Manage Site Offline Survivability with Secure Mesh Site v2
Objective
This guide provides instructions on managing Offline Survivability for F5® Distributed Cloud Customer Edge (CE) sites deployed using the Secure Mesh Site v2 workflow. Offline Survivability ensures that your CE Site continues to function without traffic loss during periods of connectivity loss to the F5 Regional Edge (RE) or the F5 Global Controller (GC).
Functional Overview
The Offline Survivability feature for encompasses the following components:
-
A CE in Offline Survivability mode will continue to operate and process traffic through its advertised load balancers after losing connectivity to the RE and GC.
-
Offline Survivability mode also supports Secure Mesh Group (SMG) and DC Cluster Group (DC-CG) cluster functionalities. This means that in addition to standalone operation, CEs within a cluster will maintain their connections to peer CEs during an RE/GC outage.
-
No configuration updates will be pushed to a CE until its connectivity to the RE is fully restored.
-
Routing: When enabled, a local control plane is activated, allowing local traffic load balancing to continue functioning. In a full mesh SMG with control plane enabled, the load balancing across local and remote endpoints persists even during RE connectivity loss.
-
Identity management: Services receive certificates from a local Certificate Authority (CA) when starting or restarting without GC connectivity, ensuring continued operation.
-
Secret management: Secrets decrypted while connected to the GC are cached locally, allowing services to access them during connectivity outages.
Important: F5 Distributed Cloud does not store decrypted secrets.
Enabling Offline Survivability on an existing Site will restart its pods, services, and briefly disrupt traffic. Wait for the Offline Survivability status to show as Enabled before resuming operations.
Restrictions
When Offline Survivability is enabled and your Site is offline, the following restrictions apply:
- The logs after five (5) minutes (or 8 MB worth of collection) are lost.
- The metrics after two (2) hours are lost.
Note: These limitations are due to the inability to transmit data to the F5 GC during connectivity loss.
Prerequisites
-
F5 Distributed Cloud Account is required. If you do not have an account, see Getting Started with Console.
-
Customer Edge (CE) deployments require connectivity to F5 Distributed Cloud. See the F5 Customer Edge IP Address and Domain Reference for Firewall or Proxy Settings guide for the list of IP addresses and domain names that need to be allowed.
-
Confirm your Site nodes meets the minimum resources required. For a full listing of the resources required, see the Customer Edge Site Sizing Reference guide. All the nodes in a given CE Site should have the same resources regarding the compute, memory, and disk storage. When deploying in cloud environments, these nodes should use the same instance flavor.
Enable Offline Survivability During Site Creation
When creating a Secure Mesh Site v2, you can enable Offline Survivability using the instructions in this section.
Note: Enabling Offline Survivability during Site creation ensures that the feature is active from the outset, providing resilience against connectivity disruptions.
-
Navigate to Multi-Cloud Network Connect > Manage > Site Management > Secure Mesh Sites v2.
-
Click Add Secure Mesh Site to open the configuration form.
-
In the Regional Edge section, locate the Offline Survivability Mode drop-down menu and select Enabled.
-
Complete the remaining configuration and click Add Secure Mesh Site.
Enabling Offline Survivability for an Existing Site
To enable Offline Survivability on an existing Secure Mesh Site v2:
-
Navigate to Multi-Cloud Network Connect > Manage > Site Management and select your Site.
-
Click ... > Manage Configuration > Edit Configuration.
-
In the Regional Edge section, locate the Offline Survivability Mode drop-down menu and select Enabled.
-
Click Save Secure Mesh Site.
Configuring Offline Survivability in Site Mesh Groups
-
For CE sites that are members of a Full Mesh Site Mesh Group, first enable Offline Survivability for all member sites as shown above.
-
Navigate to Manage > Networking > Site Mesh Groups.
-
Select your Site Mesh Group and click ... > Manage Configuration > Edit Configuration.
-
Set Mesh Choice to Full Mesh and Full Mesh Choice to Control and Data Plane Mesh.
-
Click Save Site Mesh Group.
Configuring Offline Survivability in DC Cluster Groups
-
For CE sites that are members of a DC Cluster Group, first enable Offline Survivability for all member sites as shown above.
-
Navigate to Manage > Networking > DC Cluster Groups.
-
Select your DC Cluster Group and click ... > Manage Configuration > Edit Configuration.
-
Set Mesh Type to Control and Data Plane Mesh.
-
Click Save DC Cluster Group.
Monitor Offline Survivability Status
To verify the status of your Site:
-
Navigate to Multi-Cloud Network Connect > Overview > Infrastructure > Sites.
-
Select your Site to view its Dashboard.
-
Under F5 Software, verify Offline Survivability is set to Enabled.
Concepts
API References
On this page:
- Objective
- Functional Overview
- Restrictions
- Prerequisites
- Enable Offline Survivability During Site Creation
- Enabling Offline Survivability for an Existing Site
- Configuring Offline Survivability in Site Mesh Groups
- Configuring Offline Survivability in DC Cluster Groups
- Monitor Offline Survivability Status
- Concepts
- API References