Active Standby HA FO 1 NIC - fadlytabrani/f5-azure-ha-fo GitHub Wiki

Topology

Topology This is a progression from Standalone Device 1 NIC. Changes are highlighted in red in the topology diagram.

Deployment

Create another instance of a BIP-IP device from the Azure marketplace with similar specifications as the first one.

  • The management/self ip(10.4.2.11) must be in the same subnet,
  • Create the cloud_lb_probe_listener virtual server on its selfip.

Modify the Azure load balancer with the following settings:

  • Add the self ip(10.4.2.11) of the second device to the backend pool.

At this point, 50% of requests for the service(1.1.1.1) will fail as the Azure load balancer is forwarding requests in a round-robin fashion to both BIG-IPs. The 2 devices are now in "Active/Active" without any syncing and not aware of each other. The second BIG-IP has no virtual servers configured to respond to requests thus the failures.

The next steps are all done on both BIG-IP devices.

Install the fail-over event scripts on both BIG-IP devices.

# bash
echo tmsh modify ltm virtual _cloud_lb_probe_listener_ enabled>>/config/failover/active
echo tmsh modify ltm virtual _cloud_lb_probe_listener_ disabled>>/config/failover/standby
echo /config/failover/standby>>/config/startup

Change db variables on to ensure configsync features work on 1-nic devices.

# bash
tmsh modify sys db provision.1nic value forced_enable
tmsh  modify sys db provision.1nicautoconfig value disable

Configure the DSC, cluster the devices in a sync and fail-over device group. Configuration is similar with traditional setups with the following differences:

  • The management ip address will be used for configsync and failover.
  • Multicast is not supported, due to cloud fabric limitation.
  • Mirroring is not supported on a management ip address.

Once you have configured the device group, the devices should be configured as an Active/Standby pair.

How Does it Work?

The failover event scripts toggles the state of the cloud_lb_probe_listener virtual server:

  • The virtual server is enabled when the device is transitioning to an active state,
  • And disabled when the device is transitioning to a standby state

This behaviour will in turn indicate to the upstream Azure load balancer which BIG-IP device is able to respond to requests.

Where Do You Go From Here?

TODO

Extend the deployment, Active Active HA FO 1 NIC