Last updated on: 2024-05-21 03:14:07.

Microsoft Azure: F5 BIG-IP Virtual Edition Single NIC config sync

The following diagram shows a basic deployment of two single-NIC F5 BIG-IP VEs in a Microsoft Azure availability set. The two BIG-IP VEs are synchronizing their configurations to one another.

  • The BIG-IP VEs in this scenario are not communicating for the purpose of failover. To create an active-standby pair, use one of the F5 BIG-IP Azure ARM templates on
  • The following content applies to a single-NIC configuration only. If you have multiple NICs, use the standard procedures for enabling config sync.
  • In BIG-IP VE 13.0 and later, to create this configuration, consult this ARM GitHub repo.

Consider the following benefits of synchronizing BIG-IP VEs:

  • The two BIG-IP VEs are on different hardware, because they are in an Azure availability set, and as such, both servers should not be down at the same time.
  • BIG-IP VE copies changes from one BIG-IP VE to the other through config sync.
  • If one BIG-IP VE fails, the other BIG-IP VE continues to process traffic, though the failed system drops the packets.
  • Both BIG-IP VEs have Active status and are available to process traffic.
  • BIG-IP VE can process more traffic; if each BIG-IP VE has 1 Gbps of throughput, then together they have 2 Gbps.

Enable config sync for single NIC BIG-IP VE in Azure

Before you can complete this task:

  • Both BIG-IP VEs must be within the same availability set.

  • The Azure network security group for each BIG-IP VE must have inbound port 4354 and 6699 open (in addition to other ports you’ve enabled).

  • Both BIG-IP VEs must be running the same version of BIG-IP VE system software.

  • The BIG-IP VEs must not use the same device name.

    To view the name, use the tmsh command: list /cm device. The device name is in the first line of the result, for example cm device bigip1 {.

    To change the name, use mv cm device <current_device_name> <new_device_name>.

Enable config sync communication when you want to automatically or manually synchronize configuration information.

  1. Determine the static private IP address of each BIG-IP VE in the Azure virtual network. To find this address, in the Azure portal, select the virtual machine, and click Properties.

  2. Use an SSH tool to connect to each of the BIG-IP VEs.

  3. Ensure you are at the tmsh prompt.

  4. On each BIG-IP VE, disable functionality that enforces single NIC setup.

    modify sys db provision.1nicautoconfig value disable
  5. Confirm that the value is correct by typing:

    list sys db provision.1nicautoconfig

    The return value should be disable.

  6. On each BIG-IP VE, specify the static private IP address of the BIG-IP VE itself.

    modify cm device <device_name> configsync-ip <private_ip_address>
  7. Establish device trust: On one BIG-IP VE, enter the static private IP address of the other BIG-IP VE, along with its user name and password.

    modify cm trust-domain add-device { ca-device true device-ip <peer_ip_address> device-name <peer_device_name> username <peer_username> password <peer_password> }
  8. On the same BIG-IP VE as the previous step, create a sync-failover device group with network failover disabled.

    create cm device-group <device_group_name> devices add { <all-bigip-device-names-separated-by-space> } type sync-failover auto-sync enabled network-failover disabled
  9. Sync the BIG-IP VE to the other BIG-IP VE.

    run cm config-sync to-group <device_group_name>