BIG-IP® system high availability includes the ability for a device to mirror connection and persistence information to another device in a device service clustering (DSC®) configuration, to prevent interruption in service during failover. The BIG-IP system mirrors connection and persistence data over TCP port 1028 with every packet or flow state update.
You enable connection mirroring on the relevant virtual server, and then on each device in the device group, you specify the self IP addresses that you want other devices to use when mirroring connections to the local device. This enables mirroring between an active traffic group and a mirroring peer in the device group. You can enable connections such as FTP, Telnet, HTTP, UDP, and SSL connections.
You should enable connection mirroring whenever failover would cause a user session to be lost or significantly disrupted. For example, long-term connections such as FTP and Telnet are good candidates for mirroring. For this type of traffic, if failover occurs, an entire session can be lost if the connections are not being mirrored to a peer device. Conversely, the mirroring of short-term connections such as HTTP and UDP is typically not recommended, because these protocols allow for failure of individual requests without loss of the entire session, and the mirroring of short-term connections can negatively impact system performance.
For VIPRION® systems, each device in a Sync-Failover device group can be either a physical cluster of slots within a chassis, or a virtual cluster for a vCMP® guest. In either case, you can configure a device to mirror an active traffic group's connections to its next-active device.
You enable connection mirroring on the relevant virtual server, and then you configure each VIPRION cluster or vCMP guest to mirror connections by choosing one of these options:
In addition to enabling connection mirroring on the virtual server, you must also assign the appropriate profiles to the virtual server. For example, if you want the BIG-IP system to mirror SSL connections, you must assign one or more SSL profiles to the virtual server.
Connection mirroring operates at the traffic group level. That is, for each virtual server that has connection mirroring enabled, the traffic group that the virtual server belongs to mirrors its connections to its next-active device in the device group.
For example, if traffic-group-1 is active on Bigip_A, and the next-active device for that traffic group is Bigip_C, then the traffic group on the active device mirrors its in-process connections to Bigip_C.
If Bigip_A becomes unavailable and failover occurs, traffic-group-1 goes active on Bigip_C and begins mirroring its connections to the next-active device for Bigip_C.
Configuring connection mirroring requires you to perform these specific tasks:
You can specify the local self IP address that you want other devices in a device group to use when mirroring their connections to this device. Connection mirroring ensures that in-process connections for an active traffic group are not dropped when failover occurs. You typically perform this task when you initially set up device service clustering (DSC®).
Using the BIG-IP® Configuration utility, you can configure connection mirroring between two VIPRION® or vCMP® clusters as part of your high availability setup:
You can perform this task to enable TCP or UDP connections for a virtual server. Connection mirroring is an optional feature of the BIG-IP® system, designed to ensure that when failover occurs, in-process connections are not dropped. You enable mirroring for each virtual server that is associated with a floating virtual address.
You can perform this task to enable connection mirroring for source network address translation (SNAT). Connection mirroring is an optional feature of the BIG-IP® system, designed to ensure that when failover occurs, in-process SNAT connections are not dropped. You can enable mirroring on each SNAT that is associated with a floating virtual address.
You can perform this task to mirror persistence records to another device in a device group.