HA config in route-domains?

Question

Our enterprise is going through a major network segmentation project (something similar to ITSG 22 and 38 standards). I decided to use route-domains(even though i could have lived without it as it is not a multi-tenant setup) in an active/standy pair.
&nbsp;I am creating different traffic groups for different route domains so that a failure in traffic-group one does not effect the other and only the effected traffic-group failsover.&nbsp;
&nbsp;I am running ver 11.2 hf1 on 1600 platforms.&nbsp;
&nbsp;Have few questions - &nbsp;
&nbsp;1. For each route domain i am defining a seperate external, internal and a HA vlan. The HA vlan is completely private tagged on directly connected links b/w the two 1600s. Should i define a separate HA-vlan for each route domain and then add them to the "failover unicast configuration" one-by-one as I go? It curently just has the mgmt interface and the HA interface of the default route domain. &nbsp;
&nbsp;2. Should I use mac-masqurade address in each traffic-group? I might have a total of 20+ traffic groups/route domains so should i go that far in defining each one with a seperate mac address or just leave it default?&nbsp;
&nbsp;3. Under the "mirroring configuration" I only have the primary local mirror address and the secondary local mirror address of the HA and the Internal interface of the default route domain. I might never do a connection mirroring as majority of the traffic will be HTTP, but just in case I have to do it in the future for a VIP residing in a seperate route-domain, then how will the connections be mirrored b/w the 2 devices for a differnt route-domain as I do not have an option to add another addresses in there?&nbsp;
&nbsp;thnx
&nbsp;Sandev

akhtar_109015 · Answer

Hi Sandev,

did you found answers to your queries ? if yes please share your experience, since I am into the same situation ?

Regards,

Akhtar

sandy16 · Answer

No, it was getting far complicated so I left the route domains config. We just designed it without the route domains.

petewhite · Answer

You should keep your HA config in RD0 rather than provide one for each route domain. Just setup the other details in separate RDs.&nbsp;
Do you have VRRP/HSRP configured in neighbouring routers? If so then you should use MAC masquerading and use a separate MAC address for each traffic group. If you don't use VRRP/HSRP then I can see no reason to use MAC masquerading other than local policy reasons.&nbsp;

joshbecigneul · Answer

Note that a sync-failover cluster can only support 15 traffic groups. I'm working hard with my SE to get this changed as we were using them but bumped our head on the 15 maximum.&nbsp;

ajaypra_161698 · Answer

Hi Josh ,
Can you help me with the failover configuration.
Plan is to use 3 route doamins.
Each route domain with Separate internal /external Interfaces.&nbsp;
what will be the failover configuration ? how many HA vlans needs to be used ?&nbsp;
Thanks &nbsp;

Forum Discussion

HA config in route-domains?

5 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

Related Content

HA Config For F5 LTM

How to find route domain OID

v.10 - A Look at Route Domains

What is the recommended number of route domains for Big-IP-i4800?

F5 BigIP External Authentication and NTP servers in non default route domain.