BIG-IP connection mirroring in public cloud doesn't work, but why?
Summary
BIG-IP connection mirroring is not supported in public cloud environments. Cloud Failover Extension (CFE) supports failover between BIG-IP devices, and persistence mirroring will work, bu...
Updated Jul 10, 2023
Version 2.0
MichaelOLeary
Employee
Employee
shsinghEmployee
EmployeeThanks for the writeup MichaelOLeary.
I will add that there are some other things to think about when looking to use connection-mirroring (TL;DR most times it's unnecessary):
- SSH and RDP type services do have the ability to set keep-alives
- in SSH for example you can set the following in your ~/.ssh/config
# Settings 10 retry messages at one every 60sec ServerAliveInterval = 60 ServerAliveCountMax = 10
- in SSH for example you can set the following in your ~/.ssh/config
- Ensuring that your fastL4 servers have the ability to pass flows in flight (e.g. the loose-initiation and loose-strict values)
- non-HTTP and Standard Virtual Servers that need connection mirroring definitely come with a caveat for the type of app and protocol (databases for example)
Having said all that, if you do have a fastL4 wildcard routing-type Virtual Server *most* protocols tend to be fine unless its something in the middle of its transaction (e.g. database write, etc.)
I've helped customers deploy BIG-IP in Carrier Grade NAT scenarios (which is similar in some respects to a cloud-based environments) to be able to "seamlessly" fail devices or reboot so that subscribers are generally unaware their Internet is down: https://www.youtube.com/watch?v=hsb0OtqO_AM&list=PL5jC9WagzrjExq85JuWQHSUm9PegO3JmR&index=16