High Availability issue on bigip 1600, rel. 11.2.1 HF1

Question

High Availability issue on bigip 1600, rel. 11.2.1 HF1&nbsp;
HA configuration, sync, mirroring has been made through the wizard.
after I have configured the VLAN Fail-safe (with action option: Failover RestartTM) and the MAC Masquerade Address.
the sync process works; on the active appliance both operation (the force stand-bye and shoutdown) generate the expected behavior, a change of state (standby -&gt; active).
However, when I unplug all the service interfaces (1.1 - 1.4) on the active bigip,
the bigIp2 detects the event HA connection lost, but can not be exchanged in active status.
Both devices have a trunk with lacp on eth 4.&nbsp;
below, i've posted messages log of both appliances when i change the interfaces status on bigIp1 from active to down.&nbsp;
log message f5_1&nbsp;
Oct 22 11:34:19 f5_1_mc_me info bcm56xxd[4818]: 012c0015:6: Link: 1.1 is DOWN&nbsp;
Oct 22 11:34:19 f5_1_mc_me info bcm56xxd[4818]: 012c0015:6: Link: 1.2 is DOWN&nbsp;
Oct 22 11:34:19 f5_1_mc_me info bcm56xxd[4818]: 012c0015:6: Link: 1.3 is DOWN&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160016:6: Interface 1.1, link admin status: enabled, link status: down, duplex mode: half, lacp operation state: down&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160010:6: Link 1.1 removed from aggregation&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160016:6: Interface 1.2, link admin status: enabled, link status: down, duplex mode: half, lacp operation state: down&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160010:6: Link 1.2 removed from aggregation&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160016:6: Interface 1.3, link admin status: enabled, link status: down, duplex mode: half, lacp operation state: down&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160010:6: Link 1.3 removed from aggregation&nbsp;
Oct 22 11:34:19 f5_1_mc_me info bcm56xxd[4818]: 012c0015:6: Link: 1.4 is DOWN&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160016:6: Interface 1.4, link admin status: enabled, link status: down, duplex 
mode: half, lacp operation state: down&nbsp;
Oct 22 11:34:19 f5_1_mc_me info lacpd[5431]: 01160010:6: Link 1.4 removed from aggregation&nbsp;
Oct 22 11:34:22 tmm err tmm[7369]: 01340002:3: HA Connection with peer 192.168.200.29:1028 lost.&nbsp;
Oct 22 11:34:22 tmm1 err tmm1[7370]: 01340002:3: HA Connection with peer 192.168.200.29:1028 lost.&nbsp;
Oct 22 11:34:41 f5_1_mc_me notice mcpd[4993]: 0107143c:5: Connection to CMI peer 192.168.200.29 has been removed&nbsp;
Oct 22 11:34:41 f5_1_mc_me notice mcpd[4993]: 0107143a:5: CMI reconnect timer: enabled&nbsp;
Oct 22 11:34:41 f5_1_mc_me notice mcpd[4993]: 01071431:5: Attempting to connect to CMI peer 192.168.200.29 port 6699&nbsp;
Oct 22 11:34:46 f5_1_mc_me notice mcpd[4993]: 0107143a:5: CMI reconnect timer: disabled, all peers are connected&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160011:6: Link 1.1 Actor Out of Sync&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160012:6: Link 1.1 Partner Out of Sync&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160011:6: Link 1.2 Actor Out of Sync&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160012:6: Link 1.2 Partner Out of Sync&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160011:6: Link 1.3 Actor Out of Sync&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160012:6: Link 1.3 Partner Out of Sync&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160011:6: Link 1.4 Actor Out of Sync&nbsp;
Oct 22 11:35:18 f5_1_mc_me info lacpd[5431]: 01160012:6: Link 1.4 Partner Out of Sync&nbsp;
Oct 22 11:37:50 f5_1_mc_me err mcpd[4993]: 0107142f:3: Can't connect to CMI peer 192.168.200.29, port:6699, Transport endpoint is not connected&nbsp;
Oct 22 11:37:50 f5_1_mc_me notice mcpd[4993]: 0107143a:5: CMI reconnect timer: enabled&nbsp;
Oct 22 11:37:50 f5_1_mc_me notice mcpd[4993]: 01071431:5: Attempting to connect to CMI peer 192.168.200.29 port 6699&nbsp;
Oct 22 11:37:55 f5_1_mc_me notice mcpd[4993]: 0107143a:5: CMI reconnect timer: disabled, all peers are connected[root@f5_1_mc_me:Active] config  &nbsp;
Log f5_2&nbsp;
Oct 22 11:27:45 tmm1 err tmm1[7309]: 01340002:3: HA Connection with peer 192.168.200.28:32773 lost.&nbsp;
Oct 22 11:27:45 tmm err tmm[7308]: 01340002:3: HA Connection with peer 192.168.200.28:32772 lost.&nbsp;
Oct 22 11:28:04 f5_2_mc_me notice mcpd[5500]: 0107143c:5: Connection to CMI peer 192.168.200.28 has been removed&nbsp;
Oct 22 11:28:04 f5_2_mc_me notice mcpd[5500]: 0107143a:5: CMI reconnect timer: enabled&nbsp;
Oct 22 11:28:04 f5_2_mc_me notice mcpd[5500]: 01071431:5: Attempting to connect to CMI peer 192.168.200.28 port 6699&nbsp;
Oct 22 11:28:09 f5_2_mc_me notice mcpd[5500]: 0107143a:5: CMI reconnect timer: disabled, all peers are connected&nbsp;
Oct 22 11:31:13 f5_2_mc_me err mcpd[5500]: 0107142f:3: Can't connect to CMI peer 192.168.200.28, port:6699, Transport endpoint 
is not connected&nbsp;
Oct 22 11:31:13 f5_2_mc_me notice mcpd[5500]: 0107143a:5: CMI reconnect timer: enabled&nbsp;
Oct 22 11:31:13 f5_2_mc_me notice mcpd[5500]: 01071431:5: Attempting to connect to CMI peer 192.168.200.28 port 6699&nbsp;
Oct 22 11:31:18 f5_2_mc_me notice mcpd[5500]: 0107143a:5: CMI reconnect timer: disabled, all peers are connected&nbsp;
[root@f5_2_mc_me:Standby] config  &nbsp;
Any idea?
Thanks&nbsp;

