Forum Discussion

Ben_Noonan's avatar
Ben_Noonan
Icon for Nimbostratus rankNimbostratus
Feb 20, 2018

Using Big-IQ to manage out of sync BIG-IP

Hi,

 

I am trying to understand the behaviour of the BIG-IQ device. I want to know how it interacts with a BIG-IP cluster where the devices become out of sync? I can't seem to replicate this behaviour in my lab and I know the devices in prod have this issue occur especially with ASM on the devices. So can someone explain when pushing config out to a BIG-IP cluster that is out of sync what happens? Does it re-sync the devices? Do they need to be in sync to push config out? etc.

 

Cheers,

 

Ben

 

BIG-IQ
config sync
Super-NetOps

2 Replies

Sort By
  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account
    Feb 21, 2018

    Hi Ben,

     

    Before making any changes to a remote devices configuration (on the BIG-IQ system), I always resolve configuration differences in these two areas:

     

    1) Between the imported configuration and the LTM (deployment evaluation).

     

    2) Between the members of a DSC device group.

     

    Deployments have always failed for me when the DSC group is out of sync, but I always select both devices to update. It would be good to test a single device in the DSC group.

     

    Hope this is somewhat helpful,

     

    Kevin

     

    • Kevin_K_51432's avatar
      Kevin_K_51432
      Historic F5 Account
      Feb 21, 2018

      Quick update to my post after a quick check:

      1) BIG-IQ forces you to select both devices when deploying to a DSC group. 2) My deployments were failing because I didn't override the out of sync condition:

      Under Devices tab
Select the device under Device Name
Look under Cluster properties.
Hit Edit and look for:

  X Initiate BIG-IP DSC sync when deploying configuration changes. (Recommended)

    o Allow deployment when DSC configured devices have changes pending. (Not Recommended)

      Hit the second check-box and you can deploy to an out of sync device group.

      Sounds like a bad idea which is probably why this isn't checked or recommended.

      Hope this is helpful!

      Kevin