Link to home
Start Free TrialLog in
Avatar of ligmania
ligmania

asked on

bigip 4.2 active/standby configuration

I have run into a wall trying to configure bigip 4.2 redundancy on two F5 boxes.  The problem is when i sync my configuration onto the second F5 box i get the redundant pair in a active/active  configuration.  Even when i try to force one down with configuration utility, it will come back to active after a couple of seconds.  I've tried changed the UnitId's around too, like 1-1, 1-2, 2-2 ,2-1.  The documents i have from F5 talk more about active/active than active/standby.  Does anyone have any ideas or more documentation.  thanks
Avatar of Scotty_cisco
Scotty_cisco

Have you looked at the licencing ?  There is a licence file in them that allows the Redundancey I am assuming you are talking the HA units?  The redundancy is setup initially through the ./configure command from the command prompt.

Thanks
Scott
Avatar of ligmania

ASKER

Scott,

After looking at each license each has the product code HA so i assume this is the correct license for redundancy. Maybe the steps i doing are incorrect.  Basically, first i use the config utility to create vlans, ip's, the failover address and unitId #.Then on the second unit i create the same way after i'm done i sync from the first box to the second one.  Would this work to create a active/standby configuration ?
you are running version 4.2??? I have the older version 4.2.7 and it is done via command line on the console in the initail setup can you console in and run the configure command?

Thanks
scott
Should their be a unitId configured on both boxes before the sync takes place or will the sync assign the unitID ?
the initial config asks which one is primary and for the IP of the secondary so it gets assigned automatically
How can i clear the configuration on a bigip unit?  I want to start from a clean slate.
you have access through the console?  cd /config/

there should be a file called bigip.conf or something like that.

Thanks
I deleted the bigip.conf and someother default files and rebooted.  The box still shows active for unitids 1 and 2.  All i need to do now is to get this box to stop being active.  I'm puzzled why after I run the config utility and say it is not a redundant system, the box still shows active for unitid's 1 and 2.  What am i doing wrong here ?
This might be a stupid question but do you have the serial failover cable connected between the two units?  If not, did you configure the two boxes to use network failover?  The BigIP by default is configured to use hardware failover and if the failover cable is not present both boxes will go active unless you have manually configured it for network failover.  
In the case of network failover it will take about 15 - 30 seconds for the hartbeats to go through the network and the election of active/standby to happen, during this short period both boxes will be active/active.
Cloz,

I realized i did not have the serial cable connected, thus both my units stayed in active mode.  After attaching the serial cable they became active/standby, but I did configure network failover.  From what i understand from BIG-IP docs is that you can use both hard-wired serial cable failover and network failover.  From testing i noticied that when the failover cable is attached network failover doesn't work, by that i mean if i take out the ethernet cable from the active unit the standby unit doesn't because active.  I would rather use network failover but my problem is that i can only keep the units in active/standby mode by attaching the failover cable and by doing so network failover doesn't work because the failover isn't detected by the standby unit.  How can i keep the two units in active/standby mode without use of the failover cable?
I have discovered VIA F5 this is a licence issue ... AAARGGGGHHH as I have the same thing going on to an extent luckily I have support so I will upgrade the code and hope it fixes the issue.

Thanks
scott
Scotty_cisco,

Very curious about the license issue!  What particular license do you need ?  I have the HA license's for both machines .
The HA if you have that then not a problem .... I had to get the correct licence on one of my boxes to get either to work is what I was eluding to. What platform is this on the LTM or GTM I am going to be running 9.1.2 when I am done I have found not many people at F5 know the older 4.x product very well.

thanks
Scott
Scotty,

We are running on older 4.2.x, what are the support costs ?
are they currently not under support? if so how long have they been out of support?

If they are not supported currently and have been out of support for anytime at all forget it buy new!!! they are cheaper to use another vendor.

F5 is the only company with network gear that requires a recertification fee that I was aware of... each unit to have it recertified is over 5K the support is like 2500 after that we support 2 3DNS boxes because our BIGIP's were EOL and they cost us 15k to cover for 1 year.  Then we purchased 3 new BIGIP LTM 1500's because the old BIGIP HA units we had could no longer be supported.

I would seriously look at coyotepoint as a replacement they seem to do everything the F5's do and are a hell of a lot less expensive.  F5 for loadbalancing used to be the only one in the game but not so now. When it comes time to replace the ones we have just purchased I will strongly recomend that they look at other vendors.  See the link below for coyote point.

http://www.coyotepoint.com/

Thanks
Scott
Thx Scotty I will look at the coyotepoint when and if we replace the F5's.
ASKER CERTIFIED SOLUTION
Avatar of Carlos Hernandez
Carlos Hernandez
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I have to admit that I have not worked directly with the coyotepoint but I can tell you value for the dollar is not on the F5 side.  I can cover any cisco product without having to do a recertification BS and support is going to be better on the cisco side too as well as documentation.  

Sorry just not really impressed with F5 at all... been working with them now for awhile and I would much rather work with the cisco in bridge mode's and not deal with the problems with an OS based system.  Try doing a password recovery sometime on an F5 box and see how that goes... I had to rebuild my 3dns box completely because I could not recover the password.

Thanks
Scott
Thanks guys for your feedback, it was very helpful.  The feature that does what i need is the "arm Failsafe".  I tested it today and it works well.    Thanks again everyone.
We haven't had to deal with recertification b/c none of our boxes have ever lapsed in support coverage and were brought directly from dealers, but recertification is not unique to F5. Many equipment manufactures that deal with OEMs will require a recertification on products that were purchased from none authorized dealers.

I don’t see how running a Cisco in bridge mode would be a solution for load balancing.  As for OS base systems, almost all load balancers on the market today are OS base including Cisco’s own CSS, CSM and ACE (These do not run IOS).  If I can easily circumvent a password on an appliance then I don’t want it in my shop…IMHO  

As with most appliances on the market re-imaging an F5 to recover it takes about 20 minutes.  PXE Boot or CD Boot, then console in and selected the options of where you want to load the new image, wait about 10 minutes while it loads. Finally restore the backups and the box is good to go.

Cheers,
CLoz
ligmania,

Glad to hear things worked out.

Good Luck.
CLoz