Microsoft Azure: F5 BIG-IP Virtual Edition Single NIC config sync¶
The following diagram shows a basic deployment of two single-NIC F5 BIG-IP VEs in a Microsoft Azure availability set. The two BIG-IP VEs are synchronizing their configurations to one another.
- The BIG-IP VEs in this scenario are not communicating for the purpose of failover. To create an active-standby pair, use one of the F5 BIG-IP Azure ARM templates on https://github.com/F5Networks.
- The following content applies to a single-NIC configuration only. If you have multiple NICs, use the standard procedures for enabling config sync.
- In BIG-IP VE 13.0 and later, to create this configuration, consult this ARM GitHub repo.
Consider the following benefits of synchronizing BIG-IP VEs:
- The two BIG-IP VEs are on different hardware, because they are in an Azure availability set, and as such, both servers should not be down at the same time.
- BIG-IP VE copies changes from one BIG-IP VE to the other through config sync.
- If one BIG-IP VE fails, the other BIG-IP VE continues to process traffic, though the failed system drops the packets.
- Both BIG-IP VEs have Active status and are available to process traffic.
- BIG-IP VE can process more traffic; if each BIG-IP VE has 1 Gbps of throughput, then together they have 2 Gbps.
Enable config sync for single NIC BIG-IP VE in Azure¶
Before you can complete this task:
Both BIG-IP VEs must be within the same availability set.
The Azure network security group for each BIG-IP VE must have inbound port
4354
and6699
open (in addition to other ports you’ve enabled).Both BIG-IP VEs must be running the same version of BIG-IP VE system software.
The BIG-IP VEs must not use the same device name.
To view the name, use the tmsh command:
list /cm device
. The device name is in the first line of the result, for examplecm device bigip1 {
.To change the name, use
mv cm device <current_device_name> <new_device_name>
.
Enable config sync communication when you want to automatically or manually synchronize configuration information.
Determine the static private IP address of each BIG-IP VE in the Azure virtual network. To find this address, in the Azure portal, select the virtual machine, and click Properties.
Use an SSH tool to connect to each of the BIG-IP VEs.
Ensure you are at the tmsh prompt.
tmsh
On each BIG-IP VE, disable functionality that enforces single NIC setup.
modify sys db provision.1nicautoconfig value disable
Confirm that the value is correct by typing:
list sys db provision.1nicautoconfig
The return value should be
disable
.On each BIG-IP VE, specify the static private IP address of the BIG-IP VE itself.
modify cm device <device_name> configsync-ip <private_ip_address>
Establish device trust: On one BIG-IP VE, enter the static private IP address of the other BIG-IP VE, along with its user name and password.
modify cm trust-domain add-device { ca-device true device-ip <peer_ip_address> device-name <peer_device_name> username <peer_username> password <peer_password> }
On the same BIG-IP VE as the previous step, create a sync-failover device group with network failover disabled.
create cm device-group <device_group_name> devices add { <all-bigip-device-names-separated-by-space> } type sync-failover auto-sync enabled network-failover disabled
Sync the BIG-IP VE to the other BIG-IP VE.
run cm config-sync to-group <device_group_name>