Lab 7: Persistence Mirroring and Connection Mirroring

In Lab 7, we will continue to enhance & optimize the BIG-IP configuration for HA. We will create Virtual Server configuration objects so that we can enhance our HA configuration with Connection & Persistence Mirroring.

Lab Tasks:

  • Task 1: Configure Persistence Mirroring Profile
  • Task 2: Create LTM Pool Configuration Objects
  • Task 3: Configure Connection mirroring
  • Task 4: Perform a Configuration Synchronization between BIG-IPs
  • Task 5: Test Virtual Server
  • Task 6: Validate Persistence Information

Task 1: Configure Persistence Mirroring Profile

We will create a new Persistence Profile, enabling persistence mirroring.

Persistance mirroring is used to share persistence information between BIG-IP's in a cluster.

Note

  • By default, persistence mirroring is NOT enabled.
  • You will need to create a dedicated persistence profile that has this setting enabled.

Note

  • DO NOT edit default BIG-IP profiles
  • Always create a new profile with the desired settings and use the default profile as parent profiles
  • Default profiles will be overwritten with the next software update
  1. On the ACTIVE BIG-IP, Navigate to: Local Traffic > Profiles > Persistence, and click the "+" button to create a new profile:

    ../../_images/image136.png
  2. Configure the following Settings for your Custom Persistence Profile:

    • Name: "source_addr_mirror_persist"
    • Persitence Type: Select Source Address Affinity from the Persistnece Type drop-down
    • Parent Profile: Ensure the Parent Profile is set to source_addr

    You will need to place a checkmark under the Custom setting for Mirror Persistence:

    ../../_images/image137.png

    Place a checkmark in the Mirror Persistence field, and Click the Finished button:

    ../../_images/image138.png
  3. Search for "source" in the Search field, and you should see two Source Address profiles, one custom and one default:

    ../../_images/image139.png

Task 2: Create LTM Pool Configuration Objects

We will create an LTM Pool Configuration object, which will be used for the backend server pool for our Virtual Server.

Note

  • These steps will be completed on the ACTIVE BIG-IP
  1. Navigate to: Local Traffic > Pools > Pool List > click the "+" sign to create a new pool:

    ../../_images/image1141.png
  2. Create the following Pool Configuration Objects:

    • Server Pool:

      • Name: server_pool

      • Health Monitors: gateway_icmp

      • Within the Resources Section:

        • New Node Address: 10.1.10.200
        • Service Port: * All Services
        • Click the Add button
        ../../_images/image1231.png
  3. Click the Finished Button:

    ../../_images/image135.png
  4. After completion of this task, you should be presented with the following 2 pools:

    ../../_images/image127.png

Task 3: Configure Connection Mirroring

Note

  • Connection mirroring is configured at the Virtual servers itself.

We will create a simple HTTP Virtual Server object. This will be used to demonstrate the additional failover features you can apply at the Virtual Server level.

  1. Navigate to: Local Traffic > Virtual Servers > Virtual Server List, then click the "+" button:

    ../../_images/image128.png
  2. Create the Virtual Server with the following settings:

    • General Properties:

      • Name: test_http_vs

      • Type: Standard

      • Destination Address/Mask: 10.1.10.55

      • Service Port: 80 (HTTP)

        ../../_images/image129.png
  3. From the Configuration section, at the Basic drop-down, select Advanced, and configure the following settings:

    ../../_images/image140a.png
    • Connection Mirroring: Place a checkmark on this setting

      ../../_images/image1411.png ../../_images/image1431.png

Note

  • We have now finished the configuration for connection mirroring.

  • The following steps are required to finish the virtual server configuration so you can test the service.

  • Source Address Translation: From the drop-down, select AutoMap:

    ../../_images/image148.png
  • Under the Resources: Section, Define the following settings, and Click the "Finished" Button:

    • Default Pool: server_pool

    • Default Persistence Profile: source_addr_mirror_persist

      ../../_images/image1421.png
  1. You should be presented with the following Virtual Server object after creation:
../../_images/image149.png

Task 4: Perform a Configuration Synchronization between BIG-IPs

On the ACTIVE BIG-IP

  1. Notice the Changes Pending in the upper-left corner:

    ../../_images/image521.png
  2. Click this hyperlink to go to the Overview screen.

