Sunday 29 May 2022

F5 BIG-IP – Items Not Synced During ConfigSynch Between Device Group Members

 During a configuration synchronization (ConfigSync) procedure, BIG-IP elements that are not synced amongst device group members are discussed in this article.

ConfigSync is a HA feature that synchronizes configuration changes between BIG-IP devices in a device group. This feature guarantees that all members of a BIG-IP device group have the same configuration data and work together to handle application traffic efficiently.

Items that are not synced across device group members during a ConfigSync transaction are listed below:

BIG-IP objects that are not synchronized

  • Class of Service
  • Connection mirroring port, VLAN, and IP address
  • HA daemon
  • HA Groups
  • Hypervisor VLAN members
  • Hypervisor management network
  • Hypervisor trunks
  • Hypervisor vCMP capacity
  • Installed software image, status, volumes, and hotfixes
  • Interfaces
  • L2 Forwarding
  • LLDP global configurations
  • LX Workspaces
  • Licenses
  • Management DHCP configuration
  • Management IP addresses
  • Management routes
  • Module provisioning and allocation
    Note: Prior to BIG-IP 13.1.0, management plane provisioning was synchronized. For more information, refer to K31326690: Provisioning the mgmt plane to large and performing a ConfigSync might cause an outage on the peer unit
  • Non-floating self IP addresses
  • Route domains (eviction policy assignment is synchronized)
  • ZebOS routing configuration
  • Flow eviction policy setting for route domains
    Note: Beginning in BIG-IP 12.0.0, the flow-eviction-policy setting is synchronized; prior to BIG-IP 12.0.0, that setting is not synchronized.
  • STP
  • Static ARP entries
  • System certificates and keys
  • System files
  • Trunks
  • VCMP virtual disks
  • VLAN groups
  • VLANs
  • The Show Security Banner on the Login Screen message (System Preferences)

BIG-IP attributes that are not synchronized

  • Analytics Reports – Sent information, status, and messages
  • Device failover state
  • Device group member State, commit ID, and Last sync CID
  • Nodes – Monitor status and logs
  • Pool Members – Status and logs
  • Trust domain, certificate, key, CA bundle, and status
  • Unicast IP address and port
  • Virtual Address status
  • SNMP Agent Contact Information and Machine Location

#EXAMPLE

A good example is setting up a new VLAN and Self Service IP. These do not get Synched, so you have to jump over to the PASSIVE F5 and configure them. You have to make sure you use a unique IP for the Self IP Address and not the same one you have on the ACTIVE.

  • VLANS
  • Non-floating self IP addresses

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...