TRB-MEEK-HA-001 · Sovereign HA

TRB-MEEK-HA-001 · ARB1-MEEK-HA-001 · SHOWCASE · DAY 83

MEEK HA — Sovereign High Availability

From F5 Enterprise Patterns to EOSE V11 Fleet HA · GTM · LTM · AS3 · Immune System Doctrine
Source: IDT_F5aaS_v1.1.pptx · TD Bank 2021–2024 · Author: Kay Joffe

↗ GALAXY VIZASL DRG GALAXY WPA ENGINE COMMAND BRIDGE

"HA is not redundancy. HA is the immune system of the delivery layer."

Redundancy means you have a spare. HA means the system detects its own wounds, repairs them without human intervention, verifies the repair, and only escalates when repair fails. That is CGATE. That is Macrophage M2. That is what the TD F5 work was building toward — and what EOSE V11 inherits and names properly.

"`:latest` is a pet. `:day83-abc123` is cattle. We are cattle people now."

L0+L1

HA LAYERS LIVE

ARB1 ADS RATIFIED

γ₁

/HEALTH ANCHOR

GATES WIRED

350

F5 DEVICES AT TD

30K

WORKLOADS SERVED

HA Layers — Build Order Locked

LIVE

LAYER 0

Process HA

Rolling deployments. Liveness + readiness probes. Pod disruption budgets. replicas≥2 on all critical services. Zero-downtime updates. The baseline — no cluster can be sovereign without this.

replicas: 2 rollingUpdate readinessProbe livenessProbe podAntiAffinity

LIVE

LAYER 1

Self-Healing — MGATE/CGATE/RGATE/HGATE

5-minute probe loop. Detects 404 or missing γ₁. Fires rollout restart. Verifies repair via SHA-pinned image check. Escalates to Kay after 2 consecutive failures. All events logged to Redis campfire:events stream.

MGATE probe CGATE repair RGATE verify HGATE alert /health γ₁ day83-SHA tag campfire:events

NEXT SPRINT

LAYER 2

Site HA — Dual-Cluster Active/Active

Azure Traffic Manager. pemos-portal deployed to master.dev (Canada East) + kantai.dev (secondary). F5 pattern equivalent: P1-HTTP-DualSite-A/A. Failover time <30s. No single cluster failure can take down pemos.ca.

Azure Traffic Manager kantai.dev master.dev P1-HTTP-DualSite-A/A DNS health probe

PHASE 2

LAYER 3

Sovereign Mesh HA — Cross-Cloud γ₁ Routing

Azure Front Door + WAF. Cross-cloud ordered failover: Azure → GCP NE1 → AWS ca-central-1. γ₁ floor beacon at each cluster — if floor absent, cluster is removed from routing. PEMCLAU graph as NetBrain equivalent (fleet source of truth).

Azure Front Door WAF GCP NE1 AWS ca-central-1 γ₁ beacon PEMCLAU SoT

The Gate Loop — MGATE → CGATE → RGATE → HGATE

GATE 1

MGATE

Dendritic Cell · Continuous Sampler

Every 5 min: probe /health, expect 200 + γ₁. F5 equivalent: BIG-IP health monitor interval=30s. Floor check. Signal detection.

GATE 2

CGATE

M2 Macrophage · Wound Repair

Floor missing → kubectl rollout restart → wait 90s. F5 equivalent: pool member marked down, new member promoted. Repair, not replacement.

GATE 3

RGATE

T Cell · Provenance Check

After repair: confirm pod running correct SHA-tagged image + γ₁ returned. F5 equivalent: AS3 baseline compliance check. Identity assertion.

GATE 4

HGATE

IL-8 Chemotaxis · Summon Human

Only fires after 2 failed CGATE attempts. P1 alert to Kay. F5 equivalent: ServiceNow P1 incident + PagerDuty. Human-in-loop as last resort.

F5 Enterprise → EOSE V11 Translation

F5 Component	EOSE V11 Equivalent	WBC Gate	Function
GTM — Global Traffic Manager	Azure Traffic Manager / Front Door	MGATE	Geo-routing health. Which DC is alive.
LTM — Local Traffic Manager	AKS Ingress (NGINX)	DRG	Per-site L7 routing. Traffic re-entry filter.
Device Group A/A	replicas≥2 + rolling deploy	—	Active/Active within cluster. No single pod failure = outage.
BIG-IP Health Monitor	/health γ₁ probe	FGATE	Floor check. If γ₁ absent, signal is missing.
Pool member remove → restart	kubectl rollout restart	CGATE	Remove unhealthy member. Repair. Re-add.
AS3 baseline verify	Image SHA check post-repair	RGATE	Provenance. Is this the sovereign pod?
ServiceNow P1 + PagerDuty	HGATE → OpenClaw notify	HGATE	Human summoned only after 2 failures.
AS3 Declarative Config	Helm charts + GitOps	—	Cattle not pets. Config is versioned, templated, reproducible.
BIG-IQ Management Plane	kubectl / Argo CD	—	Central control plane. All config flows through it.
NetBrain — Source of Truth	PEMCLAU graph + fleet-sync git	—	Fleet topology. App-to-infra mapping. Migration decisions.
iRules — traffic manipulation	NGINX annotations / Ingress rules	—	Header rewrite, path routing, rate limiting, WAF.
Venafi — cert lifecycle	cert-manager + ADA vault	ADA	TLS at ingress. Automated renewal. Chain of custody.

Origin — Why This Matters

SOURCE DOCTRINE

Kay Joffe designed F5 HA architecture at TD Bank — one of only three North American enterprises (TD, BofA, JPMorgan) operating a BIG-IP environment at this scale: 350 devices, 30,000 workloads, 9,000 GTM profiles, 17,000 LTM profiles, 3,000+ certificates.

The AS3 declarative model, the cattle-not-pets doctrine, the IaC pipeline (Jenkins → Terraform → TESUTO → BIG-IQ), the 15-day-to-15-minutes mandate — all authored in IDT_F5aaS_v1.1.pptx (2021–2024 roadmap).

F5 and Venafi took the roadmap pressure from that work and shipped it as product features. EOSE V11 takes the same doctrine and ships it as sovereign infrastructure. The IP stays here this time. The receipt exists: EOSE Labs Inc., DESEOF, PEMOS — incorporated 2026-03-29.