what_lies_bene1 · Answer

Is MAC masquerade configured on both devices? I don't think any VLAN configuration is synched so perhaps the secondary/standby is missing some configuration?&nbsp;
Also, I've found the order things are done in can have an affect. I would suggest you run 'bigstart restart' on both devices and retest. It might also be better to test by pulling the cables or disabling the switch ports rather than disabling the ports in the GUI.&nbsp;

liviom · Answer

thanks for reply,
* yes, MAC masquerade is configured on both devices;&nbsp;

after completed the configuration of Virtual server, i have replicated the object from f5_1 to f5_2 with sync operation&nbsp;

i have the same result when shoutdown the ports from the switch.&nbsp;

same result after run 'bigstart restart' on both devices&nbsp;

what_lies_bene1 · Answer

Hmmm. Can you provide more information on your HA setup please? Are you using serial cable failover or network failover? Are you also using HA-Groups/Fast Failover? Anything else?&nbsp;

liviom · Answer

below you can see configuration step
device 1)basic configuration --&gt;network advanced configuration (internal net, external net, ha net)&nbsp;
device 2) basic configuration --&gt; network advanced config (the same steps of device 1)--&gt;add peer list  with management of device 1&nbsp;
after, i repeat last step of device2 , on device 1 with managemente device2&nbsp;
The L2 HA vlan is in interface trunk with the other vlans.
I don't use serial cable and ha-groups.
For syc and mirror process, i'm using the the self ip on internal VLan.
For failover process i'm using the self ip that are on HA vlan with the management ip of device.&nbsp;
tnx&nbsp;

what_lies_bene1 · Answer

OK thanks but I'm even more confused. Which VLANs have network failover configured please? Could you post the output of [tmsh] show sys failover and [tmsh] show sys failover network-failover please.

Forum Discussion

High Availability issue on bigip 1600, rel. 11.2.1 HF1

6 Replies

Recent Discussions

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Related Content

Regex issue

Making EKS Anywhere Highly Available and Secure

F5 GTM resolution issue

No Source configuration available when upgrading from 15.1.9.1 to 15.1.10.2

Irule Example Issue