Lab 5: High Availability

BIG-IP systems are generally deployed in pairs since redundant systems add reliability and management stability over a single system. BIG-IP systems typically are configured in Active-Standby mode. This lab will familiarize students with High-Availability. High-Availability on the BIG-IP platform is referred to as Device Service Clusters (DSC)


Students will be configuring a High-Availability cluster using both BIGIP01 and BIGIP02 with BIGIP01 serving as the Active device in the DSC cluster.


Task 2 - Configure the failover networking


  1. From the Windows 10 Jumphost log into BIGIP01 and BIGIP02

  2. Configure the HA VLAN on both BIG-IP systems by navigation to the Network pane, clicking on VLANs, and click on create.

  3. On BIGIP01 and BIGIP02 assign Network Interface 1.3 (untagged) to a VLAN called HA

  4. The next step will be to configure a Self-IP for the HA VLAN.

  5. Use the below table as a reference for Self-IP addresses on each BIG-IP:

    Be sure to click Finished when complete

    Form field Value
    Name ha_selfip
    IP Address 10.1.30.240
    Netmask 255.255.255.0
    VLAN/Tunnel HA
    Port Lockdown Allow Default

    image20

    Form field Value
    Name ha_selfip
    IP Address 10.1.30.241
    Netmask 255.255.255.0
    VLAN/Tunnel HA
    Port Lockdown Allow Default

    image21

  6. On each BIG-IP configure the device object failover parameters the BIG-IP will send to other BIG-IP systems that are part of a sync-only or sync-failover group

  7. Under Device Management, Devices, select the local BIG-IP it will be notated with the (Self) suffix.

  8. Under Device Connectivity on the top bar select:

  9. ConfigSync

  10. Use the Self-IP Address of the HA VLAN for the local addresses

  11. Failover Network

  12. In the Failover Unicast Configuration section select the Add button

  13. Use the Self-IP address of the HA VLAN for the Address

  14. Leave the Port at the default setting of 1026


Task 2 - Configure the Device Trust


  1. On BIGIP01 from the Device Management pane, click on Device Trust > Device Trust Members, and select Add.
  2. On BIGIP01, enter 10.1.1.6 which is the Management address of BIGIP02 and enter the admin User ID and Password.
  3. Click Retrieve Device Information, click Device Certificate Matches, and then click Add Device.
  4. On BIGIP02 verify that bigip01 is displayed as a trusted device under Device Trust.

image22


Task 3 - Configure a Sync-Failover Group


  1. On BIGIP01, Under the Device Management Navigation pane, click on Device Group and click Create
  2. Create a new device Group named syncfailover with Group Type of Sync-Failover.
  3. Add BIGIP01 and BIGIP02 to the Includes box.
  4. Check the Network Failover setting for the group.
  5. Click Finished.
  6. Attempt to perform a Manual sync by clicking on the Overview section under the Device Management Navigation menu.
  7. Ensure bigip01.f5demo.com is selected and then click Sync.
  • Was the full synchronization successful?
  • Are the configurations identical on both BIG-IP systems?
  • Check the virtual servers on BIGIP02.

image23


Task 4 - Configure a Floating Traffic-Group


The default Traffic-Group processes application traffic for the local device. A Floating Traffic-Group contains the following objects:

  • Virtual IP addresses
  • NATs
  • SNAT translation addresses
  • Self IP Addresses
  • Folders
  1. From the Device Management Navigation pane, click on Traffic Groups
  2. Click on the traffic group traffic-group-1
  3. The Failover Method default should be set to Failover using Preferred Device Order and then Load Aware
  4. Ensure BIGIP01 and BIGIP02 have been added to the Preferred Order window.
  5. Click Save at the bottom.
  6. Select the Failover Objects tab at the top to see the failover objects.
  7. Click the Changes Pending at the top of the screen and then click Sync.
  8. Verify you're able to access https://10.1.10.200
  9. Force a failover by clicking Device Management > Traffic Groups > traffic-group1 and then select Force to Standby
  10. Verify you're still able to access https://10.1.10.200