Forum Discussion

Chris1269_13050's avatar
Chris1269_13050
Icon for Nimbostratus rankNimbostratus
Mar 30, 2016

Why is our F5 mgmt ip polling our OLD HA self IP on port 1026 after this was changed?

We recently migrated our old HA VLAN / SIP out of our common partition into a new one used for Local Traffic. We created a new HA VLAN / SIP and this is used for both fail over / config synch and is working as expected.

 

However, since the change, we are seeing Firewall denies (verified by a TCPdump of eth0) from the management IP of our primary device (src port: 36425) to the OLD HA Sip for our secondary device (dst port: 1026).

 

As i understand, UDP 1026 is what the F5 uses for fail-over polling so I'm unclear why the F5s are still polling this way. Has anyone else experienced this?

 

Please note that the old SIP is still being used on the f5, within another partition and no longer for fail-over.

 

Thanks :)

 

application delivery
BIG-IP
LTM

2 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Mar 30, 2016

    Hi,

     

    When changing HA interface, you need to:

     

    • create the new HA Network
    • Create the self IP of the first member
    • Create the self IP of the secondary member
    • move all HA interfaces to the new self IP of the first member in Device configuration (Device Manager member)
    • check all informations are synchronized to the secondary member
    • move all HA interfaces to the new self IP of the secondary member in Device configuration (Device Manager member)
    • check all informations are synchronized to the first member
    • then remove old Self IPs.

    If you did not check that IPs are synchronized and remove old IPs too fast, some informations may keep the old IPs.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Mar 30, 2016

    in TMSH on each devices, list configuration of both devices:

    On device 1:

    root@(device1)(cfg-sync In Sync)(Active)(/Common)(tmos)list cm device device1
root@(device1)(cfg-sync In Sync)(Active)(/Common)(tmos)list cm device device2

    On device 2:

    root@(device2)(cfg-sync In Sync)(Standby)(/Common)(tmos)list cm device device1
root@(device2)(cfg-sync In Sync)(Standby)(/Common)(tmos)list cm device device2

    Find the wrong IPs and change it with command :

    root@(device2)(cfg-sync In Sync)(Active)(/Common)(toms) modify cm device device1 configsync-ip XX.XX.XX.XX
root@(device2)(cfg-sync In Sync)(Active)(/Common)(toms) modify cm device device1 mirror-ip XX.XX.XX.XX
...