Configure an Active/Standby pair Big-IP F5 Load Balancer in VMware Workstation (13.1.1-0.04)

I finally found some time to Deploy and Configure an F5 Load Balancer in my VMware Workstation LAB. The below steps will walk you through setting up an Active/Standby pair HA configuration for BIG-IP F5 13.1.1-0.0.4.

The whole set up went smooth but I did run into config sync issues between the primary and the standby that I was not able to resolve. After doing some research it looks like other were experiencing the same behavior when setting it up with an eval or trial license. I have set up version 12 without issues here so definitely looks like something odd is happening with version 13.

I also read that BIGIP-14.1.0-0.0.116 has the same problem where the primary will not be able to sync up with the standby once configured. I will try to update version 13 once a new build comes out to see if this has been fixed. The plan is to set up version 12 of BIG-IP to see if the config sync issues will be present. I will make another post with BIG-IP version 12 set up, here is the other post where version 12 works just fine.

Config sync issue:

After setting up the primary and then connecting them together I was getting inconsistent sync issues between the primary and secondary. This seems to affect the below build numbers of BIG-IP Virtual Edition which are currently the latest builds.
BIGIP-14.1.0-0.0.116 & BIG-IP F5 13.1.1-0.0.4

https://devcentral.f5.com/questions/dsc-is-not-coming-up-for-ltm-ves-after-initial-setup-62303

This article mentioned that this is as a result of a BUG:

https://devcentral.f5.com/questions/devices-are-not-synchronizing-configuration-to-each-other-59604

-Once you set up the primary and standby you will run into different config-sync inconsistencies. Standby will report it’s in sync, primary will report changes are pending.
-If you are using an Eval license or a trial license you may run into the config sync issue.
-DEV LAB licenses seem to work fine and config sync issue is not present but VMs need to have 8GB and 4vCPUs to run. I dont have a DEV LAB license to try out so can’t confirm.
-The appliances are configured for 4GB of RAM, i read that for HA Standby setup they need to have minimum of 8GB and 4vCPUs. Since my Desktop only had 16GB of memory. I tried to power it up with 8GB each but surprisingly my CPU got stuck at 100% and memory as well. I ended up running one VM on my Desktop and giving it 12GB memory 4vCPUs and another one on my Laptop that had an SSD and 16GB RAM, so the second VM also had 12GB. I changed all the VM networking to bridged, and changed my virtual network editor to bridge to my ethernet port. I connected my laptop and desktop to a basic switch and the VMs were able to ping each other. I did observe different config sync behavior after giving it more memory. My standby BIG-IP said it was in sync and my active said there are changes pending.
-I will be setting up version 12 of BIG-IP Virtual Edition as i heard that version works fine with the eval or trial license BIGIP-12.1.4-0.0.8.ALL-scsi

https://devcentral.f5.com/questions/dsc-is-not-coming-up-for-ltm-ves-after-initial-setup-62303

To get a trial of BIg IP, just register on their site, download the software and the keys will be e-mailed to you:
https://www.f5.com/trials

There are different ways to deploy the F5 but the last two places I worked in had it deployed as an active/standby configuration so I will try to mimic the same config here. Every datacenter that I have been to had multiple BIG-IP F5’s set up, I have been wanting to set this up in my lab for a while now.

The below guide will walk you through configuration of the primary and a second HA standby F5 server.

Virtual Network Editor
VMware Workstation > Edit > Virtual Network Editor

Here is what the Virtaul Machine looks like
VMNet1 – Management
VMNet2 – HA
VMNet3 – Internal
VMNet0 – External

F5 HA (Primary)

1.0 Management - 192.168.16.111 (vmnet1)
1.1 HA - 192.168.88.51 Floating IP: 192.168.88.53(vmnet2)
1.2 Internal - 192.168.245.201 - Floating IP:192.168.245.203 (vmnet3) - Web servers behind Internal 192.168.245.20 & 30
1.3 External - 192.168.11.50 - Floating IP: 192.68.11.61 (vmnet0 bridged 192.168.11.0)

F5 HA (Standby)

1.0 Management - 192.168.16.112 (vmnet1)
1.1 HA - 192.168.88.52 Floating IP: 192.168.88.53 (vmnet2)
1.2 Internal - 192.168.245.202 - Floating  IP: 192.168.245.203 (vmnet3) - Web servers behind Internal 192.168.245.20 & 30
1.3 External - 192.168.11.51 - Floating IP: 192.168.11.61 (vmnet0 bridged 192.168.11.0)

Configuring the Primary

Once you deploy the VMware Appliance run config t to configure the management network and the deafult gateway. Login with root/default

Configure the Management IP. My Default gateway is 192.168.16.2 for this virtual interface.

