--> The connection mirroring allows the Active F5 BIG IP system to transfer the connection table to the standby unit.
--> The Persistence mirroring allows the Active F5 BIG IP system to transfer the persistence table to the standby unit.
--> The Traffic Management Microkernel (TMM) in the F5 BIG IP system going to handle all the mirroring of connection table/persistence table between Active and standby F5 units.
--> As soon as you enable mirroring in F5 BIG IP system then the Active F5 System gonna create a mirroring connection with Standby F5 System.
--> For each and every traffic group there will be a separate mirroring connection is created between the Active and Standby F5 Systems.
--> TCP Port 1029-1055 is going to be used for the mirroring connection by default.
Ex:
The mirroring connection for traffic-group-1 is established from LTM1 to LTM2 on TCP port 1029.
The mirroring connection for traffic-group-2 is established from LTM1 to LTM3 on TCP port 1030.
Pre-requisites to implement connection mirroring/ persistence mirroring:
1) VLAN: It is recommended to use a separate VLAN for mirroring traffic
2) Primary/Secondary Mirroring IP address: A Separate IP address need to be configured for establishing the connection from Active to Standby Units.
3) Connection Mirroring Needs to be enabled for each and every virtual server ( Local Traffic > Select the Virtual Server which you want to mirror the connection table > Configuration > Advanced > check Connection Mirroring > update)
4) Connection Mirroring for SNAT ( Local Traffic > SNAT > Select the SNAT which you want to mirror the SNAT connection traffic > Check Stateful Failover mirror > update)
5) Persistence Mirroring ( Local Traffic > Profiles > Select the Persistence Profile on which you want to mirror the persistence records > Check the Mirror Persistence > Update)
--> Once you fulfill all the above pre-requisites then you can mirror the connection table/persistence table entries from Active F5 to Standby F5.
--> To verify connection mirroring/persistence mirroring happening or not, Execute the below commands:
# tmsh show /sys connection type mirror --> For Connection Mirroring
# tmsh show /ltm persistence persist-records --> For Persistence Mirroring
Recommendations:
1) It is recommended to enable connection mirroring only between identical F5 systems
2) It is not recommended to enable connection mirroring on HTTP/FTP/UDP traffic as those protocols allow to work properly even in the case of failures
3) Dedicated VLAN for mirroring the traffic
4) Use direct cables to perform connection/persistence mirroring between F5 systems
5) Use both primary and secondary mirroring addresses
6) Standby System connection table entries will not be cleared even it is deleted from an active system until idle timeout by default ( It can be changeable).
Reference: F5.com
Md.Kareemoddin
CCIE# 54759
--> The Persistence mirroring allows the Active F5 BIG IP system to transfer the persistence table to the standby unit.
--> The Traffic Management Microkernel (TMM) in the F5 BIG IP system going to handle all the mirroring of connection table/persistence table between Active and standby F5 units.
--> As soon as you enable mirroring in F5 BIG IP system then the Active F5 System gonna create a mirroring connection with Standby F5 System.
--> For each and every traffic group there will be a separate mirroring connection is created between the Active and Standby F5 Systems.
--> TCP Port 1029-1055 is going to be used for the mirroring connection by default.
Ex:
The mirroring connection for traffic-group-1 is established from LTM1 to LTM2 on TCP port 1029.
The mirroring connection for traffic-group-2 is established from LTM1 to LTM3 on TCP port 1030.
Pre-requisites to implement connection mirroring/ persistence mirroring:
1) VLAN: It is recommended to use a separate VLAN for mirroring traffic
2) Primary/Secondary Mirroring IP address: A Separate IP address need to be configured for establishing the connection from Active to Standby Units.
3) Connection Mirroring Needs to be enabled for each and every virtual server ( Local Traffic > Select the Virtual Server which you want to mirror the connection table > Configuration > Advanced > check Connection Mirroring > update)
4) Connection Mirroring for SNAT ( Local Traffic > SNAT > Select the SNAT which you want to mirror the SNAT connection traffic > Check Stateful Failover mirror > update)
5) Persistence Mirroring ( Local Traffic > Profiles > Select the Persistence Profile on which you want to mirror the persistence records > Check the Mirror Persistence > Update)
--> Once you fulfill all the above pre-requisites then you can mirror the connection table/persistence table entries from Active F5 to Standby F5.
--> To verify connection mirroring/persistence mirroring happening or not, Execute the below commands:
# tmsh show /sys connection type mirror --> For Connection Mirroring
# tmsh show /ltm persistence persist-records --> For Persistence Mirroring
Recommendations:
1) It is recommended to enable connection mirroring only between identical F5 systems
2) It is not recommended to enable connection mirroring on HTTP/FTP/UDP traffic as those protocols allow to work properly even in the case of failures
3) Dedicated VLAN for mirroring the traffic
4) Use direct cables to perform connection/persistence mirroring between F5 systems
5) Use both primary and secondary mirroring addresses
6) Standby System connection table entries will not be cleared even it is deleted from an active system until idle timeout by default ( It can be changeable).
Reference: F5.com
Md.Kareemoddin
CCIE# 54759
Super Duper Explanation
ReplyDeletePerfect explanation
ReplyDelete