Table of Contents
F5 BIG-IP Stateful HA ensures that active connections are not interrupted in the event of a failover to another BIG-IP device.
In this section we will implement and test stateful capability of F5 BIG-IP HA.
F5 Stateful HA and Failover
what is F5 staeful failover
In the previous two sections, we discussed and implemented stateless active-standby HA with F5 BIG-IP device, where connection tables are not replicated to the standby device.
With this configuration, active connections are disrupted during failover, but new connections can be created.
In this section, we add stateful functionality to our HA configuration, where connection table are replicated from the active BIG-IP to the standby BIG-IP.
Therefore, in the event of a failover, the current connection can still be active and no connection is lost.
configure SSH virtual server
To configure and test Stateful HA, we first create a virtual server with SSH service so that we can connect to the SSH server using active BIG-IP, and then check whether the connection is replicated to the standby BIG-IP or not.
So we create three nodes, a pool with the SSH service including all three members and finally a virtual server for the SSH service, but in the first step without activating the stateful capability.
We only configure in the active BIG-IP and then synchronize it with the standby BIG-IP.
check active connections in BIG-IP
Now we connect to one of the SSH servers via a virtual server IP address, 192.168.2.100.
with the command “show sys connection”, you can check the active connections in BIG-IP TMOS shell environment.
As expected, the connection is not synchronized with the standby BIG-IP. Therefore, the SSH connection is interrupted during a failover.
enable connection mirroring in virtual server
To enable stateful capability, we now enable “connection mirroring” in the virtual server.
By default, the “connection mirroring” option is not displayed in the virtual server settings. However, if you change the configuration to “Advanced“, this option will appear.
when you enable “connection mirroring” , you notice a message that activating the option may degrade performance.
We enable connection mirroring only in the active BIG-IP and synchronize the configuration with the standby BIG-IP.
Then we test again whether the connection table is replicated from active BIG-IP to standby or not.
We create a new SSH connection to one of the SSH servers via the virtual server.
Then we check the connection table in both active and standby BIG-IP using “show sys connection”.
This time we see that the connection details are present in both active and standby BIG-IP.
This means that if we shut down the active BIG-IP, the SSH connection is expected not to be lost and to remain active.
It is working properly as expected.
enable persistence mirroring
To complete the stateful HA discussion, it is also possible to enable “persistence table mirroring” when the persistence feature is enabled on the virtual server.
In this case, the “Mirror Persistence” option must be enabled in the persistence configuration to ensure that users are connected to the same server as before failover.
