Manual Chapter : Managing Connection Mirroring

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP APM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP Analytics

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP Link Controller

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP LTM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP AFM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP PEM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP DNS

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP ASM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
Manual Chapter

Managing Connection Mirroring

 

About connection mirroring

BIG-IP® system redundancy includes the ability for a device to mirror connection and persistence information to another device in a device service clustering DSC) configuration, to prevent interruption in service during failover. The BIG-IP system maintains a separate mirroring channel for each traffic group. The BIG-IP system allows TCP ports starting from 1029 to 1155. The port range for each new connection (traffic group and channel) is incremented by one.

You enable connection mirroring on a virtual server. This causes an active traffic group to mirror its connections to the designated mirroring peer in the device group. You can enable connections such as FTP, Telnet, HTTP, UDP, and SSL connections.

You should enable connection mirroring whenever failover would cause a user session to be lost or significantly disrupted. For example, long-term connections such as FTP and Telnet are good candidates for mirroring. For this type of traffic, if failover occurs, an entire session can be lost if the connections are not being mirrored to a peer device. Conversely, the mirroring of short-term connections such as HTTP and UDP is not recommended, because these protocols allow for failure of individual requests without loss of the entire session, and the mirroring of short-term connections can negatively impact system performance.

Important: Connection mirroring only functions between devices with identical hardware platforms. Moreover, on a VIPRION® system running the vCMP® feature, the two guests, as mirrored peers, must each reside on a separate chassis, with the same number of slots, on the same slot numbers, and with the same number of cores per slot allocated.
Note: Also note that in addition to enabling connection mirroring on the virtual server, you must also assign the appropriate profiles to the virtual server. For example, if you want the BIG-IP system to mirror SSL connections, you must assign one or more SSL profiles to the virtual server.

Connection mirroring and traffic groups

Connection mirroring operates at the traffic group level. That is, each device in a device group has a specific mirroring peer device for each traffic group. The mirroring peer device is the traffic group's next-active device.

For example, if device Bigip_A is active for traffic group traffic-group-1, and the next-active device for that traffic group is Bigip_C, then the traffic group on the active device mirrors its in-process connections to traffic-group-1 on Bigip_C.

If Bigip_A becomes unavailable and failover occurs, traffic-group-1 on Bigip_C becomes active and continues the processing of any current connections.

Configuration task summary

Configuring connection mirroring requires you to perform these specific tasks:

Specifying a local self IP address for connection mirroring (required)
This local self IP address is the address that you want other devices in a device group to use when other traffic groups mirror their connections to a traffic group on this device.
Enabling connection mirroring on a virtual server
The BIG-IP® can mirror TCP or UDP connections for a virtual server. When you enable connection mirroring on a virtual server, and you then make the relevant virtual address a member of an active floating traffic group, the traffic group can mirror its connections to its corresponding standby traffic group on another device.
Enabling connection mirroring on a SNAT
The BIG-IP system can mirror TCP or UDP connections for a SNAT.
Enabling persistence mirroring on a persistence profile
The BIG-IP system can mirror persistence information between peers for the following persistence profiles:
  • Destination address affinity
  • Hash
  • Microsoft Remote Desktop (MSRDP)
  • Session Initiation Protocol (SIP)
  • Source address affinity
  • SSL
  • Universal

Specifying an IP address for connection mirroring

You can specify the local self IP address that you want other devices in a device group to use when mirroring their connections to this device. Connection mirroring ensures that in-process connections for an active traffic group are not dropped when failover occurs. You typically perform this task when you initially set up device service clustering (DSC®).

Note: You must perform this task locally on each device in the device group.
  1. Confirm that you are logged in to the device you want to configure.
  2. On the Main tab, click Device Management > Devices .
    This displays a list of device objects discovered by the local device.
  3. In the Name column, click the name of the device to which you are currently logged in.
  4. From the Device Connectivity menu, choose Mirroring.
  5. For the Primary Local Mirror Address setting, retain the displayed IP address or select another address from the list.
    The recommended IP address is the self IP address for either VLAN HA or VLAN internal.
    Important: If the BIG-IP device you are configuring is accessed using Amazon Web Services, then the self IP address you specify must be one of the private IP addresses that you configured for this EC2 instance as the Primary Local Mirror Address.
  6. For the Secondary Local Mirror Address setting, retain the default value of None, or select an address from the list.
    This setting is optional. The system uses the selected IP address in the event that the primary mirroring address becomes unavailable.
  7. Click Update.
In addition to specifying an IP address for mirroring, you must also enable connection mirroring on the relevant virtual servers on this device.

Enabling connection mirroring for TCP and UDP connections

Verify that you have specified primary and secondary mirroring IP addresses on this device. Other traffic groups in the device group use these addresses when mirroring connections to this device.

You can perform this task to enable TCP or UDP connections for a virtual server. Connection mirroring is an optional feature of the BIG-IP® system, designed to ensure that when failover occurs, in-process connections are not dropped. You enable mirroring for each virtual server that is associated with a floating virtual address.

  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the name of the virtual server you want to modify.
  3. From the Configuration list, select Advanced.
  4. For the Connection Mirroring setting, select the check box.
    Note: This setting only appears when the BIG-IP device is a member of a device group.
  5. Click Update to save the changes.

Enabling connection mirroring for SNAT connections

You can perform this task to enable connection mirroring for source network address translation (SNAT). Connection mirroring is an optional feature of the BIG-IP® system, designed to ensure that when failover occurs, in-process SNAT connections are not dropped. You can enable mirroring on each SNAT that is associated with a floating virtual address.

  1. On the Main tab, click Local Traffic > Address Translation .
    The SNAT List screen displays a list of existing SNATs.
  2. In the Name column, click the relevant SNAT name.
  3. For the Stateful Failover Mirror setting, select the check box.
  4. Click Update.
In addition to enabling connection mirroring on a SNAT, you must also specify a mirroring IP address on this device. Other traffic groups in the device group use this address when mirroring their connections to this device.

Enabling mirroring of persistence records

Verify that you have specified primary and secondary mirroring IP addresses on this device. Other traffic groups in the device group use these addresses when mirroring persistence records to this device.

You can perform this task to mirror persistence records to another device in a device group.

  1. On the Main tab, click Local Traffic > Profiles > Persistence .
    The Persistence profile list screen opens.
  2. In the Name column, click the name of the relevant persistence profile.
  3. For the Mirror Persistence setting, select the check box.
  4. Click Update.