NimbostratusActive/standby question
Hello,
We have a pair of BIG-IP LTM 3900 appliances (10.2.2 build 763.3) configured in active/standby mode. Floating IP is on. On the active unit: System > High Availability > Network Failover is enabled, Peer Management Address points to the standby unit, and under Unicast there are dmz and management networks defined:
dmz|Self IP address from DMZ VLAN|Floating IP address from DMZ VLAN|1026 management|Self IP address from Management VLAN|Floating IP address from Management VLAN|1026
Everything is working fine, I just have a question: is it normal that I see the same traffic load on the DMZ interface of standby unit?
Thank you.
yes, it is connection mirroring.
sol13478: Overview of connection and persistence mirroring (11.x)
http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13478.htmlwhen using connection mirror, ingress traffic can be seen on standby unit.
Packets on the active BIG-IP that require mirroring are transmitted to the standby unit. The standby unit then processes the traffic through the inbound side of the TCP stack and hands it off to TMM as if it were the active unit. However, the output stack is disconnected, and no trafffic is actually sent on the wire. This process allows the standby unit to maintain full state information for the mirrored connections in order to fail over seamlessly.sol9701: The tcpdump utility with a VLAN filter on the standby unit may capture load-balanced traffic
http://support.f5.com/kb/en-us/solutions/public/9000/700/sol9701.html
