Manage Site Offline Survivability with Secure Mesh Site v2
Objective
This guide provides instructions on managing Offline Survivability for F5® Distributed Cloud Customer Edge (CE) sites deployed using the Secure Mesh Site v2 (SMSv2) workflow. Offline Survivability ensures that your CE Site continues to function without traffic loss during periods of connectivity loss to the F5 Regional Edge (RE) or the F5 Global Controller (GC).
Note: Offline Survivability is supported for CE sites that are members of a full mesh Site Mesh Group (SMG) or a DC Cluster Group (DC-CG).
Functional Overview
The Offline Survivability feature for SMSv2 encompasses the following components:
-
Routing: When enabled, a local control plane is activated, allowing local traffic load balancing to continue functioning. In a full mesh SMG with control plane enabled, the load balancing across local and remote endpoints persists even during RE connectivity loss.
-
Identity management: Services receive certificates from a local Certificate Authority (CA) when starting or restarting without GC connectivity, ensuring continued operation.
-
Secret management: Secrets decrypted while connected to the GC are cached locally, allowing services to access them during connectivity outages.
Important: F5 Distributed Cloud does not store decrypted secrets.
Restrictions
When Offline Survivability is enabled and your Site is offline, the following restrictions apply:
- The logs after five (5) minutes (or 8 MB worth of collection) are lost.
- The metrics after two (2) hours are lost.
Note: These limitations are due to the inability to transmit data to the F5 GC during connectivity loss.
Prerequisites
-
F5 Distributed Cloud Account is required. If you do not have an account, see Getting Started with Console.
-
Customer Edge (CE) deployments require connectivity to F5 Distributed Cloud. See the Firewall and Proxy Server Allowlist Reference guide for the list of IP addresses and domain names that need to be allowed.
-
Confirm your Site nodes meets the minimum resources required. For a full listing of the resources required, see the Customer Edge Site Sizing Reference guide. All the nodes in a given CE Site should have the same resources regarding the compute, memory, and disk storage. When deploying in cloud environments, these nodes should use the same instance flavor.
Enable Offline Survivability During Site Creation
When creating a Secure Mesh Site v2, you can enable Offline Survivability using the instructions in this section.
Note: Enabling Offline Survivability during site creation ensures that the feature is active from the outset, providing resilience against connectivity disruptions.
-
Navigate to Multi-Cloud Network Connect > Manage > Site Management > Secure Mesh Sites v2.
-
Click Add Secure Mesh Site to open the configuration form.
-
In the Regional Edge section, locate the Offline Survivability Mode field and select Enable Offline Survivability Mode.
-
Complete the remaining configuration and click Save and Exit.
Enabling Offline Survivability for an Existing Site
To enable Offline Survivability on an existing Secure Mesh Site v2:
-
Navigate to Multi-Cloud Network Connect > Manage > Site Management and select your Site.
-
Click ... > Manage Configuration > Edit Configuration.
-
In the Regional Edge section, locate the Offline Survivability Mode field and select Enable Offline Survivability Mode.
-
Click Save and Exit.
Important: Enabling Offline Survivability on an existing site will restart its pods and services. Wait for the Offline Survivability status to show as Enabled before resuming operations.
Configuring Offline Survivability in Site Mesh Groups
-
For CE sites that are members of a Full Mesh Site Mesh Group, first enable Offline Survivability for all member sites as shown above.
-
Navigate to Manage > Networking > Site Mesh Groups.
-
Select your Site Mesh Group and click ... > Manage Configuration > Edit Configuration.
-
Set Mesh Choice to Full Mesh and Full Mesh Choice to Control and Data Plane Mesh.
-
Click Save and Exit.
Configuring Offline Survivability in DC Cluster Groups
-
For CE sites that are members of a DC Cluster Group, first enable Offline Survivability for all member sites as shown above.
-
Navigate to Manage > Networking > DC Cluster Groups.
-
Select your DC Cluster Group and click ... > Manage Configuration > Edit Configuration.
-
Set Mesh Type to Control and Data Plane Mesh.
-
Click Save and Exit.
Monitor Offline Survivability Status
To verify the status of your Site:
-
Navigate to Multi-Cloud Network Connect > Overview > Infrastructure > Sites.
-
Select your Site to view its dashboard.
-
Check the Local Control Plane status. It should display Enabled when Offline Survivability is active.
Concepts
API References
On this page:
- Objective
- Functional Overview
- Restrictions
- Prerequisites
- Enable Offline Survivability During Site Creation
- Enabling Offline Survivability for an Existing Site
- Configuring Offline Survivability in Site Mesh Groups
- Configuring Offline Survivability in DC Cluster Groups
- Monitor Offline Survivability Status
- Concepts
- API References