Now that the management interface is all set up I can open up a browser and connect to it. The default login is admin/default.

License the appliance, you will not be able to do much until you license it

Here is a licensed appliance, I applied the 30 day trial key.

Your Management network is set up already, you should see it by clicking on Platform. At this point youo need to click on Network and click Next to start the Wizard. The appliance is in a mode where it wants you to set up the rest of the network settings, then you will see menus that look much different once it’s all set up.

F5 HA (Primary)

1.0 Management - 192.168.16.111 (vmnet1)
1.1 HA - 192.168.88.51 Floating IP: 192.168.88.53(vmnet2)
1.2 Internal - 192.168.245.201 - Floating IP:192.168.245.203 (vmnet3) - Web servers behind Internal 192.168.245.20 & 30
1.3 External - 192.168.11.50 - Floating IP: 192.68.11.61 (vmnet0 bridged 192.168.11.0)


1.1 HA – 192.168.88.51 Floating IP: 192.168.88.53(vmnet2)
Note the “Select VLAN” drop down that is set to “HA” click Next to save

1.2 Internal – 192.168.245.201 – Floating IP:192.168.245.203 (vmnet3)
Web servers behind Internal 192.168.245.20 & 30

1.3 External – 192.168.11.50 – Floating IP: 192.68.11.61 (vmnet0 bridged 192.168.11.0)

Next screen is to set up NTP, i pointed it at my Domain Controller. You can put whatever here, the VM’s pick up the time from Virtual Bios so the time comes from my Desktop. Make sure both primary/standby have the same time as that can break config sync issues as well.

Fill in the rest, it’s for a lab so DC is my DNS etc

F5 sync options. Because the secondary is a standby, everything from the primary will need to sync with the secondary HA. I chose Internal network to do the sync. Once both are set up make sure that both of them have the same network set up for ConfigSync.


For Lab choose Unicast, you can read more about the differenc by googling unicast vs multicast.

Leave secondary blank

Primary is all set up, we can see it’s rporting as:
ONLINE (ACTIVE)
Standalone

Review what we have set up

Now the menu changes and we set a lot of new menus


another screenshot

another

another

Configuring the Secondary (Standby)

Power up the secnond Big F5 appliance

Login with
User: Root
Password: default
Run: config t to set up management network

F5 HA (Standby)

1.0 Management - 192.168.16.112 (vmnet1)
1.1 HA - 192.168.88.52 Floating IP: 192.168.88.53 (vmnet2)
1.2 Internal - 192.168.245.202 - Floating  IP: 192.168.245.203 (vmnet3) - Web servers behind Internal 192.168.245.20 & 30
1.3 External - 192.168.11.51 - Floating IP: 192.168.11.61 (vmnet0 bridged 192.168.11.0)

login with admin admin


license the server

ff

gg

hjh

1.2 Internal – 192.168.245.202 – Floating IP: 192.168.245.203 (vmnet3)

1.3 External – 192.168.11.51 – Floating IP: 192.168.11.61 (vmnet0)

1.1 HA – 192.168.88.52 Floating IP: 192.168.88.53 (vmnet2)

jdfkdnpt

config syc

dfdmm

jfkjdf

Establish an active stadnby pair

fjdkfjd enter node 1

cert matches my other de ice

dfdd

dfdkfd

now my primary has changed to standby and is waiting for me to sync

I restarted node2 as it was primary and node 1 took over

Sync Issues

I ran into an issue where i couldn’t sync up the standby HA server.

I tried remoivng both of the F5s from the Device Group, but only one would sync.

fix is to use a LAB license and

https://devcentral.f5.com/questions/dsc-is-not-coming-up-for-ltm-ves-after-initial-setup-62303

Not able to sync

This entry was posted in Networking and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *