Connection information of the traffic running on a given tier-0 SR (Service Router) is synchronized to its peer tier-0 SR in active-standby or stateful active-active HA modes.

The synchronization between the Active SR and Standby SR is triggered whenever there is a change in the local state of TCP SYN packet, after a certain interval, or if a local state is created or deleted. During synchronization, Edge uses proprietary protocol to replicate CCP packets between Active and Standby SRs. Note that stateful active-active mode is only available starting with NSX 4.0.1.1.

In NSX 4.0.0.1, note the following about state synchronization:

• State synchronization is supported for Gateway Firewall, Identity Firewall, NAT, IPSec VPN, and DHCP.
• If new sessions were going through a tier-0 SR just before a failover, it might happen that those sessions were not synchronized on the associated tier-0 SR and potentially affect the traffic for those sessions.

Starting with NSX 4.0.1.1, note the following about state synchronization:

• In active-standby mode, state synchronization is supported for Gateway Firewall, Identity Firewall, NAT, IPSec VPN, and DHCP.
• In active-active mode, state synchronization is supported for Gateway Firewall, Identity Firewall, and NAT. IPSec VPN is not supported.
• If new sessions were going through a tier-0 SR just before a failover, it might happen that those sessions were not synchronized on the associated tier-0 SR and potentially affect the traffic for those sessions.