RSS

F5 GTM: From Start to Datacenter Failover – Part 1

31 Oct
F5 GTM: From Start to Datacenter Failover – Part 1

Recently, my company decided to start down a more structure path to providing Highly Available applications to both our internal and external customers. We have a custom web application and email that are two initial focuses. This lead me to looking for a product that could make it simple to fail from one data center to another. You’re options to do this are pretty straight forward, and not easily understandable (or at least they weren’t simple to me, but I’m from Tennessee). You could try some BGP failover magic to move your public IPs between data centers, or you can pull DNS tricks to do that. The F5 Global Traffic Manager and the Cisco Global Site Selectors are two good devices to help with the DNS tricks. I picked the F5s because I prefer their interface; however, both systems will perform the task perfectly.  Now both of these boxes will do all kinds of crazy things like geolocation based traffic redirection etc.   But, I’m focused on a few things:

  • Setup the F5s as my public DNS Servers
  • Migrate my domain name’s DNS services over to the F5s
  • Setup the Web and Exchange applications with an active data center and a standby data center
  • Test the failover

Below is a map of the overly simplified architecture.

Initial Setup

So to get started take that primary data center F5 GTM out of the box and plug it in.  Don’t do anything with the secondary data center GTM yet, as we will sync its configuration over to it.  Connect the primary’s management port up to a switch not on your production network, and connect your configuration computer to that same switch.  Setup your computer to have an ip address of 192.168.1.254.  Now point your browser to 192.168.1.245.  You should be greeted with a log in screen.  (Make sure you have a way to get to the Internet, you’ll need it for licensing.)

Log in as admin with a password of admin.  This should begin the setup wizard.  The first step in the setup wizard is to activate the licensing.  So click the activate button, and you will be given some test to copy and paste into the F5 website.  Once that is done they will give you a another block of test to paste back into the F5 GTM device.  Click continue, and the box will be licensed.  Next you will be prompted to set up the basic management settings such as IP address, hostname, time zone, netmask, and gateway.  This will be followed with the password changes for both the root and admin accounts.  Remember in the hostname you can only use letter, numbers, underscore, dash, and period.  Next, you will see a section to set up SSH access and the allowed ranges.  Make sure you enable ssh, and set the allowed range to your management networks.  Finally you will have the choice of Basic Network Configuration or Advanced Network configuration.  I suggest that you do the advance network configuration later.  So just click finish, and the network setup wizard will complete and apply all your changes.  Make sure to set your configuration computers IP address to something that can reach the new management IP address.

After completing setup, it’s time to configure the resource provisioning. Go to System > Resource Provisioning.

Make sure GTM is set to dedicated.  This helps make sure it’s never asking for resources.  If you purchased any other licensed modules, I recommend setting both to normal.  I just disabled everything for which I did not have or buy a license.

Network Setup

Finally, for this post let’s setup the networking.  Click on Network >VLANs and click the Create button.

I decided to just have an internal and external vlan, each with two ports in them.  So I put in my vlan name and tag (which is the the same thing as a vlan id or number)  Then I choose to have my two ports untagged.  Repeat this with the other ports for the interface vlan.  When finished my configuration looked like:

If you need to set speed and duplex Click on Network > Interfaces. and click on the interface Name in the list and change the setting to your desired configuration.

Next, we want to set up IP addresses for the F5.  We do this by clicking Network > Self IPs, and click the create button.  Fill in the IP address, netmask, choose a vlan, and make sure to have the port lockdown at allow default.  Repeat this for both the internal and external IP addresses.

Now you have an F5 out of the box and are ready to start building the failover configuration.

Post 2 will cover syncing the secondary, setting up listeners, and defining the network elements.

Post 3 will cover DNS setup and migration

Post 4 will cover Wide IP (DNS Failover) setup and testing.

F5 GTM Documentation: http://support.f5.com/kb/en-us/products/big-ip_gtm/versions.10_2_3.html

F5 GTM Configuration Guide: http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm_config_10_2.html

F5 GTM Implementations Guide: http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm_impl_guide_10_2.html

F5 GTM Getting Started Guide: http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip_getting_started_guide_10_1_0.html

Advertisement
 

About Jason Myers

A network architect with over 12 years experience in a wide array of technologies and environments. I'm generally just a total geek.
Leave a comment

Posted by on October 31, 2011 in F5, GTM

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 234 other followers