One-Arm Mode Migration
Hi Experts,
We're running F5 BIG-IP 2200 v15.1.2.1 (Build 0.0.10) appliances on HA and planning to migrate it to i2000 series (HA).
Currently, the config is one-arm mode and we've been asked to do a phased approach. Can you please assist if this is the correct approach?
Traffic flow: Internet -> NAT/policy on Firewalls for that VIP -> F5 (Auto-map) -> Backend servers
Current F5 config for VLAN: 126:-
Primary F5 Self IP: 10.126.1.4
Secondary F5 Self IP: 10.126.1.5
Floating IP: 10.126.1.6
VIP: 10.126.1.10
Proposed F5 config for VLAN 126:-
Primary F5 Self IP: 10.126.1.7
Secondary F5 Self IP: 10.126.1.8
Floating IP: 10.126.1.9
VIP: 10.126.1.10
We'll be building a parallel F5 (with different Self and floating IPs for each VLAN) and the VIP: 10.126.1.10 would be disabled on the Production F5 and enabled on the UAT F5 for testing.
Once testing is completed, similar approach would be carried for next application/VIP on the same VLAN, followed by other VLANs. In case of any issues, it's just a matter of disabling and re-enabling the VIP as needed.
In this scenario, VIP IP remains the same and the gateway will be the firewalls for the backend servers.
is it doable for the phased migration to happen? Thanks in advance.
Sounds ok to me. Just check that the ARP is enabled on the virtual address of the VIP. By default it is, but to be sure please check.
In case you have issues make sure you check the arp table on the firewall and the vip ip is pointing to the right mac address. Probably it be good to check this before you migrate a vip , and record the mac address so you can compare it.
Sri_Narasimha_05 the UCS restore overrides all configuration of the new device when imported last I had to do one with the exception of validating various difference between platforms when you use the platform migrate. You might try a UCS restore on a virtual appliance first in a sandbox to see exactly what happens.