NSX Advanced Load Balancer provides two means to replicate application traffic. This section compares the two seemingly similar traffic replication methods, to help users make an educated choice according to their use case.
The two means of replicating application traffic are:
-
Traffic Cloning
Sideband Profile
Traffic Cloning
Operation
It is an application layer (L7) replication of client requests. SE establishes TCP connections with the sideband servers before sending the client HTTP request. SE expects an HTTP response, but the response status is ignored.
It is context-less, stateless L2 cloning. No TCP state is established/maintained with the clone pool server. The SE does not expect any response from the clone pool (any response sent by the clone pool is dropped).
Encryption
Traffic to sideband server is always encrypted irrespective of whether the pool traffic is encrypted or not.
Traffic to the clone pool is identical to the application pool traffic. Check special conditions for cases where back-end traffic needs to be encrypted but cloned traffic needs to be unencrypted.
Maximum Size
Up to 16KB of the request body can be replicated. This is configurable, with a default value of 1KB.
Entire packet is replicated to clone pool.
Streams Replicated
Only client requests are replicated.
Both the client request and the pool server response are replicated.
SNAT Option
SE SNATs to the sideband pool.
SE SNATs to the sideband pool by default. SE sends the packets with the source IP of the client if the 'Preserve Client IP' option is enabled.
Point of Replication
The request is tapped on the interface from which the SE sends it to the application pool server. Hence, all the HTTP policies and DataScripts are first applied to the request before it is replicated.
The request is tapped on the interface from which the SE sends it to the application pool server. Hence, all the HTTP policies and DataScripts are first applied to the request before it is replicated. The response from application servers is also tapped on same interface. Hence, it gets replicated before the response policies or DataScripts are applied to it.
Pool Network
Sideband pool servers need not be on a network directly connected to the SE.
Clone pool servers must be on a network directly connected to the SE.
Typical Use Case
Non-inline web application firewalls that monitor POST requests.
Intrusion detection systems, network sniffers for L3 monitoring.