Hello,how we can make HA between two GTM boxes at the same datacenter

Amr_Ali Do you mean having an HA device much like you have HA LTMs? If that's a yes you really don't have to do that because GTMs are inherently redundant for DNS because of how the sync works between them for DNS configuration. You might need them to be HA because they run multiple functions such as GTM, LTM, AFM, and so on but you should try and keep GTM off of the same box as those other services if possible.

I agree with Paulius 100%. If the F5 BIG-IPs only running GTM as dedicated module, no need for HA! Use GTM sync group and publish both listener addresses for DNS... or setup DNS anycast. If in HA, you don't have BOTH units responding to DNS (normal setup), but if both are standalone and part of the same GTM sync group, then you still have resiliency and depend on iQuery between both GTM instances and DNS for failover. If running more modules... like LTM and/or ASM the conversation changes. Most clients with run dedicated smaller devices for GTM/DNS only, and a bigger device for all other ADC functions.

If this is a GTM what other configuration are you referencing? If you have the GTM in the sync group it will replicate all GTM configuration between the GTM devices in the sync group, less their unique configuration such as self-IPs, routes, and so on.

hello whisperer, I need to make HA between two GTM boxes at the same location ( datacenter ) not in different locations

HA between GTM | DevCentral

14 Replies

Paulius
MVP
Jun 04, 2023
Amr_Ali Do you mean having an HA device much like you have HA LTMs? If that's a yes you really don't have to do that because GTMs are inherently redundant for DNS because of how the sync works between them for DNS configuration. You might need them to be HA because they run multiple functions such as GTM, LTM, AFM, and so on but you should try and keep GTM off of the same box as those other services if possible.
- JRahm
  Admin
  Jun 05, 2023
- whisperer
  MVP
  Jun 04, 2023
  I agree with Paulius 100%. If the F5 BIG-IPs only running GTM as dedicated module, no need for HA! Use GTM sync group and publish both listener addresses for DNS... or setup DNS anycast. If in HA, you don't have BOTH units responding to DNS (normal setup), but if both are standalone and part of the same GTM sync group, then you still have resiliency and depend on iQuery between both GTM instances and DNS for failover. If running more modules... like LTM and/or ASM the conversation changes. Most clients with run dedicated smaller devices for GTM/DNS only, and a bigger device for all other ADC functions.
  - Amr_Ali
    MVP
    Jun 05, 2023
    hello whisperer, I need to make HA between two GTM boxes at the same location ( datacenter ) not in different locations
ashk
Cirrus
Jul 15, 2024
So, I see the above comments and have something similar story now.

We are in the process of upgrading from the Guest GTM to a new Tenant GTM appliance. Our plan involves adding the new GTM to the cluster sync-group, performing a manual full synchronization, and monitoring its performance for a day. Once verified, we intend to gracefully take the old GTM offline. If all functions well with the new GTM, we will then remove the high availability configuration and proceed with cleaning up the old GTM. Any suggestions or recommendations on this approach?
- Paulius
  MVP
  Jul 18, 2024
  By HA configuration do you mean the GTM sync group or are you referring to HA configuration of the entire F5 device? If you are referring only to the sync group that syncs GTM configuration then this should work.
  - ashk
    Cirrus
    Jul 18, 2024
    so, the box is dedicated for GTM. so by doing GTM-Sync-Group will all the device configs will be replicated like users/certs/settings? or only GTM stuff will be replicated?
    I want it to be a replica of the existing GTM device with all general settings along with GTM stuff so I can cut over once everything is ok.

Forum Discussion

HA between GTM

14 Replies

Recent Discussions

f5.prod extension

F5 LTM - http headers

Understanding IRule with Proxypass datagroup

APM/OAuth2 : auto apply changes made by discovery

Compatibility of BIG-IP Edge Client with Azure Virtual Desktop (AVD) Multi-Session Environments

Related Content

F5 LTM HA pair upgrade Automation using Python

Cisco ACI Endpoint Learning with a BIG-IP HA Failover

This DevCentral Content has been Archived or Deleted

ha group

Rebooting HA pair