Log in Go to the main page Page Discussion History Go to the file list Go to the site toolbox

Failover, F5 BigIP

From NetworkStuff


Image:F5-logo-large.png

When using a redundant pair of BigIPs in an Active/Standby configuration, failover is used by each device to monitor the status of the other and assume the Active role should the current Active device become unavailable.

This is achieved through the use of a heartbeat; when the Standby detects the loss of the heartbeat signal from the Active device, it assumes the Active role. (Note, there are other failover causes.)

The heartbeat connection can be provided over a network interface or a serial cable.

Contents

image:serial-port-medium.png Serial Failover

F5 recommended, due to it's speed.

Maximum cable length is 50 feet.

Failover time is <1s.

Do not rely on this method to cause a failover should a network interface fail or 'go down', unless you have configured the vlan failsafe feature. Failover will only occur if there is a loss of voltage on the serial cable caused by either a complete device failure or a failsafe feature. The vlan failsafe feature may detect a network interface failure in time (but only if it detects a complete loss of traffic on the vlan) but it's unlikely to be configured to operate as fast as network failover will. Also note the vlan failsafe feature is unreliable in the authors opinion.

Note: If you employ both serial and network failover, both the serial cable voltage and heartbeat signal must be lost before a failover occurs.

Image:Lan-segment-medium.png Network Failover

The heartbeat signal uses port 1028, however, the protocol has changed over the evolution of the 9.x code. Since 9.3, the protocol has been TCP, prior to that it was UDP.

The failover time is user configurable, the default is 3 seconds.

With LTM versions 9.0 through to 9.2.5 three heartbeat packets are sent per second, from 9.3 onwards, one or two packets are sent per second.

Do not rely on this method to cause a failover should any network interface fail. Failover will only occur if the network interface associated with the network failover IP address fails. Only one failover IP address can be configured on a device* (although the peer IP address is also required) and thus only one VLAN and it's interface members can be used for failover. This can cause considerable problems, detailed below.

If the architecture below is deployed, with network failover running over the 'front-end' VLAN present in the A+B zone, if the load balancer to switch link or the switch in the C or D zones fail, no failover occurs as network failover is running over a different VLAN unaffected by zone C (or D) failures;

Image:F5-Failover-Single-Links.png

This issue can be mitigated with the use of two links in the C+D zone, as shown below. However, this necessitates the use of Spanning Tree Protocol (STP) in most cases;

Image:F5-Failover-Dual-Links.png

You could completely remove the need for network failover by using dual links in both the A+B and C+D zones and the serial failover cable, meaning failover would only occur if a load balancer fails completely (loses power) or a failsafe feature causes it. This necessitates the use of Spanning Tree Protocol (STP) and unless MSTP is used, the same STP instance will run for all load balancer interfaces. This means the Spanning Tree includes all four switches and STP topology changes on any switch may cause a STP recalculation on the other three, plus the load balancers themselves.

Image:F5-Failover-Dual-Dual-Links.png

Note: If you employ both serial and network failover, both the serial cable voltage and heartbeat signal must be lost before a failover occurs.

* Two failover addresses can be configured on devices running software v9.3x and prior but as heartbeats for both networks must be lost before failover occurs using both is rather pointless and only one is normally used.

Failsafe

Failsafe configuration settings may also cause a failover. Failsafe can be configured to cause a failover if the switch board fails, a core system service fails, a pool becomes unavailable or a VLAN does not receive traffic.

Image:accessories-text-editor-v2-medium.png Usage Notes

The self IP port lockdown feature may prevent the failover heartbeat from being received on an interface.

With network failover there is always a risk that network congestion will cause an unnecessary failover.

Image:icemon-medium.png Related Commands

The bigpipe failover command displays failover status and controls some aspects of failover role.

Image:vm-restart-medium.png Availability

All v9.x versions, all hardware platforms

Image:icemon-medium.png Related Articles

Configsync issues, F5 BigIP


Image:internet-group-chat-small.png We really do appreciate all feedback so please do send your comments, suggestions or corrections to steve#networkstuff.eu (replacing the # with an @)



Retrieved from "http://www.networkstuff.eu/index.php/Failover%2C_F5_BigIP"

Site Toolbox:

Personal tools
This page was last modified on 13 November 2008, at 11:19. - Disclaimers - About NetworkStuff
Powered by MediaWiki