Forum Discussion

Davethoonsen's avatar
Davethoonsen
Icon for Altocumulus rankAltocumulus
May 01, 2020
Solved

How to enforce specific settings through new configuration changes

Hi everyone,

 

Version: 14.1.0.6

 

Recently we're looking into activating connection-mirroring on every virtual server for an increased availability in the case of a failover. Thinking ahead, how would I be able to enforce this VS-specific setting in each future configuration change? I want to prevent having a situation where not every virtual server is covered with connection-mirroring and have an increased risk of impact because of that. My colleagues or myself could coincidentally forget to enable connection-mirroring, so i'm looking for a way that it's an always-on option unless otherwise manually configured.

 

Does this require Big-IQ or are there other ways? I'm curious how and if you guys are able to tackle this.

 

Kind Regards,

 

Dave

  • I'l get this out the way - only apply connection mirroring if it makes sense to do so

    - i.e. for long-lived TCP connections that have a moderately high setup cost, or connections that do not auto-recover.

    There is limited value in setting up connection mirroring for HTTP/HTTPS connections that have been designed with an expectation of connection loss and recovery. The cost in memory and network utilization for the mirroring is generally higher than the benefit.

    There is also no value in connection mirroring for stateless performance layer 4 virtuals (i.e with loose initiation/loose close).

     

    For consistent templating:

     

    The traditional answer would be to write an iApp template to apply the relevant settings.

    The recent answer would be to script the configuration with the RestAPI and tools that use it.

    The more recent answer lies in AS3, and declarative onboarding.

    Now we have FAST templates, which also use AS3:

    F5 Application Services Templates (FAST)

     

     

2 Replies

  • I'l get this out the way - only apply connection mirroring if it makes sense to do so

    - i.e. for long-lived TCP connections that have a moderately high setup cost, or connections that do not auto-recover.

    There is limited value in setting up connection mirroring for HTTP/HTTPS connections that have been designed with an expectation of connection loss and recovery. The cost in memory and network utilization for the mirroring is generally higher than the benefit.

    There is also no value in connection mirroring for stateless performance layer 4 virtuals (i.e with loose initiation/loose close).

     

    For consistent templating:

     

    The traditional answer would be to write an iApp template to apply the relevant settings.

    The recent answer would be to script the configuration with the RestAPI and tools that use it.

    The more recent answer lies in AS3, and declarative onboarding.

    Now we have FAST templates, which also use AS3:

    F5 Application Services Templates (FAST)

     

     

    • Davethoonsen's avatar
      Davethoonsen
      Icon for Altocumulus rankAltocumulus

      Hi Simon,

       

      Thanks for your thorough answer. I'll look into our applications to see if it's worth to mirror them based on its behaviour and will look into the templates. Thanks!