Forum Discussion
What will be happen to live and existing connections when failover HA BIG IP active-standby
Zen_Y .
To maintain active connections when a failover occurs, you will need to configure connection mirroring.
I found some information that could help answer your questions on our myf5 portal, please click on the links below .
K84303332: Overview of connection and persistence mirroring (13.x - 16.x)
https://my.f5.com/manage/s/article/K84303332
Manual Chapter : Managing Connection Mirroring
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-device-service-clustering-admin-11-5-0/9.html
On the other hand MAC masquerade optimizes the flow of traffic during failover events
K13502: Configuring MAC masquerade (11.x - 17.x)
https://my.f5.com/manage/s/article/K13502.
I hope this helps.
Hi akonu
This is interesting, I have read several articles about mirroring connections, but in the implementation in reality, I have not implemented this. Is there any information about the impact of this implementation? such as increasing cpu, memory, network load or even certain bugs that must be avoided on both active and standby devices?
And when we do not implement a mirroring connection, will the existing connection time out before it finds a new active device?
- PauliusOct 30, 2024MVP
This is dependent on how the application handles a no response. I would say from a TCP perspective, the connection would time out, it would inform the user of the connection loss and you would have to refresh the connection or resend the request.
- Zen_YNov 03, 2024Cirrus
doesn't a timeout event occur when a network device doesn't find the appropriate IP and MAC address to send data? while when we do a failover with the same IP vs, IP data, and MAC address recognized by the server side and client side, will they also fail to find a new device without going through the timeout process?
when failover, I once tried to do a ping test, I don't know if this will be relevant to real traffic or not, but there was no timeout status. Doesn't this mean that the network device can receive a new IP and MAC on a previously inactive device, and immediately flow traffic there?
- PauliusNov 03, 2024MVP
ICMP traffic is not an active flow that requires an established connection such as TCP. Would this failover be a manual failover or a failover due to a device fault? If this is a manual failover you probably wouldn't notice any drops if any, if the device has a fault then you would most definitely notice the failover because the device in good health would have to run through the entire failover timeout before failing over. If your business can afford some testing I would schedule failover testing during low traffic period and run through different failures to see what happens. You should test continuous ICMP as well as copying data to and from something being load balanced. I would do the following tests.
- Issue a manual failover from unit 0 to unit 1 and then back after 10 minutes.
- Reboot the active unit, wait for it to come back up completely, reboot the new active unit and wait the same amount of time.
- On the active unit unplug an interface but not the management interface. Repeat this for each interface less the management interface on each unit after you wait for 5 minutes after plugging the interface back in.
For number 3 you would bounce back and forth between the units. As an example, if you had 2 interfaces plugged in less the management interface you would do the following assuming Unit 0 is the active unit.- Unit 0 unplug interface 1.
- Wait 5 minutes then Unit 1 unplug interface 1.
- Wait 5 minutes then Unit 0 unplug interface 2.
- Wait 5 minutes then Unit 1 unplug interface 2.
Make sure you clearly record each step of connectivity testing so you know exactly how the device will behave. You should test each unique application such as email load balancing, http, ftp, and so on. You do not have to test multiple of each unless they have something that makes then drastically different.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com