Forum Discussion

computerli's avatar
computerli
Icon for Altostratus rankAltostratus
Aug 07, 2018

ConfigSync on virtual F5

I need help configuring the Configsync

 

I initially had two virtual F5s running trial 90 day License. I purchased the Lab licenses and installed on the virtual F5s. The license is configured and shows "License Type = Production". I want to configure active/standby configuration. I have already setup the "device trust" and created the "device group". But for some reason the devices are not syncing. Active device shows "Changes Pending" and Standby device shows "Not all Devices Synced".

 

I have gone through https://support.f5.com/csp/article/K13946troubleshooting and verified all settings.

 

Output from Active Device:

 

tmsh show /cm sync-status

 

CM Sync Status

 

Color yellow

 

Status Changes Pending

 

Mode high-availability

 

Summary Details

 

BIGIP-F5-2.w2k16.com: connected

 

dg_2 (Changes Pending):

 

  • 1 devices with older configuration

Recommended action: Synchronize this device to group dg_2

 

Output from Standby Unit

 

tmsh show cm sync-status

 

CM::Sync Status

 

Color red

 

Status Not All Devices Synced

 

Mode high-availability

 

Summary

 

Details

 

BIGIP-F5-1.w2k16.com: connected

 

dg_2 (Not All Devices Synced)

 

  • BIGIP-F5-2.w2k16.com did not receive the last sync successfully

     

  • Recommended action: Synchronize BIGIP-F5-1.w2k16.com to group dg_2

     

root@(BIGIP-F5-1)(cfg-sync Changes Pending)(Active)(/Common)(tmos) show /cm device all

 

CentMgmt Device: BIGIP-F5-1.w2k16.com

 

Hostname BIGIP-F5-1.w2k16.com

 

Mgmt Ip 192.168.137.112

 

Configsync Ip 192.168.93.101

 

Mirroring IP ::

 

Mirroring Secondary IP ::

 

Failover Multicast IP ::

 

Failover Unicast IP(s) 192.168.93.101

 

Device HA State active

 

Device HA Load Capacity 0

 

Device Current Load Factor 1

 

Device Next Active Load Factor 0

 

Time Delta to Local Device (sec) -

 

CentMgmt::Device: BIGIP-F5-2.w2k16.com

 

Hostname BIGIP-F5-2.w2k16.com

 

Mgmt Ip 192.168.137.113

 

Configsync Ip 192.168.93.102

 

Mirroring IP 192.168.93.102

 

Mirroring Secondary IP ::

 

Failover Multicast IP 0.0.0.0

 

Failover Unicast IP(s) management-ip, 192.168.93.102

 

Device HA State standby

 

Device HA Load Capacity 0

 

Device Current Load Factor 0

 

Device Next Active Load Factor 1

 

Time Delta to Local Device (sec) 0

 

I have also force the config sync without any sucess tmsh run cm config-sync force-full-load-push to-group dg_2

 

Any idea what is missing here

 

6 Replies

  • The 1st thing I will check is the config sync ip addresses used and see if if the devices can see each other via ping at least from each config sync ip addresses . Check the config sync self ip address If not mistaken in version 12. upwards the default self ip allow configuration is allowed none. you can change it to allow default which includes the config sync port number then test your config sync again. regarding your second question please read the links below very good material from f5 to guide you understanding the f5 HA concepts

     

    • computerli's avatar
      computerli
      Icon for Altostratus rankAltostratus

      Self IPs are pingable , Port are also responding. I have change the Port lockdown to "Allow All"

       

    • Sukesh123456's avatar
      Sukesh123456
      Icon for Altostratus rankAltostratus

      Hi DTN,

       

      can you run a config load tmsh load sys config from your text based config on both units and then try and run a sync.

       

      tmsh run cm config-sync to-group device-group-failover

       

      Please share the logs while you do it .

       

  • Hi,

    I have noticed that on "BIGIP-F5-2.w2k16.com" you have "Mirroring IP 192.168.93.102" which not exist on "BIGIP-F5-1.w2k16.com", so first i would suggest to disable the mirroring on the device and configure Specific "Connection Mirroring" Per VS. OR, setup the primary mirroring ip "BIGIP-F5-1.w2k16.com" Self IP on both units in the Traffic group & secondary mirroring ip on both units. run this command to see the status of the HA mirror status - tmsh show sys ha-mirror. it should look like this :

    On Active Device
    
    Sys::HA Mirror Status
    
    Traffic Group      TMM    Primary  Secondary  Aborts  Overflows  Errors  Buffered  L4 Mirror  L7 Mirror  L7 Failed
    
    traffic-group-1  [0.0]  connected     closed       1          0       0         0          0          104          64
    
    traffic-group-1  [0.1]  connected     closed       1          0       0         0          0          106          58
    
    On Standby Device:
    
    Sys::HA Mirror Status
    
    Traffic Group      TMM    Primary  Secondary  Aborts  Overflows  Errors  Buffered  L4 Mirror  L7 Mirror  L7 Failed
    
    traffic-group-1  [0.0]  connected     closed       1          0       2         0          0          40          0
    
    traffic-group-1  [0.1]  connected     closed       1          0       2         0          0          50          0
    

    Hope it helped, Shiran.

    • Shiran_Cohen's avatar
      Shiran_Cohen
      Icon for Nimbostratus rankNimbostratus

      Hi DTN, I'm glad it's working now but i have a lot of customers with any 13 versions & all of them are syncing. so, there is some mismatch between version specifically on your devices. Maybe some irule with "()" this kind of Braces ? Just to be sure try to "tmsh load sys config verify" to see errors / warnings. Have a nice upgrade - it should work.

       

      Best Regards, Shiran Cohen.