Improve company productivity with a Business Account.Sign Up

x
?
Solved

F5 Load Balancer - Active/Standy switching role controlling failover

Posted on 2014-04-02
8
Medium Priority
?
853 Views
Last Modified: 2015-01-08
Running 2 F5 load balancers in a Active/Standby role, running version 10.2.1.
Although in a normal failover scenario it works fine but, recently within the data centre they are hosted, there was a power issue and the Active lost power. The standby took control as expected. They use the serial connection to advertise each other. So, the power on the original Active was restored then  lost a few times ,with the switch it was connected also not available. The result being, all connections were being sent to the Active which had no switch to send connections to or receive so causing timeout for traffic.

So, how do I in this scenario stop the "active" device on having power restored stop becoming the ACTIVE load balancer . Actual fail back needing a manual fail back not automated as in a Cisco ASA active/failover scenario.
0
Comment
Question by:ccfcfc
  • 4
  • 4
8 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39973974
You need to change the preferred HA state to none on both F5's.

However you should setup a fail over check that would detect the F5 not having a valid path.  Depending on your setup defining a fail-safe gateway pool should work.
0
 

Author Comment

by:ccfcfc
ID: 39974513
Sounds a good plan but, as soon as you put one of the devices Redundancy State Preference to NONE both devices start to become "active" . So not sure if you have the steps to stop this actvity.  So LB-01 is in Active/Standby and currently set to Active and LB-01 set to Standby. What ever way I change state Preference to "NONE" they start to fight for Active role.
In principle it seems it should work as, if the Active ever fails and control goes to the Standby you dont want the original Active to take control until you do a manual fail back. It seems I cant get them to operate in an active/standby mode when I change the Redundancy State Preference on either box.
If that makes sense.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39974720
--> Sounds a good plan but, as soon as you put one of the devices Redundancy State Preference to NONE both devices start to become "active"

Then there is a configuration issue someplace.

Do you have Fail Safe VLAN's or Gateways configured?

Have you loaded your config in F5's iHeath?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 

Author Comment

by:ccfcfc
ID: 40003665
No we do not as we use the serial connector for detecting physicsl failure. Based on geography and the network setup this was seen as the best method opposed to setting up a VLSN to detect for any errors or issues.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40003700
The serial connection will only help detect a full failure of a F5.  This will not help if you lose a network path between the F5 and another network device.

Do you have two diverse physical (L2) connections from each F5 to different network devices for each logical (L3) network?
0
 

Author Comment

by:ccfcfc
ID: 40061512
No, I was told by F5 direct that whereas you can put diverse conenctions it, this is not a good idea and or possible with a physical 1600. Perhaps this has changed with v11 of the software. I have a single 1 to 1 L2 link between F5 and switch for traffic by L3.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 40061808
You need to use either Fail Safe VLAN's or Gateways or both depending on your setup.
0
 

Author Comment

by:ccfcfc
ID: 40074362
ok I shall look into it
0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Myths can prevent you from using the most productive alternatives available for you and opposing cloud accounting because of some myths falls into the same category of missing out on opportunities. Let's expose the myths and enable your business to …
The onset of year 2018 has been a usual business for IT teams still struggling to find their way out in terms of strengthening their cloud security.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question