Google Cloud¶
In this section, you can see a failover event diagram, example declaration, and requirements for implementing Cloud Failover in Google Cloud.
Failover Event Diagram¶
This diagram shows a failover event with Cloud Failover implemented in Google Cloud. In the event of a failover, alias IPs are updated to point to the network interface of the active BIG-IP device. The forwarding rule targets matching a self IP address of the active BIG-IP device are associated with the network interface of the active BIG-IP device.
Example Declaration¶
This example declaration shows the minimum information needed to update the cloud resources in Google Cloud. See the Quickstart section for steps on how to post this declaration.
{
"class": "Cloud_Failover",
"environment": "gcp",
"externalStorage": {
"scopingTags": {
"f5_cloud_failover_label": "mydeployment"
}
},
"failoverAddresses": {
"scopingTags": {
"f5_cloud_failover_label": "mydeployment"
}
},
"failoverRoutes": {
"scopingTags": {
"f5_cloud_failover_label": "mydeployment"
},
"scopingAddressRanges": [
"192.168.1.0/24"
]
}
}
Requirements¶
These are the minimum requirements for setting up Cloud Failover in Google Cloud Platform:
2 BIG-IP systems in Active/Standby configuration. You can find an example GDM Template here. Any configuration tool can be used to provision the resources.
A GCP Identity and Access Management (IAM) service account with sufficient access. See the instructions below for creating and assigning an IAM role.
A storage bucket for Cloud Failover extension cluster-wide file(s) that is tagged with a key/value pair corresponding to the key/value(s) provided in the externalStorage.scopingTags section of the Cloud Failover extension configuration.
Important
Ensure the required storage accounts do not have public access.
Instances tagged with a key/value corresponding to the key/value(s) provided in the `failoverAddresses.scopingTags` section of the Cloud Failover extension configuration.
Virtual addresses created in a floating traffic group and matching Alias IP addresses on the instance serving application traffic.
Forwarding rules(s) configured with targets that match a virtual address or floating self IP on the instance serving application traffic.
Route(s) in a route table tagged with:
- a key/value corresponding to the key/value(s) provided in the failoverRoutes.scopingTags section of the Cloud Failover extension configuration
- a special key
f5_self_ipscontaining a comma-separated list of addresses mapping to a self IP address on each instance in the cluster to which the routes should point. For example:10.0.0.10,10.0.0.11
Note
The failover extension configuration failoverRoutes.scopingAddressRanges contains a list of destination routes to update.
Important
Since GCP routes do not support GCP labels a JSON blob must be added to the description, for example:
f5_cloud_failover_labels={"f5_cloud_failover_label":"mydeployment","f5_self_ips":["10.0.0.10","10.0.0.11"]}
Creating and assigning an IAM Role¶
To create and assign an IAM role you must have a user role of Editor.
- In GCP, go to IAM > Roles and create the member with the following scopes:
- compute-rw
- storage-rw
- cloud-platform
For example:
- Assign an IAM member to each instance by navigating to Compute Engine > VM Instances > Instance, select Edit, and then update the Service Account.
For example:
Note
To provide feedback on this documentation, you can file a GitHub Issue.