LTM Route-Domains and VLAN Fail-safe

Question

Hi, &nbsp;
Configured paid of F5 devices on Active/passive HA. Sync VLAN is in the common partition. I have another partition which is associated with a route-domain let say RDA. VLAN 100 is in the RDA and configured virtual servers, pool, nodes. etc. Everything is  fine so far. The fail-over works when one of the devices goes down. But how do I enable the VLAN fail-safe in this situation. ? &nbsp;
When I enabled the vlan failsafe and brought down the port-channel interfaces on the switch which are connecting to the active unit, the failover did not happen, the unit1 was still remaining as active unit, though its interfaces (trunk) are down. &nbsp;
Can someone help me understand what am I doing wrong here.? &nbsp;
Thanks
Ganesh&nbsp;

what_lies_bene1 · Answer

I really hate HA in TMOS; mainly because I just can't fully get my head around it. Anyway, there's a few possibilities. To start with, do you have network failover configured? Anything else?&nbsp;

ganesh_iyyappa1 · Answer

Yes, The HA has only network fail-over due to the distance. &nbsp;

stephanmanthey · Answer

The HA concept is still work in progress as there is no association between the so called HA group feature and traffic groups.&nbsp;
Anyway, we have to deal with the current features and we are limited to legacy methods as are:   &nbsp;
VLAN Fail-Safe  Gateway Fail-Safe  
and the new &nbsp;
HA Group
Make sure to use HA Group only or VLAN / Gateway Fail-Safe as alternative approach. &nbsp;
VLAN Fail-Safe needs to be activated per VLAN and will not be synchronized.&nbsp;
Make sure to apply it to production VLANs only, be conservative with the timeout (stay at least above 30 seconds) and use the failover action 'failover'. Otherwise it might be required to start the unit in single user mode to get out of a never ending loop ... &nbsp;
Gateway Fail-Safe will require to create two pools (which will be synchronized).&nbsp;
One Pool will assigned per device to be monitored as a failover trigger. This is a unique mapping. &nbsp;
Both with VLAN Fail-Safe and Gateway Fail-Safe you can face a standby/standby if both devices do not have the required resources! &nbsp;
An HA Group may contain pools of servers, aggregated links (trunk) and number of available blades (VIPRION only). Especially the trunk monitoring allows a pretty fast failover by using the bi-directional LACP protocol for link verification.&nbsp;
Using HA Groups requires some more brainwork as you need to calculate a proper balance of assigned wheigts and active bonus.&nbsp;
As mentioned before the HA Groups are fine to run v11 in active/standby because by now only a single HA Group per device can be created. &nbsp;

akhtar_109015 · Answer

Ganesh, were you able to fix this up ?

Forum Discussion

LTM Route-Domains and VLAN Fail-safe

4 Replies

Recent Discussions

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Help with URL Masking

Related Content

FQDN nodes in non-default route domains

How to find route domain OID

v.10 - A Look at Route Domains

TMSH CLI script to add/remove a single VLAN from a route-domain (iControl-callable)

What is the recommended number of route domains for Big-IP-i4800?