Forum Discussion
Sync of TCP connection table
Hello,
I am new to F5 but was able to configure two F5 LTM as active standby pair. I am running BIG-IP 11.4.1 Build 690.0 Hotfix HF10. Connection and Persistence mirroring is enabled and working for new incoming connections. My problem is that in case of a reboot of one of the machines the active F5 is not copying its whole connection table to the passive (rebooted) one. Only the new TCP connections are mirrored to the standy F5. Is this working as intended? or is there an option I missed during configuration?
Thanks for your help.
- jgranieriNimbostratus
First I recommend you upgrade to 11.5.4 Hf2 which is the minimum F5 code you should be running. I know some are running 11.6 but strategically you should aim to get onto 12.1 at some point.
Do you have connection mirroring checked off on the Virtual server? which type of protocol are you expecting to be mirrored? you should be able to execute a connection and run tmsh show sys connection on both units to ensure the session is mirrored. There might be some older connection mirroring bugs so i would try it out with 11.5.4 running
- Soda_Cup_148395Nimbostratus
You need to make sure connection mirroring is checked on the virtual server and the VS is part of the active floating traffic group. It depends on your requirements, but typically http traffic shouldn't need connection mirroring enabled.
Otherwise if that is all good, it is interesting that the active f5 does not share all active connections, just the new ones. f5 documentation says that connection updates should be sent to the standby unit with every packet or flow state update.
Could you test with a telnet session and show us the connection present and then missing on the standby unit?
- Obvious_302104Nimbostratus
We have tcp connections only, no http traffic. Problem is that our HA F5 pair is running in production and i don't want to reboot them if not necessary. Our test system only has a single F5 so i cannot test this behaviour there.
Next plan is to update to 12.1. And check if its working then.
Thanks for your help
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com