTM software (11.5.1 HF7). The network segment behind the F5 between production and DR is the same. (i.e. we use the same vlan ID and ip addresses.) In theory, we only need to replicate the SSL key/cert, profiles, nodes, pools and virtual server configuration from the production F5 to the DR F5.

 

We have googled / ask.f5.com for solution; but we cannot find a unified answer or how-to. I don’t think our situation is unique. Someone out there might have some sort of solutions. Please advise. Thanks.

 

devops
LTM

3 Replies

Sort By
  • DevBabu's avatar
    DevBabu
    Icon for Cirrus rankCirrus
    Jan 06, 2016

    My thoughts :

     

    1. You can create a sync only group between the DR and the Production boxes. WARNING--- Sync the config only from Production -> DR never do a reverse.

       

    2. Write a script to copy configuration from PROD to DR box and run the task once a week.

       

  • Misty_Spillers's avatar
    Misty_Spillers
    Icon for Nimbostratus rankNimbostratus
    Feb 08, 2016
    I have asked for YEARS for a solution to this for the same reason. Did you ever get a solution?
  • Angelo_Russo_51's avatar
    Angelo_Russo_51
    Icon for Nimbostratus rankNimbostratus
    Apr 04, 2016

    We have done this using simple Rsync of bigip.conf configs per partition from Production to Disaster Recovery. We have a different subnet on the local and Public LAN so we run another script local on the Disaster Recovery F5 to do a simple search and replace for the first two Octet's 10.Y.X.X to 10.Z.X.X and then the same for the Public /24 the 3rd and 4th Octet stays the same. then do a tmsh verify and tmsh load. The issue that I have to do now manually is the Certificate Store since they are referenced differently since version 11. Version 10 I would be able to sync the /config/ssl/ssl.crt and config/ssl/ssl.key across with the bigip.conf files and be done.