F5 BigIP Cluster

Here is a sort of "Best practices guide" for a Cluster configuration on F5's Big-IP devices, I will refer to the configuration of two devices but same applyed to a larger cluster.

First of all we need to make sure

  • Our license is valid
GUI - System ›› License
CLI - show /sys license 
  • Date and time are synced 
GUI - System ›› Configuration ›› Device ›› NTP
CLI - tmsh list /sys ntp servers or ntpq -npdate or date -s "Day Month Year HH:mm:ss"
  • both devices have a VLAN for the sync, hopefully it's a point to point link connected between both devices

Layer 2 - Network ›› VLAN ›› Create

CLI > tmsh create net vlan Sync interfaces add { 1.1 }
Layer 3 - Netwok ›› Self IPs ›› Create

CLI > tmsh create net self Sync vlan Sync allow-service default address
An important note here is the "Port Lockdown" - make not to use "allow none" as it will not allow sync traffic between the devices. other than that - only the IP\Subnet configuration.

Append the P2P to the cluster mechanism - Device Management ›› Devices ››<DEVICE_NAME> ››Device Connectivity 
ConfigSyn (The interface will be used for synchronizing the configuration between the devices) 

**It is highly recommended to use a "real" network Vlan for the failover interface this way a problem with the Vlan which is actually used for traffic will cause a faileover.

Mirroring ( the interface used to synchronize connection tables between the devices ) :

CLI > tmsh modify cm device <Device_Name> configsync-ip mirror-ip unicast-address { { effective-ip effective-port cap ip } }

I like to resetting the device trust prior configuring the cluster so that any leftovers of privious config will be cleared and the local certificate will be regenerated.
To do so - Device Management ›› Device Trust  ›› Reset Device Trust

At this point we are done with the preparations.

From one of the devices go to -  Device Management ›› Device Trust : Peer List ›› Create
I Like using the P2P IP's but it's an identifier only so Management IP are good as well.

After clicking "Retrieve Device Information" we should get the 2nd device's certificate, IP  and couple more details. 
To make sure connectivity is correct, go to Device Management ›› Devices 
In case of a problem one of the devices will be red ( disconnected )  in which case check steps above the steps above

Next group the devices - Device Management ›› Device Groups
    CLI - tmsh create cm device-group sync-fail devices add { <Device_Names> } network-failover enabled
    The Type should be Sync-Failover and both devices are selected.

    Now one of the devices will become standby ( If not - check steps above)

    Now all we have to do is initiate a sync between the devices - Device Management ›› Overview  ›› Sync
    CLI - run cm config-sync to-group sync-fail
    Select the device containing the newest configuration, select "Sync Device to Group" and click "Sync"

    I like to create a more proactive configuration by adding a pool which consists of a couple of servers as the representation of the LAN and the ISP \ FW as the representation of the WAN, so as long as this pool is active we have both LAN and WAN connectivity from the device and if the pool fails F5 lost WAN\LAN access so we need to failover.
    Then add the pool as a trigger for a failover - System ›› High Availability 
    CLI - create sys ha-group HA active-bonus 0 enabled pools add { <Pool_Name> { weight 80 } }
    *The highest Weight will become active

    Hope this post was helpful, If it was please consider a donation:
    BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
    LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR

    1 comment:

    1. The development of artificial intelligence (AI) has propelled more programming architects, information scientists, and different experts to investigate the plausibility of a vocation in machine learning. Notwithstanding, a few newcomers will in general spotlight a lot on hypothesis and insufficient on commonsense application. machine learning projects for final year In case you will succeed, you have to begin building machine learning projects in the near future.

      Projects assist you with improving your applied ML skills rapidly while allowing you to investigate an intriguing point. Furthermore, you can include projects into your portfolio, making it simpler to get a vocation, discover cool profession openings, and Final Year Project Centers in Chennai even arrange a more significant compensation.

      Data analytics is the study of dissecting crude data so as to make decisions about that data. Data analytics advances and procedures are generally utilized in business ventures to empower associations to settle on progressively Python Training in Chennai educated business choices. In the present worldwide commercial center, it isn't sufficient to assemble data and do the math; you should realize how to apply that data to genuine situations such that will affect conduct. In the program you will initially gain proficiency with the specialized skills, including R and Python dialects most usually utilized in data analytics programming and usage; Python Training in Chennai at that point center around the commonsense application, in view of genuine business issues in a scope of industry segments, for example, wellbeing, promoting and account.