Traffic Replication Options With Avi Vantage

Avi Vantage provides two means to replicate application traffic:

This article compares the two seemingly similar traffic replication methods, to help users make an educated choice according to their use case.

Sideband Profile Traffic Cloning
Operation It is application layer (L7) replication of client requests. SE establishes TCP connections with the sideband servers before sending the client HTTP request. SE expects HTTP response in return, but the response status is ignored. It is context-less, stateless L2 cloning. No TCP state is established/maintained with the clone pool server. The SE does not expect any response from the clone pool (any response sent by the clone pool is dropped).
Encryption Traffic to sideband server is always encrypted irrespective of whether the pool traffic is encrypted or not. Traffic to the clone pool is identical to the application pool traffic. Check special conitions for cases where back-end traffic needs to be encrypted but cloned traffic needs to be unencrypted.
Maximum size Up to 16KB of the request body can be replicated. This is configurable, with a default value of 1KB. Entire packet is replicated to clone pool.
Streams replicated. Only client requests are replicated. Both the client request and the pool server response are replicated.
SNAT option SE SNATs to the sideband pool. SE SNATs to the sideband pool by default. SE sends the packets with the source IP of the client if the 'Preserve Client IP' option is enabled
Point of replication The request is tapped on the interface from which the SE sends it to the application pool server. Hence, all the HTTP policies and DataScripts are first applied to the request before it is replicated. The request is tapped on the interface from which the SE sends it to the application pool server. Hence, all the HTTP policies and DataScripts are first applied to the request before it is replicated. The response from application servers is also tapped on same interface. Hence, it gets replicated before the response policies or DataScripts are applied to it.
Pool network Sideband pool servers need not be on a network directly connected to the SE. Clone pool servers must be on a network directly connected to the SE.
Typical Use Case Non-inline web application firewalls that monitor POST requests Intrusion detection systems, network sniffers for L3 monitoring

Updated: 2018-01-20 12:43:10 +0000