Forum Discussion

TJ_Vreugdenhil's avatar
Mar 06, 2017

Solution for duplicate F5 Self IP's at two datacenters using OTV

We are planning a migration of a F5 LTM VIPRION pair in datacenter A to a F5 LTM VE pair in datacenter B.

We would like to do this in a phased approach (bringing waves of servers at a time) and keeping all IP addresses the same (servers, VIP's, self IP's, VLAN ID's, route domains, gateway, routes etc.) We are using OTV to extend the Layer 2 networks across the datacenters. My concern is duplicate self IP addresses between the F5's, because you cannot disable ARP for a F5 self IP like you can for an F5 VIP.

I was thinking to do something like this to support the F5's at Datacenter A and B to operate simultaneously. Perhaps blocking the F5 MAC addresses of Datacenter A from reaching Datacenter B and vis versa:

Cisco: 

mac-list F5-OTHER-DC_vMAC seq 10 deny 0000.xxxx.xxx1 ffff.ffff.ffff
mac-list F5-OTHER-DC_vMAC seq 11 deny 0000.xxxx.xxx2 ffff.ffff.ffff
mac-list F5-OTHER-DC_vMAC seq 20 permit 0000.0000.0000 0000.0000.0000
route-map F5-OTHER-DC_Filtering permit 10
   match mac-list F5-OTHER-DC_vMAC
otv-isis default
   vpn Overlay200
     redistribute filter route-map F5-OTHER-DC_Filtering

Is this a supported design?

Thanks!

  • so your looking to run each F5 as Active/Active in D/C A / B? and you want each unit to have the same exact self IP's and entire configuration?

     

    You potentially configure a new Route domain and use the same configuration on your B side F5 along with new physical links to you D/C Core to allow the use of the same configuration..

     

    If you block each F5 from talking and they were previously setup as Active/Standby i guess you could achieve this as well however the B D/C F5 will have the secondary self-ip and no the primary self-IP although it will share the same floating IP.

     

  • Hi,

     

    You can create on both appliances self ips in the same network as existing and convert the one you want to keep as a floating ip.

     

    Then, set one appliance as "force standby" to disable ARP

     

  • Hi,

     

    I understand you have a f5 cluster on DC A and you want to migrate all servers in DC B where you install a new F5 cluster.

     

    During migration, both clusters will share same ip addresses and vlans.

     

    Is it possible to disconnect the standby member of the existing cluster and connect the new member with same self ip. Then configure the new member as a cluster member of the existing cluster? (cluster with different hardware is supported since version 11.4)

     

    When all servers are migrated, disconnect the last old appliance in DC A and connect the new one.

     

  • @ Jgranieri - Maybe it's too late, but could you confirm, what did you do finally ?

  • I did work, but we didn’t end up using it long term. The team identified there were applications that needed to talk across DC’s, so we just went with all full server/application move. TJ