F5 Big-IP: Config Sync

What is Config-Sync ?

When creating a Device Group in a High Availability environment, you can choose between two types:

• Sync-Only Device Group
• Sync-Failover Device Group

Both rely on the Config-Sync mechanism to synchronize configuration data between devices. (The Sync-Failover group additionally provides traffic failover capabilities.)

Keeping configurations synchronized across all units is critical in a clustered environment. For example, if you create a Virtual Server on Unit A, you want that configuration change to propagate to Unit B.

Without synchronization, administrators would need to manually recreate the same configuration on each device, which could easily introduce inconsistencies or human errors, such as:

• Different object names (test vs Test)
• Incorrect IP addresses
• Missing profiles or monitors
• Outdated configurations on standby devices

This becomes even more important considering that a Sync-Only Device Group can contain up to 32 devices. Manually maintaining identical configurations across dozens of BIG-IP systems would quickly become unmanageable.

When BIG-IP devices belong to the same Device Group, the Config-Sync utility ensures that configuration changes are propagated and kept up to date across all members.

Config-Sync channel

To exchange and synchronize configuration data, BIG-IP devices use the ConfigSync address configured during Device Trust setup.

This address uses the TMM (Traffic Management Microkernel) network plane rather than the management interface, meaning it behaves like a production traffic interface.

...