Forum Discussion

apradas_5836's avatar
apradas_5836
Icon for Nimbostratus rankNimbostratus
Jul 28, 2016

Network failover through the management inferfaces

Hi, we are testing issues on 2 F5s guests we have for these purposes. Our main test consists of becoming both guests members of a traffic-group, later upgrading them (from BIG-IP image 11.5.1 to 11.5.4) and finally testing that after doing it their configurations remain unchanged and completely 11.5.4 compatible . So,we think to do that it´s not necessary to assign vlans to them (so there wouldn´t be specific HA interfaces for failover purposes) provided that network failover could funtion only through their management interfaces. Are our assumptions right? Could network failover function only using the management addresses (without HA interfaces and vlans for it) on the traffic group ?

 

Thanks. M A Pradas

 

BIG-IP
devops

6 Replies

Sort By
  • Hannes_Rapp_162's avatar
    Hannes_Rapp_162
    Icon for Nacreous rankNacreous
    Jul 28, 2016

    It can work, but why bother? I assume that you prefer to keep the number of interfaces to a minimum. It's better to not use the management-plane for TMM operational purpose. I suppose that for network failover and config-sync features alone, it's a less significant of a choice that ultimately comes down to a matter of preference. On the other hand, for the more resource-intensive HA features (traffic mirror/sub-table mirror/persistence mirror) it's a matter of right and wrong.

     

    So I'd recommend to avoid using the mgmt interface for HA :)

     

    Tip: Use the non-routable IPv6 link-local addresses for HA SelfIP purpose. You can re-use the same addresses for all your BigIP implementations, regardless of network design. (very easy to automate, one less variable to consider)

     

    • apradas_5836's avatar
      apradas_5836
      Icon for Nimbostratus rankNimbostratus
      Jul 28, 2016

      Thanks for your recommendations. But i´d actually need to test HA using only management addresses because we don´t want production vlans to be asigned to these guests (model guests). The only way to connect for failover two F5s without vlans is through management interfaces, isn´t it?. We only need to test an upgrade to 11.5.4 in a traffic group with 2 F5s, both without vlans. The objetive is to conclude that the configuation files are fully compatible in both image versions. I hope this can be more clarifier. Regards.

       

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Jul 28, 2016

    It can work, but why bother? I assume that you prefer to keep the number of interfaces to a minimum. It's better to not use the management-plane for TMM operational purpose. I suppose that for network failover and config-sync features alone, it's a less significant of a choice that ultimately comes down to a matter of preference. On the other hand, for the more resource-intensive HA features (traffic mirror/sub-table mirror/persistence mirror) it's a matter of right and wrong.

     

    So I'd recommend to avoid using the mgmt interface for HA :)

     

    Tip: Use the non-routable IPv6 link-local addresses for HA SelfIP purpose. You can re-use the same addresses for all your BigIP implementations, regardless of network design. (very easy to automate, one less variable to consider)

     

    • apradas_5836's avatar
      apradas_5836
      Icon for Nimbostratus rankNimbostratus
      Jul 28, 2016

      Thanks for your recommendations. But i´d actually need to test HA using only management addresses because we don´t want production vlans to be asigned to these guests (model guests). The only way to connect for failover two F5s without vlans is through management interfaces, isn´t it?. We only need to test an upgrade to 11.5.4 in a traffic group with 2 F5s, both without vlans. The objetive is to conclude that the configuation files are fully compatible in both image versions. I hope this can be more clarifier. Regards.