Forum Discussion

Anju's avatar
Anju
Icon for Altostratus rankAltostratus
Jan 13, 2020

Connection Mirroring vs Persistence mirroring

Need to understand the difference between connection mirroring and persistence mirroring. Gone through various articles but still not clear with when to use which type of mirroring. If we enable connection mirroring will it take care of overall mirroring aspect for the device? or we need to enable mirroring based on virtual server connections or SNAT or pool basis? Any explanation with examples would greatly help.

 

Thanks.

  • Hi Anju,

    your question requires a long list of details to explain, and i am pretty sure you can find details inside the BIG-IP User Guide and Admin Guide.

    So let me try to explain the basics here.

    So first, for both options (connection mirroring or persistence mirroring) you need to configure the BIG-IP devices in HA pair, and select the proper "Network Mirroring IPs" that the devices will use to share traffic between them.

    see :

    https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-device-service-clustering-administration-14-1-0/managing-connection-mirroring.html#

    Connection mirroring is applied at the "virtual server" level. The intention is to duplicate connection states (when using fast L4) of your connection between the boxes, so if there is a failover, the connection is kept on its previous state, and traffic can flow without constraints:

    • TCP connection will recover from potential packet loss while moving from Active to Standby, as TCP stack will manage this transparently. User can perceive it if the throughput of his connection is heavy, but TCP will ramp up quickly to the network capacity.

    • UDP, as it is connection less oriented (Datagrams) will have a different behaviour at L4, as the standby need to know the state (opened or closed). It is usually not a big concern for UDP, as any packet can "open" the connection in that case (again, at L4 in my answer here).

    for L7, that is a different topic. the Active can be much more chatty in that case, as we "intensionally" want to sync the connections, but if your VS is in Standard Mode, it means you also want to sync connection "data" (as there can be iRules inspecting content, or storing information based on iRule events fired and so on). What that mean is that each packet will be duplicated to the Standby device, so the standby can execute the same iRule for example, but of course, not deliver any packet to the destination, as it is in standby mode, but will have the exact same state as the active).

    For UDP, when using this "connection mirroring" at VS level, all your UDP packets will also be duplicated (as if you have select on your UDP profile for example, Datagram LB, each packet can generate a different LB decision, and the standby need to know that and have the same state (again, think about an iRule doing stuff for DNS UDP traffic for example).

    For Persistence Mirroring, that's less complex, as the only information that is needed between the 2 BBIG-IP in HA pair, is the persistence being replicated between the 2 (when you create the persistence entry in the Active device, when you update it (timeout, information stored, ...)).

    So this is quite lightweight type of data in that case.

    Both 'persistence' and 'connection' can be mirrored for the same VS (connection at the VS level, and persistence set on the VS, but mirroring config is done at the "persitence" profile level).

    Unsure if i made things more clear here, or worst 😉

    • Anju's avatar
      Anju
      Icon for Altostratus rankAltostratus

      Very well explained! Thank you.