F5 and Cisco ASR SLA

Question

Hi,&nbsp;
I have a scenerio where we have two F5s (Active / Standby) mesh connected to Cisco ASR 9000 routers with /31 subnets for the mesh connecitivty.&nbsp;
How can we implement SLA on the Cisco ASR to detect which F5 is active and change the routing accordingly?&nbsp;
We used ICMP but that is not working because when failover occurs the Active unit that went into Standby still responds to ICMP requests.&nbsp;
Any idea how i can do this with a VS or some clever iRules or something?&nbsp;
Anyone with experience connecting F5 in this way and how it was done to automatically detect wich F5 is active and change the routing accordingly?&nbsp;

what_lies_bene1 · Answer

I'm not sure quite what you mean by 'mesh' but I'd suggest you expand your subnet a bit and use a floating IP on the F5s and point your routes to it. This removes the need for IPSLA entirely and simplifies things quite a bit.

eax_25745 · Answer

By mesh i mean that both F5s are connected to both ASRs in a mesh. i.e. each F5 have a connection to each one of the two ASRs.&nbsp;
Currently we have 4 x /31 subnet that directly connects the F5s to the ASRs and then another /29 subnet that we use for the floating IP. The problem is that we are having trouble with the routing to the floating IP subnet as we can't route that subnet to the floating IP which is in the same subnet? Hope this makes sense. So lets say we have a 1.1.1.1/29 subnet in which the floating resides, on the ASR we want to route all traffic destined for 1.1.1.1/29 to F5s but can't route that subnet to an IP in the same subnet.&nbsp;

what_lies_bene1 · Answer

Why not use a single subnet for your mesh which the floating IP is part of? Especially if you use MAC Masquerade the failover will be seemless and again, there will be no need for IPSLA (but you will need HSRP). Then use the 1.1.1.1/29 just for your Virtual Servers (assuming that's its primary purpose)? 
&nbsp;  
&nbsp; Without a common network between the four devices (as you've found) you are making life very difficult for yourself. 
&nbsp;  
&nbsp; I wonder how the return traffic routing works at present too, if an ASR fails?

emptysky_137885 · Answer

Hi EAX,
 Have your problem been solved? Seem currently we are facing the same issue as you, wanna some advice from u.
Thanks

aj1 · Answer

Hi EAX,&nbsp;
Have you found a way to do this. I have the same topology - an active/standby viprion pair directly connected (full mesh) to two upstream routers (Juniper MXs) via BGP (both viprions are in the same AS), and its not working right. Basically a link failure results into the routers pointing to the standby unit as the next-hop. &nbsp;
I am not using any floating-IPs (like its recommended internally) on the external VLANs. I would like to keep it that way and instead use some PBR (or IP SLA or BGP attributes or iRules) so that the upstream routers can detect the active and the standby unit and change the next-hop accordingly in the event of a failover. The zebos implementation for BGP4 does not seem to have IP SLA, so thats out of question, I guess.&nbsp;
Is there a way I can have active/standby viprion pair connected to two upstream routers using /30 links, to point to the right next-hop address when the active unit goes down. And all of this w/o using floating-IPs.&nbsp;
Any help appreciated.&nbsp;

Forum Discussion

F5 and Cisco ASR SLA

9 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Transaction looks successful but file not downloading

Related Content

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Three Attached Deployment

Deploying F5 Distributed Cloud (XC) Services in Cisco ACI - Layer Two Attached Deployment

Integrating SSL Orchestrator with Cisco WSA Virtual Edition

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Options