Forum Discussion

Nimbostratus

Sep 17, 2014

Failover visibility

If an LTM fails over, will a user notice the drop if the user is connected over SSL? Will the user have to log in again after failover on an SSL page?

Thanks.

7 Replies

Ryannnnnnnnn
Altocumulus
Sep 17, 2014
Do you have connection mirroring enabled?
- mnb_63148
  Nimbostratus
  Sep 17, 2014
  I do not have connection mirroring. The majority of traffic is over SSL, which I have read does not work with connection mirroring.
- mnb_63148
  Nimbostratus
  Sep 17, 2014
  If SSL does not mirror, is there a reason to use connection mirroring?
Ryan_80361
Cirrostratus
Sep 17, 2014
Do you have connection mirroring enabled?
- mnb_63148
  Nimbostratus
  Sep 17, 2014
  I do not have connection mirroring. The majority of traffic is over SSL, which I have read does not work with connection mirroring.
- mnb_63148
  Nimbostratus
  Sep 17, 2014
  If SSL does not mirror, is there a reason to use connection mirroring?
pete_71470
Cirrostratus
Sep 17, 2014
Terminated SSL doesn't mirror but unterminated SSL can. SSL for a virtual is terminated on the appliance if you have client ssl profile attached.

Perhaps more important than mirroring for you might be persistence mirroring. During a failover all terminated SSL sessions are dropped, and without compatible persistence being mirrored (or cookie persistence without mirroring) there is a good chance clients connecting to the newly Active unit will find themselves balanced to a different pool member (causing users to find they have to log in again) because the newly Active unit wouldn't be aware of the previous load balancing decision.