  3. Review the recommendations, and perform a ConfigSync to peer:

    ../../_images/image531.png
  4. While the configuration is being pushed, you will see a Syncing icon display in the middle:

    ../../_images/image541.png
  5. Once the ConfigSync process is complete, your BIG-IPs should indicate an In Sync state, and be in an Active / Standby cluster:

  6. Verify the sync state:

    ../../_images/image551.png

Task 5: Test Virtual Server

Pending time, Tasks 5 & 6 are optional. These Tasks will validate how you can verify persistence records & information.

In a typical HA design, without connection mirroring enabled, only the ACTIVE BIG-IP is state-aware of client's sessions. However, in this lab, we enabled Connection Persistence & Mirroring.

We can test & validate these settings by connecting to our Virtual Server, and review the BIG-IP details to confirm each BIG-IP has sessions (i.e. mirrored configuration).

You will access our UDF Windows Jumphost via RDP for this Task.

  1. From UDF, navigate to your components tab, find the Windows Jumphost under Systems, and click the drop-down for Access. Select your preferred RDP session.

    ../../_images/image2161.png
  2. Launch / click the RDP file extension, and Click the Connect button at the pop-up prompt:

    ../../_images/image2171.png ../../_images/image2181.png
  3. At the "Enter your Credentials" window prompt, select the More Choices option, and choose Use a different account:

../../_images/image2191.png ../../_images/image220.png
  1. Use the following credentials, and click the OK button:
    • User Name = external_user
    • Password = admin.F5demo.com
../../_images/image2211.png
  1. If presented with a Security Warning, please accept by clicking the YES button:

    ../../_images/image2221.png
  2. You should now be logged into your RDP Jumphost.

  3. Open Chrome browser from the Taskbar, and connect to BIG-IP Virtual Server http://10.1.10.55:

    ../../_images/image223.png
  4. You should be presented with a generic NGINX website! You may "refresh" your page multiple times to generate traffic.

    ../../_images/image224.png

Task 6: Validate Persistence Information

In this Task, we will confirm mirroring & persistence configuration is present on the BIG-IPs. We will perform these validation tasks from our traffic management shell (tmsh).

  1. From UDF, in your Components list, use the drop-down under Access of each BIG-IP and open a Web Shell:

    ../../_images/image225.png
  2. From each BIG-IP, enter into the traffic-management shell (tmsh); type tmsh and hit Enter; you should be placed into (tmos) prompt:

    ../../_images/image226.png
  3. Verify the Client Connection to the Virtual Server:

    • Use the following command from (tmos) prompt:

      show sys connection cs-server-addr 10.1.10.55
      

Note

If you are NOT seeing connection information, you may have to generate additonal traffic to your Virtual Server from your RDP Jumphost. Keep refreshing the web browser to create a session.

  1. Observe that EACH BIG-IP is session-aware of this client session to the Virtual Server. Typically, without connetion mirroring, only the ACTIVE BIG-IP would have this session:

Note

For a better understanding of BIG-IP connection table, see Knowlege Article K40033505: Explaining the output of tmsh show sys connection

Connection Table Legend:

Column IP Address Info / Descrip.
1st Column 10.1.10.199 Client IP; Windows Jumphost accessing application
2nd Column 10.1.10.55 BIG-IP Virtual Server Address
3rd Column

10.1.10.240

BIG-IP VLAN 10 (internal) Floating Self IP
This is due to AutoMap SNAT setting on the VS
4th Column 10.1.10.200 Ubuntun NGINX Web Server (back-end server)
  • BIG-IP-A (Standby):

    ../../_images/image227.png
  • BIG-IP-B (Active):

    ../../_images/image228.png
  1. Verify Persistence Records

    • Review the persistence details for our connection. Use the following tmsh command on EACH BIG-IP:

      show ltm persistence persist-records all-properties*
      
  • BIG-IP-A (Standby):

    ../../_images/image229.png
  • BIG-IP-B (Active):

    ../../_images/image230.png

Lab Summary

In this lab, you enhanced your HA configuration to leverage connection mirroring and persistence mirroring at the Virtual Server level.

With persistance mirroring and connection mirroring, you enable your BIG-IP HA Cluster for a seemless failover without client traffic interruption.

This completes lab 7, and concludes the BIG-IP HA Failover - Do it the Proper Way lab.

We hope this lab experience was educational and beneficial. If you have any feedback, or suggestions on making this better, please provide feedback.

Thank you, F5 Solutions Engineers