Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

F5 Load Balancer - Active/Standy switching role controlling failover

Posted on 2014-04-02
8
Medium Priority
?
739 Views
Last Modified: 2015-01-08
Running 2 F5 load balancers in a Active/Standby role, running version 10.2.1.
Although in a normal failover scenario it works fine but, recently within the data centre they are hosted, there was a power issue and the Active lost power. The standby took control as expected. They use the serial connection to advertise each other. So, the power on the original Active was restored then  lost a few times ,with the switch it was connected also not available. The result being, all connections were being sent to the Active which had no switch to send connections to or receive so causing timeout for traffic.

So, how do I in this scenario stop the "active" device on having power restored stop becoming the ACTIVE load balancer . Actual fail back needing a manual fail back not automated as in a Cisco ASA active/failover scenario.
0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39973974
You need to change the preferred HA state to none on both F5's.

However you should setup a fail over check that would detect the F5 not having a valid path.  Depending on your setup defining a fail-safe gateway pool should work.
0
 

Author Comment

by:ccfcfc
ID: 39974513
Sounds a good plan but, as soon as you put one of the devices Redundancy State Preference to NONE both devices start to become "active" . So not sure if you have the steps to stop this actvity.  So LB-01 is in Active/Standby and currently set to Active and LB-01 set to Standby. What ever way I change state Preference to "NONE" they start to fight for Active role.
In principle it seems it should work as, if the Active ever fails and control goes to the Standby you dont want the original Active to take control until you do a manual fail back. It seems I cant get them to operate in an active/standby mode when I change the Redundancy State Preference on either box.
If that makes sense.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39974720
--> Sounds a good plan but, as soon as you put one of the devices Redundancy State Preference to NONE both devices start to become "active"

Then there is a configuration issue someplace.

Do you have Fail Safe VLAN's or Gateways configured?

Have you loaded your config in F5's iHeath?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:ccfcfc
ID: 40003665
No we do not as we use the serial connector for detecting physicsl failure. Based on geography and the network setup this was seen as the best method opposed to setting up a VLSN to detect for any errors or issues.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40003700
The serial connection will only help detect a full failure of a F5.  This will not help if you lose a network path between the F5 and another network device.

Do you have two diverse physical (L2) connections from each F5 to different network devices for each logical (L3) network?
0
 

Author Comment

by:ccfcfc
ID: 40061512
No, I was told by F5 direct that whereas you can put diverse conenctions it, this is not a good idea and or possible with a physical 1600. Perhaps this has changed with v11 of the software. I have a single 1 to 1 L2 link between F5 and switch for traffic by L3.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 40061808
You need to use either Fail Safe VLAN's or Gateways or both depending on your setup.
0
 

Author Comment

by:ccfcfc
ID: 40074362
ok I shall look into it
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question