How to Configure High-Availability in F5

Sep 24, 20223 min read

Updated: Jan 20

How to Configure High-Availability in F5--

Before connecting the device to HA device, Make sure -

-->> All devices in the device group are running the same version of BIG-IP system software

-->> Configure NTP and verify that both devices show same date and time.

There are some steps below to configure HA.

Step 1- Create dedicated VLAN and Self IP for HA:

Chosen interface 1.1 for HA function

Chosen an unused subnet 192.168.1.1/24 for HA heartbeat to work. You now configure the active device as 192.168.255.1 and peer as 192.168.1.2. Make sure you configure these Self IPs as non-floating.

Step 2 - Configure Sync config--

Define IP address that is used to synchronize their configuration objects by other devices in the device group

Go into Device Management > Devices > Device Connectivity menu, choose ConfigSync

Then Choose the non-floating self-IP address and not a management IP address configured

For peer device, choose exmaple - 192.168.1.2 (ha) for Config Sync

Step 3- Failover Unicast Configuration -->>

Device Management > Devices > From Device Connectivity menu, choose Failover

Add for each IP address on this device that other devices in the device group can use to exchange failover messages with this device

Self IP address associated with an internal VLAN and the management IP address. When the device reboots, Management IP becomes active first before Self IPs, hence to avoid both devices operate as active and cause unexpected results, we add management IP on the heartbeat list.

Step 4- Configure Device Trust -

You are going to add the peer device on the trusted device list. Before that, you set and force the peer device to be Offline. Login to ‘peer’ device, choose Devices, select the listed device and click Force Offline

On the peer device, perform same steps and specify device IP address

Step 5 - Create Sync-Failover device group -

-->> Click Device Management > Device Groups > Click Create

-->> Type the name of the service group

-->> Choose group type as Sync-Failover

-->> Add all available members that you want to include in sync-failover device group

Network Failover: You must enable network failover for any device group that contains three or more members.

Automatic Sync : F5 recommends that you manually sync the configuration changes to peer device so if you accidentally misconfigured your active device, you can quickly sync and recover the configuration from peer device. So keep this unchecke

Full Sync: Select the check box when you want all sync operations to be full syncs. In this case, the BIG-IP system syncs the entire set of BIG-IP configuration data whenever a config sync operation is required.

Note - if you enable incremental synchronization, the BIG-IP system might occasionally perform a full sync for internal reasons

Step 6 - Configure Network mirroring (Connection mirroring):

When an active unit becomes unavailable, the connections are dropped unless you have configured network mirroring. Network mirroring feature on the BIG-IP system duplicates a units state (that is, real-time connection and persistence information) on the peer unit.

-->> Click Device Management > Devices

-->> Click device name to which you are currently logged in.

-->> Under Device Connectivity menu, choose Mirroring

-->> The recommended IP address is the self IP address for either VLAN HA or VLAN internal.

-->> The secondary Local Mirror address is optional. The system uses this IP address in the event that the primary mirroring address becomes unavailable.