For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

BIG-IP connection mirroring in public cloud doesn't work, but why?

Summary BIG-IP connection mirroring is not supported in public cloud environments. Cloud Failover Extension (CFE) supports failover between BIG-IP devices, and persistence mirroring will work, bu...
Updated Jul 10, 2023
Version 2.0
cloud
MichaelOLeary's avatar
Icon for Employee rankEmployee
I'm a Solution Architect at F5. Over the years I've become an expert in Kubernetes and cloud architectures. I publish articles and blog posts to share as much knowledge as possible. I love hanging out with colleagues and customers, so reach out any time!
View Profile
shsingh's avatar
shsingh
Icon for Employee rankEmployee
Jul 15, 2023

Thanks for the writeup MichaelOLeary.

I will add that there are some other things to think about when looking to use connection-mirroring (TL;DR most times it's unnecessary):

  • SSH and RDP type services do have the ability to set keep-alives 
    • in SSH for example you can set the following in your ~/.ssh/config
      # Settings 10 retry messages at one every 60sec  
ServerAliveInterval = 60
ServerAliveCountMax = 10
  • Ensuring that your fastL4 servers have the ability to pass flows in flight (e.g. the loose-initiation and loose-strict values)
  • non-HTTP and Standard Virtual Servers that need connection mirroring definitely come with a caveat for the type of app and protocol (databases for example)

Having said all that, if you do have a fastL4 wildcard routing-type Virtual Server *most* protocols tend to be fine unless its something in the middle of its transaction (e.g. database write, etc.)

I've helped customers deploy BIG-IP in Carrier Grade NAT scenarios (which is similar in some respects to a cloud-based environments) to be able to "seamlessly" fail devices or reboot so that subscribers are generally unaware their Internet is down: https://www.youtube.com/watch?v=hsb0OtqO_AM&list=PL5jC9WagzrjExq85JuWQHSUm9PegO3JmR&index=16