I am working on a Viprion implementation, which is two chassis C2400 both of them with one B2150 blade installed in the same slot 2. There is a cluster configured with one active instance in one blade and the other F5 instance is standby on the other chassis´ s blade. Version 11.6 HF4 is used at this moment (yes I know and do an upgrade to 12.1.2 soon enough to retain the official F5 support so it won’t ran out of technical support issues). At this moment VCMP is not used, nor licensed.
Customer requires session mirroring for their long lived session ATM bank transfer agents. I enabled session mirroring on both blades in both chassis and configured session mirroring in the virtual server. I tried both options (mirroring between clusters and within cluster), but none of the sessions are being replicated to both Viprion chassis 2400. I only were able to see the local mirrored sessions but none of them are replicated.
The self IP used for mirroring have no port lockdown configured and allows all traffic. The virtual server is configured as performance layer. I read that layer 7 is not supported by F5. At the time of troubleshooting I was not able to see any traffic on port number 1029.
So my questions, why does it not replicate the session to the other Viprion platform? Is this setup not supported? Is it only meant to synchronize to redundant blades within one chassis?
Is it perhaps required to have redundant blades in both chassis for this technology to work properly? Is session mirroring on layer 7 virtual servers only supported in version 12.1.2?
Hope to find someone with some experience on this specific topic.
Information I have obtained from the F5 website:
Intra-cluster mirroring The VIPRION system mirrors the connections and session persistence records within the cluster, that is, between the blades in the cluster. You can configure intra-cluster mirroring on both single devices and redundant system configurations. It is important to note that F5 does not support intra-cluster mirroring for Layer 7 (non-FastL4) virtual servers.
Thanks for your help.
L7 mirroring is not available, even with 12.x code SSL mirroring is not supported on VS that have a HTTP profile and or Server-Side ssl profile and finally if it uses a irule.
Now for mirroring have you confirmed the settings in system-->HA-->Device_connectivity---mgt; network mirroring ? In the setup you should be using "Between Clusters"
In the device mgt/traffic groups make sure you have active device along with a next-active device listed along with failover objects.
Is the AFM module enabled? if so are there any drops disrupting mirroring?
have you check the mirror state with tmsh show sys connection type mirror ?
Yes the mode was set to between cluster on both Viprion devices. The tmsh command showed that there was an active mirrored session but only only the active decice. I executed a tcpdump but did not see any communication on port 1029 used for session mirroring. On the other device I did not see any mirrored session. After failover both of them had different active sessions. So simply it is not replicating the sessions but indeed configured correctly. Shall I open a F5 case for this?
AFM is not used only pure LTM and AVR only provisioned not used.
anyone a comment on this??
Just curious the interfaces used for session mirroring do the self IP's using "Allow All" on both sides? Can you confirm 1029 socket across the units.