Connection Mirroring issue - Serverside Connection Information Missing on Standby

Question

Hello,&nbsp;
I am running 2 x Viprion 2400 Chassis each with a single B2250 blade (Version 11.5.1 HF10).  I have a vCMP guest on each chassis which are setup as Active/Standby and using OSPF for routing.  All appears to be working well (i.e. OSPF, Virtual Servers) except for the connection mirroring feature.  Under connection mirroring I have selected "Between Clusters" and have the HA VLAN as the primary mirror address and Internal VLAN as the secondary mirror address.&nbsp;
The issue is the connection mirroring only works approximately 50% of the time.  When it doesn't work, the mirrored connections will appear on the standby unit without any serverside connection information and it will not be removed until the idle timer reaches 300+ seconds, even if the client has terminated the connection.  Below is an example taken from the standby unit.  I connected to an HTTP virtual server which is setup for connection mirroring 12 times.....it fails to register any serverside connection information 5 times and those 5 will remain for 300+ seconds.&nbsp;
Standby&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  0  (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59875  b.b.7.10:80      b.b.7.11:59875    b.b.60.10:80     tcp  4  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  4  (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  11  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  1   (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59879  b.b.7.10:80      b.b.7.11:59879    b.b.60.10:80     tcp  4   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  19  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  4   (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  27  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  12  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  1   (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59884  b.b.7.10:80      any6.any              any6.any             tcp  1   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  34  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  19  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  5   (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59884  b.b.7.10:80      any6.any              any6.any             tcp  4   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  41  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59886  b.b.7.10:80      b.b.7.11:59886    b.b.60.10:80     tcp  3   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  26  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  12  (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59884  b.b.7.10:80      any6.any              any6.any             tcp   11  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59888  b.b.7.10:80      b.b.7.11:59888    b.b.60.10:80     tcp   3   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp   48  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp   33  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  19  (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59884  b.b.7.10:80     any6.any              any6.any  tcp  23  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59891  b.b.7.10:80      b.b.7.11:59891    b.b.60.10:80     tcp  4   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  60  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  45  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  31  (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59884  b.b.7.10:80      any6.any              any6.any             tcp  34  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  71  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  56  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  42  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59894  b.b.7.10:80      b.b.7.11:59894    b.b.60.10:80     tcp  4   (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59884  b.b.7.10:80      any6.any              any6.any             tcp   46  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59897  b.b.7.10:80      b.b.7.11:59897    b.b.60.10:80     tcp   5   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp   83  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp   68  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  54  (slot/tmm: 1/0)  none&nbsp;
user@(adc-mgmt)(cfg-sync In Sync)(/S1-green-P:Standby)(/Common)(tmos) show sys conn | grep a.a.160.207&nbsp;
a.a.160.207:59884  b.b.7.10:80      any6.any              any6.any             tcp  58  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59900  b.b.7.10:80      any6.any              any6.any             tcp  1   (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59873  b.b.7.10:80      any6.any              any6.any             tcp  95  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59877  b.b.7.10:80      any6.any              any6.any             tcp  80  (slot/tmm: 1/0)  none&nbsp;
a.a.160.207:59881  b.b.7.10:80      any6.any              any6.any             tcp  66  (slot/tmm: 1/0)  none&nbsp;
Any assistance would be appreciated.&nbsp;

c_g · Answer

Answer from F5 support:&nbsp;
Product Development has identified this issue (bug ID570973) as the cause.  ID570973 is fixed in 12.0.0 HF3 and 12.1.0.  Both host and guest need to running a patched version.  ID570973 is also going to be fixed in an upcoming hotfix release in the 11.6.1 code branch.  At this time there is no information as to the specific HF that it will be fixed in.  You may search askf5.com for '570973' to see when and where it is fixed, when it is fixed. &nbsp;
Currently this is the only page it is documented on:
  https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-hotfix-bigip-12-0-0.html &nbsp;
Cumulative fix details for BIG-IP v12.0.0 Hotfix 3 that are included in this release&nbsp;
570973-1: 2-Critical - L7 hardware syn cookie feature is broken in BIG-IP v12.0.0 hf1 and hf2&nbsp;
570973-1: L7 hardware syn cookie feature is broken in BIG-IP v12.0.0 hf1 and hf2&nbsp;

Forum Discussion

Connection Mirroring issue - Serverside Connection Information Missing on Standby

1 Reply

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

behavior of SSL::disable serverside

Find CVE information on AskF5

Traffic Policies: More detailed information on Actions

Insert Client Certificate In Serverside HTTP Headers

F5 Connection Mirroring question