Nokron
WAF F5
NokronGitLabELK stackWAF F5
WAF F5
NokronGitLabELK stackWAF F5
  • BIG-IP Application Security Manager
    • HTTP Protocol
      • Deep Dive to “HTTP Request” on ASM Module
      • ASM Example: Detecting a Malicious HTTP Request
    • Introduction to OWASP Top-10 Security Risks
    • Application Security Policy Templates in F5 ASM
      • Security Policy Levels
      • Explicit Entities Learning
      • Policy Modification
      • Gradual / Modular Blocking
      • Application Security Policy Lifecycle
      • Security Policy Enforcement Modes
      • Security Policy Violation Flags
      • How to Increase Learning Score / Deployment Speed
      • Comparison: Enforcement Mode, Learning Mode, and Violation Flags
    • Security Entities in Application Security Policy
      • Enforcement Readiness Summary
      • HTTP / HTTPS / WS / WSS URLs
      • Allowed Parameters in Security Policies
      • Allowed File Types in Security Policies
    • Tuning Security Policies: Analyzing and Categorizing Violations
      • Learning Suggestions in Security Policy Tuning
      • Policy Diff: Comparing and Auditing Security Policies
    • IP Address Exception Properties in ASM/AWAF
    • Cross-Site Request Forgery (CSRF) Protection in F5 ASM/AWAF
    • Sensitive Data Masking / Scrubbing (Data Guard) in F5 ASM/AWAF
    • Anti-virus Protection through an ICAP Server in F5 ASM/AWAF
    • Cookies in F5 ASM/AWAF Security
    • Session Tracking and Session Awareness in F5 ASM/AWAF
    • Evasion Technique Detection in F5 ASM/AWAF
    • Important Tips about Security Policy in F5 ASM/AWAF
    • L7 DDoS Attack Protection Configuration
    • TPS-based Attack Vectors and Stress-based Attack Vectors
    • Mitigation Techniques for DoS and Bot Protection
    • Important Tips about Events Logging
    • High-Speed Logging (HSL) Configuration
    • Web Threat Campaigns (v14.0+)
    • IP Intelligence (IPI) Subscription-Based License
    • Geo-IP Database Functionality
    • General Security Standards and WAF Support
    • ASM - Virtual Edition (VE) Tips
    • How to Bypass ASM Module
    • ASM Traffic Processing Daemon (bd)
    • ASM and AAM Integration
  • BIG-IP LTM Technology
    • Source IP Address and PORT Translation in BIG-IP
    • Packet Filters
    • Traffic / Service Profiles in BIG-IP
    • Virtual Servers and Their Behavior with Different Profiles in BIG-IP
      • Detailed Overview of Profiles in BIG-IP LTM
      • Optimizing for Mobile Clients in BIG-IP LTM
      • Connection Mirroring in BIG-IP LTM
      • AVR (Analytics) Profile in BIG-IP LTM
      • Health Monitoring in BIG-IP LTM
      • SSL Profile in BIG-IP LTM
      • Load-balancing Methods in BIG-IP LTM
      • Persistence Profile in BIG-IP
      • CMP vs. SMP in BIG-IP Systems
      • OneConnect Profile in BIG-IP
Powered by GitBook
On this page
  1. BIG-IP LTM Technology
  2. Virtual Servers and Their Behavior with Different Profiles in BIG-IP

Connection Mirroring in BIG-IP LTM

Connection mirroring is a feature in BIG-IP LTM used to maintain session persistence and ensure high availability for long-term connections, such as FTP, TELNET, or SSH. It is an essential feature in systems that need to maintain the state of ongoing connections in case of failover between the active and standby units.

Key Aspects of Connection Mirroring:

  1. Long-Term Connections:

    • Primarily used for long-lived connections that need to be mirrored between active and standby units, especially protocols like:

      • FTP

      • TELNET

      • SSH

    • These protocols are stateful and require the connection to remain intact, even if the system switches from the active unit to the standby unit.

  2. Short-Term Connections:

    • Short-lived connections (like HTTP and UDP) should NOT be mirrored because they tend to have very brief lifespans, and the overhead involved in mirroring would not be justified.

    • Mirroring these types of connections can lead to performance degradation as it consumes unnecessary system resources.

  3. CPU-Intensive Operation:

    • Connection mirroring is a CPU-heavy operation because it involves synchronizing the state of active connections between two systems (active and standby).

    • It requires substantial processing power, especially when dealing with many simultaneous long-term connections, which can affect the overall performance of the system.

  4. TCP Ports Used for Mirroring:

    • Mirroring traffic between the active and standby units typically happens over the TCP port range 1029-1155.

    • This allows for communication between the units and the transfer of connection state information.

    • Up to 127 traffic groups can be mirrored from the active unit to the standby unit, enabling redundancy for large-scale deployments.

PreviousOptimizing for Mobile Clients in BIG-IP LTMNextAVR (Analytics) Profile in BIG-IP LTM

Last updated 3 months ago