Forum Discussion

Obvious_302104's avatar
Obvious_302104
Icon for Nimbostratus rankNimbostratus
Dec 07, 2016

Sync of TCP connection table

Hello,

 

I am new to F5 but was able to configure two F5 LTM as active standby pair. I am running BIG-IP 11.4.1 Build 690.0 Hotfix HF10. Connection and Persistence mirroring is enabled and working for new incoming connections. My problem is that in case of a reboot of one of the machines the active F5 is not copying its whole connection table to the passive (rebooted) one. Only the new TCP connections are mirrored to the standy F5. Is this working as intended? or is there an option I missed during configuration?

 

Thanks for your help.

 

  • First I recommend you upgrade to 11.5.4 Hf2 which is the minimum F5 code you should be running. I know some are running 11.6 but strategically you should aim to get onto 12.1 at some point.

     

    Do you have connection mirroring checked off on the Virtual server? which type of protocol are you expecting to be mirrored? you should be able to execute a connection and run tmsh show sys connection on both units to ensure the session is mirrored. There might be some older connection mirroring bugs so i would try it out with 11.5.4 running

     

  • You need to make sure connection mirroring is checked on the virtual server and the VS is part of the active floating traffic group. It depends on your requirements, but typically http traffic shouldn't need connection mirroring enabled.

     

    Otherwise if that is all good, it is interesting that the active f5 does not share all active connections, just the new ones. f5 documentation says that connection updates should be sent to the standby unit with every packet or flow state update.

     

    Could you test with a telnet session and show us the connection present and then missing on the standby unit?

     

  • We have tcp connections only, no http traffic. Problem is that our HA F5 pair is running in production and i don't want to reboot them if not necessary. Our test system only has a single F5 so i cannot test this behaviour there.

     

    Next plan is to update to 12.1. And check if its working then.

     

    Thanks for your help