<\/span><\/h2>\nStateful failover ensures that each device has a copy of the state information (such as connection information, persistence data etc). At the point of failover connections through the newly prompted node can continue.<\/p>\n
Note<\/strong><\/em> : It is also worth noting that mirroring is enabled on a per profile basis.<\/p>\nMirroring<\/strong> – Mirroring is the feature used to synchronise the active devices real time connection and\/or persistence state information to the standby system.
\nConnection Mirroring<\/strong> – Connection mirroring is enabled on a per virtual server basis and is disabled by default (due to the overhead required).
\nPersistence Mirroring<\/strong> – Though Persistence Monitoring is disabled by default it typically should always be enabled apart from when cookie persistence is being used.
\nSNAT Connection Mirroring<\/strong> – SNAT mirroring is configured from within each SNAT. The active system must keep track of the ports and connections held within the connection table. In the event of failover the newly promoted node must have a copy of these records to ensure that SNAT connections are maintained.<\/p>\n<\/span>MAC Masquerading<\/strong><\/span><\/h2>\nAt the point of failover BIGIP sends a gratuitous ARP to ensure that neighbouring ARP caches are updated. This however can cause issues when the gratuitous ARP is ignored and subsequent traffic is sent to the old MAC address. MAC Masquerading allows the BIGIP to maintain a virtual MAC address for each VLAN.
\nMAC Masquerading is configured via the ‘VLAN \/ Advanced’ configuration section. A typical value that is used when configuring MAC Masquerading is to set the first byte of the MAC address to 0x02 i.e if the MAC address of one of your systems is 00:00:00:00:00:01 the Masqueraded MAC address would be 02:00:00:00:00:01.<\/p>\n
<\/span>Configuration Example<\/strong><\/span><\/h2>\nWithin this example we will configure a HA setup using network failover.<\/p>\n
Note : The following configuration settings were pulled from the bigip.conf and bigip_base.conf configuration files.\r\n\r\n##################\r\n##### UNIT 1 #####\r\n##################\r\n\r\nself 172.16.1.80 {\r\n netmask 255.255.255.0\r\n unit 1\r\n floating enable\r\n vlan EXTERNAL\r\n allow all\r\n}\r\nself 192.168.1.80 {\r\n netmask 255.255.255.0\r\n unit 1\r\n floating enable\r\n vlan INTERNAL\r\n allow all\r\n}\r\nconfigsync {\r\n auto detect enable\r\n}\r\nmgmt 2.2.2.2 {\r\n netmask 255.255.255.0\r\n}\r\nvlan EXTERNAL {\r\n tag 4094\r\n failsafe enable\r\n timeout 10\r\n failsafe failover\r\n interfaces 1.1\r\n}\r\nvlan INTERNAL {\r\n tag 4093\r\n failsafe enable\r\n timeout 10\r\n failsafe failover\r\n interfaces 1.2\r\n}\r\nself 172.16.1.70 {\r\n netmask 255.255.255.0\r\n vlan EXTERNAL\r\n allow all\r\n}\r\nself 192.168.1.70 {\r\n netmask 255.255.255.0\r\n vlan INTERNAL\r\n allow all\r\n}\r\nfailover {\r\n force active disable\r\n peer mgmt addr 1.1.1.1\r\n unicast peer F5HA {\r\n dest addr 172.16.1.71\r\n port 1026\r\n source addr 172.16.1.70\r\n }\r\n}\r\nstatemirror {\r\n addr 172.16.1.70\r\n peer addr 172.16.1.71\r\n}\r\nsystem {\r\n gui setup disable\r\n hostname \"bigip1-unit1.home\"\r\n}\r\n\r\n##################\r\n##### UNIT 2 #####\r\n##################\r\n\r\nself 172.16.1.80 {\r\n netmask 255.255.255.0\r\n unit 1\r\n floating enable\r\n vlan EXTERNAL\r\n allow all\r\n}\r\nself 192.168.1.80 {\r\n netmask 255.255.255.0\r\n unit 1\r\n floating enable\r\n vlan INTERNAL\r\n allow all\r\n}\r\nconfigsync {\r\n auto detect enable\r\n}\r\nmgmt 1.1.1.1 {\r\n netmask 255.255.255.0\r\n}\r\nvlan EXTERNAL {\r\n tag 4093\r\n failsafe enable\r\n timeout 10\r\n failsafe failover\r\n interfaces 1.1\r\n}\r\nvlan INTERNAL {\r\n tag 4094\r\n failsafe enable\r\n timeout 10\r\n failsafe failover\r\n interfaces 1.2\r\n}\r\nself 172.16.1.71 {\r\n netmask 255.255.255.0\r\n vlan EXTERNAL\r\n