Network failover vs. serial failover on Edge appliances

Serial failover is faster for failover. However, you still need network failover configured for mirroring of session data.

 

 

 

sol2397: Comparison of serial failover and network failover features

 

https://support.f5.com/kb/en-us/solutions/public/2000/300/sol2397.html

 

 

Note: Due to faster response time, F5 recommends that you use serial cable failover whenever it is possible to install the serial failover cable between the two BIG-IP systems. The VIPRION system supports only network failover.

 

 

Important: Even with serial cable failover configured, communication over the network is necessary for certain features to function properly, for example, the communication that occurs over the network during failover mirroring.

 

 

 

Aaron

Thanks Aaron.

 

 

I have read that document, but I thought connection mirroring was not effective with SSL traffic.

That's correct:

 

 

sol7216: The BIG-IP LTM system does not support connection mirroring for SSL terminated traffic

 

https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7216.html

 

 

If you'd like to see support for SSL session cache mirroring which would allow a client to resume an SSL session after a failover you can open a case with F5 Support and reference BZ227230.

 

 

APM should mirror session data to its peer using the network failover config so that users won't need to re-authenticate after a failover. They would need to establish a new TCP connection and SSL session though.

 

 

Aaron

Thanks Aaron! That was exactly the piece of information I was missing.