Forum Discussion

Zen_Y's avatar
Zen_Y
Icon for Cirrus rankCirrus
Oct 29, 2024

What will be happen to live and existing connections when failover HA BIG IP active-standby

Good morning

I have a little question, when we create HA configuration with active-standby mode, with Mac Masquerade configuration. What will be happen to live and existing connections? They will be disrupted when we do failover? or will the network device immediately find the standby device that has the same masquerade mac and floating ip without any timeout process first?

Thank you

  • Zen_Y .
    To maintain active connections when a failover occurs, you will need to configure connection mirroring. 

    I found some information that could help answer your questions on our myf5 portal, please click on the links below .

    K84303332: Overview of connection and persistence mirroring (13.x - 16.x)
    https://my.f5.com/manage/s/article/K84303332


    Manual Chapter : Managing Connection Mirroring
    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-device-service-clustering-admin-11-5-0/9.html

    On the other hand MAC masquerade optimizes the flow of traffic during failover events


    K13502: Configuring MAC masquerade (11.x - 17.x)
    https://my.f5.com/manage/s/article/K13502.

    I hope this helps.

    • Zen_Y's avatar
      Zen_Y
      Icon for Cirrus rankCirrus

      Hi akonu 

      This is interesting, I have read several articles about mirroring connections, but in the implementation in reality, I have not implemented this. Is there any information about the impact of this implementation? such as increasing cpu, memory, network load or even certain bugs that must be avoided on both active and standby devices?

      And when we do not implement a mirroring connection, will the existing connection time out before it finds a new active device?

      • This is dependent on how the application handles a no response. I would say from a TCP perspective, the connection would time out, it would inform the user of the connection loss and you would have to refresh the connection or resend the request.

  • Zen_Y 

    When a failover occurs, all existing connection will be reset because the newly active device is not aware of the existing connections to the previous active device. please find below a knowledge based article that explains this.

     

    K14203: Active connections may experience a long delay following failover

    https://my.f5.com/manage/s/article/K14203

     

    Hope this helps

  • Mirroring is usually used for protocols where they are tightly bound to the underlying TCP session eg FTP/Telnet. For HTTP it is irrelevant - HTTP will create a new TCP session and the client wont notice the difference

  • Zen_Y 
    MAC masquerade will use gratuitous ARP. As a first step, you should ensure that your network switches can handle gratuitous ARP. If gratuitous ARP is disabled on your network, you may experience at least 5 minutes of outage.
    As others have said, for "existing connections", Connection Mirroring is the solution.

  • Thank you all for the discussion, more or less I now understand the flow that occurs on the existing connection when manual failover is performed on BIG-IP, thank you