Google Cloud

In this section, you can see a failover event diagram, example declaration, and requirements for implementing Cloud Failover in Google Cloud.

Failover Event Diagram

This diagram shows a failover event with Cloud Failover implemented in Google Cloud. In the event of a failover, alias IPs are updated to point to the network interface of the active BIG-IP device. The forwarding rule targets matching a self IP address of the active BIG-IP device are associated with the network interface of the active BIG-IP device.

../_images/GCPFailoverExtensionHighLevel.gif

Example Declaration

This example declaration shows the minimum information needed to update the cloud resources in Google Cloud. See the Quickstart section for steps on how to post this declaration.

{
    "class": "Cloud_Failover",
    "environment": "gcp",
    "externalStorage": {
        "scopingTags": {
            "f5_cloud_failover_label": "mydeployment"
        }
    },
    "failoverAddresses": {
        "scopingTags": {
            "f5_cloud_failover_label": "mydeployment"
        }
    },
    "failoverRoutes": {
        "scopingTags": {
            "f5_cloud_failover_label": "mydeployment"
        },
        "scopingAddressRanges": [
            "192.168.1.0/24"
        ]
    }
}

Requirements

These are the minimum requirements for setting up Cloud Failover in Google Cloud Platform:

  • 2 BIG-IP systems in Active/Standby configuration. You can find an example GDM Template here. Any configuration tool can be used to provision the resources.

  • A GCP Identity and Access Management (IAM) service account with sufficient access. See the instructions below for creating and assigning an IAM role.

  • A storage bucket for Cloud Failover extension cluster-wide file(s) that is tagged with a key/value pair corresponding to the key/value(s) provided in the externalStorage.scopingTags section of the Cloud Failover extension configuration.

    Important

    Ensure the required storage accounts do not have public access.

  • Instances tagged with a key/value corresponding to the key/value(s) provided in the `failoverAddresses.scopingTags` section of the Cloud Failover extension configuration.

  • Virtual addresses created in a floating traffic group and matching Alias IP addresses on the instance serving application traffic.

  • Forwarding rules(s) configured with targets that match a virtual address or floating self IP on the instance serving application traffic.

  • Route(s) in a route table tagged with:

    • a key/value corresponding to the key/value(s) provided in the failoverRoutes.scopingTags section of the Cloud Failover extension configuration
    • a special key f5_self_ips containing a comma-separated list of addresses mapping to a self IP address on each instance in the cluster to which the routes should point. For example: 10.0.0.10,10.0.0.11

    Note

    The failover extension configuration failoverRoutes.scopingAddressRanges contains a list of destination routes to update.

    Important

    Since GCP routes do not support GCP labels a JSON blob must be added to the description, for example: f5_cloud_failover_labels={"f5_cloud_failover_label":"mydeployment","f5_self_ips":["10.0.0.10","10.0.0.11"]}

Creating and assigning an IAM Role

To create and assign an IAM role you must have a user role of Editor.

  1. In GCP, go to IAM > Roles and create the member with the following scopes:
  • compute-rw
  • storage-rw
  • cloud-platform

For example:

../_images/GCPIAMRoleSummary.png
  1. Assign an IAM member to each instance by navigating to Compute Engine > VM Instances > Instance, select Edit, and then update the Service Account.

For example:

../_images/GCPIamRoleAssignedToInstance.png

Note

To provide feedback on this documentation, you can file a GitHub Issue.