F5 Application Delivery Controller Solutions > Building the F5 Fabric > Module 1: BIG-IP Device Service Cluster Configuration Source | Edit on
Lab 2: Sync Only exercise¶
Objective: Add a sync only device group. You have already configured two VE’s in an Active/Active Configuration with two traffic groups. Add a 3rd VE. Create new Sync-Only group, and new Partition that will leverage new Sync-Only group. Create new SSL profile which will sync to all devices.
Prerequisites and Notes
Have at least 2 VE’s in an Active/Active Failover Configuration.
Note that for this exercise we will use three network interfaces (as in in the previous failover exercise)
1.1
= External Network Interface (Wan Side)
1.2
= Internal network interface (LAN Side)
1.3
= High Availability Network Interface
TASK 1 – Add HA Self IP to bigip3.lab¶
TASK 2 – Update Config-Sync Properties on bigip3.lab¶
TASK 3 – Add bigip3 to peer list on bigip1¶
TASK 4 – Create New Sync Only Group¶
On bigip1:
Create a sync only group
Go to Device Management -> Device Groups -> Create
- Name =
device_group_02_so
- Group Type =
Sync-Only
- Members = All 3 bigip’s
- Name =
Click Finished
Perform initial sync
TASK 5 – Create New Partition and SSL Profile, Configure for Sync-Only¶
On bigip1:
Create new Partition
Go to System -> Users -> Partition List -> Create
- Partition Name =
partition_02_so
- Device Group = (uncheck "Inherit device group from root folder" box),
device_group_02_so
- Traffic Group =
None
- Partition Name =
Click Finished
Create new Client SSL Profile
Go to Local Traffic -> Profiles -> SSL -> Client
Change Partition to
partition_02_so
in the upper-right of the GUIClick Create
- Name =
clientssl_02_lab
- Accept all defaults
- Name =
Click Finished
Sync Changes
- On bigip2 and bigip3, confirm this Sync-Only clientssl profile has synced
- Go to Local Traffic -> Profiles -> SSL –> Client
- Choose
partition_02_so
- Is
clientssl_02_lab
there?
What are some practical uses for Sync-Only device groups?