For compliance and auditing purposes, where deep traffic inspection is required, incoming HTTP(S) traffic can be replicated to logging/sideband servers at the protocol level. An example could be a web application firewall (WAF) appliance monitoring HTTP payloads for any anomalies.
Working of Virtual Service Sideband Profile
In the figure below, client traffic enters VS-1 through the front-end VIP network (color-coded in green). The sideband servers require and receive a subset of the inbound traffic (dashed green) over separate, secure connections between the SE and themselves. The sideband servers can be on a remote network, separated from the origin SE by one or more routers. Any responses from the sideband servers (color-coded in dashed orange) are dropped.
If a set of sideband servers is configured, the SEs distribute traffic to them in a round-robin fashion, independent of the algorithm that chooses servers from within the virtual service’s back-end pool(s).
For the sake of performance, the clients’ POST payloads are partially sent to sideband servers. Payloads are limited to 1 kB by default but can be configured as high as 16 kB.Traffic between the SE and the back-end servers proceeds as usual.
Do not confuse the sideband profile feature with Avi Load Balancers traffic cloning feature. Both features replicate application traffic to an ancillary server or set of servers, but differ in several very important ways.
For more information, see Traffic Cloning and Traffic Replication Options with NSX Advanced Load Balancer.
Configuration
This feature is activated by configuring a sideband profile for the virtual service, which can be configured with the sideband server’s IP address. Multiple sideband servers can be configured, in which case, traffic is sharded (round robin) among them.
[admin:10-10-22-34]: > configure virtualservice vs-1 [admin:10-10-22-34]: virtualservice> sideband_profile [admin:10-10-22-34]: virtualservice:sideband_profile> [admin:10-10-22-34]: virtualservice:sideband_profile> ip 1.1.1.1 [admin:10-10-22-34]: virtualservice:sideband_profile> ip 2.2.2.2 [admin:10-10-22-34]: virtualservice:sideband_profile> sideband_max_request_body_size 2048 [admin:10-10-22-34]: virtualservice:sideband_profile> save [admin:10-10-22-34]: virtualservice> save