allow all\r\n}\r\nself 192.168.1.71 {\r\n netmask 255.255.255.0\r\n vlan INTERNAL\r\n allow all\r\n}\r\nfailover {\r\n force standby disable\r\n peer mgmt addr 2.2.2.2\r\n unit 2\r\n unicast peer F5HA {\r\n dest addr 172.16.1.70\r\n port 1026\r\n source addr 172.16.1.71\r\n }\r\n}\r\nstatemirror {\r\n addr 172.16.1.71\r\n peer addr 172.16.1.70\r\n}\r\nsystem {\r\n gui setup disable\r\n hostname \"bigip1-unit2.home\"\r\n}\r\n<\/pre>\n<\/span>Unit 1 – Primary<\/strong><\/span><\/h4>\nSet Redundancy \/ Unit ID<\/strong><\/p>\n\n- Within ‘System \/ Platform \/ General Properties’ set the High Availability to ‘Redundant Pair’.<\/li>\n
- Within ‘System \/ Platform \/ General Properties’ set the Unit ID to ‘1’.<\/li>\n<\/ol>\n
Set Floating IP`s<\/strong><\/p>\n\n- Within ‘Network \/ Self IPs’ create a new self IP. This will act as a VIP. Add the IP \/ Netmask and select Floating IP along with a Unit ID of ‘1’.<\/li>\n<\/ol>\n
Set Failover Options<\/strong><\/p>\n\n- Within ‘System \/ High Availability \/ Network Failover’ and enable Network Failover along with adding the peer management IP address (note this must exactly match the peer management IP address other wise both units will become active). Within the unicast section configure the following settings:<\/li>\n<\/ol>\n
– Configuration Identifier: F5HA
\n– Local Address: <LOCAL IP ADDRESS>
\n– Remote Address: <PEER IP ADDRESS>
\n– Port: 1026<\/p>\n
<\/span>Unit 2 – Standby
\n<\/strong><\/span><\/h4>\nSet Redundancy \/ Unit ID<\/strong><\/p>\n\n- Within ‘System \/ Platform \/ General Properties’ set the High Availability to ‘Redundant Pair’.<\/li>\n
- Within ‘System \/ Platform \/ General Properties’ set the Unit ID to ‘2’.<\/li>\n<\/ol>\n
Set Floating IP`s<\/strong><\/p>\n\n- Within ‘Network \/ Self IPs’ create a new self IP. This will act as a VIP. Add the IP \/ Netmask and select Floating IP along with a Unit ID of ‘1’.<\/li>\n<\/ol>\n
Set Failover Options<\/strong><\/p>\n\n- Within ‘System \/ High Availability \/ Network Failover’ and enable Network Failover along with adding the peer management IP address (note this must exactly match the peer management IP address other wise both units will become active). Within the unicast section configure the following settings:<\/li>\n<\/ol>\n
– Configuration Identifier: F5HA
\n– Local Address: <LOCAL IP ADDRESS>
\n– Remote Address: <PEER IP ADDRESS>
\n– Port: 1026<\/p>\n
<\/span>Configuration Options<\/strong><\/span><\/h2>\nBelow details the various configuration options available from within System \/ High Availability via the Web UI.<\/p>\n
Redundancy<\/strong> – General Properties such as state preference etc.
\nConfigSync<\/strong> – Defines how the configuration is synchronized between nodes.
\nNetwork Failover<\/strong> – Defines the parameters for Network Failover (standby unit determining the status of the active unit).
\nNetwork Mirroring<\/strong> – Defines the addresses that are used to mirror connections and session persistence records between the systems.
\nHA Group<\/strong> – Defines the parameters for configuring a HA group. An HA group is a set of trunks, pools, or clusters (or any combination of these) that you want the BIG-IP system to use to calculate an overall health score for a unit in a redundant system configuration
\nFail-safe<\/strong> – Defines the various Failover Triggers. Such as VLAN Failsafe, Daemon Heartbeats etc.<\/p>\n<\/span>Commands<\/strong><\/span><\/h2>\nBelow shows some of the main commands that can be used to administer HA from the command line.<\/p>\n
(tmsh)
\n<\/em>run sys config-sync – <\/strong>push\/sync config to peer
\n<\/strong><\/em><\/p>\n(bigpipe)
\n<\/em>bigtop<\/strong> – Confirm system state
\nb failover standby<\/strong> – Force to standby mode
\nb ha table<\/strong> – show ha table
\nb ha table failures<\/strong> – show ha table failures
\nb config sync all<\/strong> – sync configuration<\/p>\n