Product Documentation

Connection Failover

Sep 30, 2013

Connection failover helps prevent disruption of access to applications deployed in a distributed environment. In a NetScaler High Availability (HA) setup, connection failover (or connection mirroring-CM) refers to keeping active an established TCP or UDP connection when a failover occurs. The new primary NetScaler appliance has information about the connections established before the failover and continues to serve those connections. After failover, the client remains connected to the same physical server. The new primary appliance synchronizes the information with the new secondary appliance by using the SSF framework. If the L2Conn parameter is set, Layer 2 connection parameters are also synchronized with the secondary.

You can set up connection failover in either stateless or stateful mode. In the stateless connection failover mode, the HA nodes do not exchange any information about the connections that are failed over. This method has no runtime overhead.

In the stateful connection failover mode, the primary appliance synchronizes the data of the failed-over connections with the new secondary appliance.

How Connection Failover Works on NetScaler Appliances

In stateless connection failover, the new primary appliance tries to re-create the packet flow according to the information contained in the packets it receives.

In stateful failover, to maintain current information about the mirrored connections, the primary appliance sends messages to the secondary appliance. The secondary appliance maintains the data related to the packets but uses it only in the event of a failover. If a failover occurs, the new primary (old secondary) appliance starts using the stored data about the mirrored connections and accepting traffic. During the transition period, the client and server may experience a brief disruption and retransmissions.

Note:

Verify that the primary appliance is able to authorize itself on the secondary appliance. To verify correct configuration of the passwords, use the show rpcnode command from command line or use the RPC option of the Network menu from the configuration utility.

A basic HA configuration with connection failover contains the entities shown in the following figure.

Figure 1. Connection Failover Entity Diagram

Supported Setup

Connection failover can be configured only on load balancing virtual servers. It cannot be configured on content-switching virtual servers.

The following table describes the setup supported for connection failover.

Table 1. Connection Failover - Supported Setup

Setting

Stateless

Stateful

Service type

ANY.

ANY, UDP, TCP, FTP, SSL_BRIDGE.

Load balancing methods

All methods supported for the service type ANY.

However, if Source IP persistence is not set, the SRCIPSRCPORTHASH method must be used.

All methods applicable to the supported service types.

Persistence types

SOURCEIP persistence.

All types applicable to the supported service types are supported.

USIP

Must be ON.

No restriction.

It can be ON or OFF.

Service bindings

Service can be bound to only one virtual server. Service can be bound to one or more virtual servers.

Internet Protocol (IP) versions

IPv4 and IPv6 IPV4

Redundancy support

Clustering and high availability High availability

Features Affected by Connection Failover

The following table lists the features affected if connection failover is configured.

Table 2. How Connection Failover Affects NetScaler Features

Feature

Impact of Connection Failover

SYN protection

For any connection, if a failover occurs after the NetScaler issues SYN-ACK but before it receives the final ACK, the connection is not supported by connection failover. The client must reissue the request to establish the connection.

Surge protection

If the failover occurs before a connection with the server is established, the new primary NetScaler tries to establish the connection with the server. It also retransmits all the packets held in the course of surge protection.

Access down

If enabled, the access-down functionality takes precedence over connection failover.

Application Firewall™

The Application Firewall feature is not supported.

INC

Independent network configuration is not supported in the high availability (HA) mode.

TCP buffering

TCP buffering is not compatible with connection mirroring.

Close on response

After failover, the NATPCBs may not be closed on response.

IPv6 virtual servers

Not yet supported.

To configure connection failover by using the configuration utility, navigate to Traffic Management > Load Balancing > Virtual Servers. Open the virtual server, and in Advanced Settings click Protection, and select Connection Failover as Stateful.

To configure connection failover by using the command line interface, enter the following command:

set lb vserver <vServerName> -connFailover <Value>

Example

set lb vserver Vserver-LB-1 -connFailover stateful

When connection failover is disabled on a virtual server, the resources allocated to the virtual server are freed.

To disable connection failover by using the configuration utility, navigate to Traffic Management > Load Balancing > Virtual Servers. Open the virtual server, under Protection, select Connection Failover as Disabled.

To disable connection failover by using the command line interface, enter the following command:

set lb vserver <vServerName> -connFailover <Value>

Example

set lb vserver Vserver-LB-1 -connFailover disable