Connection failover

Connection failover helps prevent disruption of access to applications deployed in a distributed environment. In a Citrix ADC High Availability (HA) setup, connection failover (or connection mirroring-CM) refers to keeping active an established TCP or UDP connection when a failover occurs. The new primary Citrix ADC appliance has information about the connections established before the failover and continues to serve those connections. After failover, the client remains connected to the same physical server. The new primary appliance synchronizes the information with the new secondary appliance. If the L2Conn parameter is set, Layer 2 connection parameters are also synchronized with the secondary.


Consider a HA setup, where a client establishes a session with the primary node, which in turn establishes a session with the back end server. When a failover is triggered in this state, the packets received on a new primary from the existing client and server nodes are treated as stale packets, and the client and server connections are reset. Whereas if stateless connection failover is enabled (USIP is ON), after the failover, the connections are not reset when you receive packets from client or server nodes. Instead, the client and server connections are created dynamically.

You can set up connection failover in either stateless or stateful mode. In the stateless connection failover mode, the HA nodes do not exchange any information about the connections that are failed over. This method has no runtime overhead.

In the stateful connection failover mode, the primary appliance synchronizes the data of the failed-over connections with the new secondary appliance.

Connection failover is helpful if your deployment has long lasting connections. For example, if you are downloading a large file over FTP and a failover occurs during the download, the connection breaks and the download is aborted. However, if you configure the connection failover in stateful mode, the download continues even after the failover.

How connection failover works on Citrix ADC appliances

In a stateless connection failover, the new primary appliance tries to re-create the packet flow according to the information contained in the packets it receives.

In stateful failover, to maintain current information about the mirrored connections, the primary appliance sends messages to the secondary appliance. The secondary appliance maintains the data related to the packets but uses it only in the event of a failover. If a failover occurs, the new primary (old secondary) appliance starts using the stored data about the mirrored connections and accepting traffic. During the transition period, the client and server might experience a brief disruption and retransmissions.


Verify that the primary appliance is able to authorize itself on the secondary appliance. To verify the correct configuration of the passwords, use the show rpcnode command from the command line or use the RPC option of the Network menu in the GUI.

A basic HA configuration with connection failover contains the entities shown in the following figure.

Figure 1. Connection Failover Entity Diagram



Connection failover is not supported after either of the following events:

- An upgrade to a later release.
- An upgrade to a later build within the same release, if the new build uses a different HA version.

Supported setup

Connection failover can be configured only on load balancing virtual servers. It cannot be configured on content switching virtual servers. If you enable connection failover on load balancing virtual servers that are attached to a content switching virtual server, connection failover does not work because the load balancing virtual servers do not initially accept the traffic.

The following table describes the setup supported for connection failover.

Table 1. Connection Failover - Supported Setup

Setting Stateless Stateful
Load balancing methods All methods supported for the service type ANY. However, if Source IP persistence is not set, the SRCIPSRCPORTHASH method must be used. All methods applicable to the supported service types.
Persistence types SOURCEIP persistence. All types applicable to the supported service types are supported.
USIP Must be ON. No restriction. It can be ON or OFF.
Service bindings Service can be bound to only one virtual server. Service can be bound to one or more virtual servers.
Internet Protocol (IP) versions IPv4 and IPv6 IPV4 and IPv6
Redundancy support Clustering and high availability High availability


Stateful connection failover is supported only for connection-based switching services, for example, TCP. Because HTTP uses request-based switching, it does not support connection failover. In SSL, the existing connections are reset after the failover.

Features affected by connection failover

The following table lists the features affected if connection failover is configured.

Table 2. How Connection Failover Affects Citrix ADC Features

Feature Impact of Connection Failover
SYN protection For any connection, if a failover occurs after the appliance issues SYN-ACK but before it receives the final ACK, the connection is not supported by the connection failover. The client must reissue the request to establish the connection.
Surge protection If the failover occurs before a connection with the server is established, the new primary appliance tries to establish the connection with the server. It also retransmits all the packets held during surge protection.
Access down If enabled, the access-down functionality takes precedence over the connection failover.
Application firewall The Application firewall feature is not supported.
INC Independent network configuration is not supported in the high availability mode.
TCP buffering TCP buffering is not compatible with connection mirroring.
Close on response After failover, the NATPCBs might not be closed on response.

To configure connection failover by using GUI

Navigate to Traffic Management > Load Balancing > Virtual Servers. Open the virtual server, and in Advanced Settings, click Protection, and select Connection Failover as Stateful.

To configure connection failover by using CLI

At the command prompt:

set lb vserver <vServerName> -connFailover <Value>
show lb vserver <vServerName>


set lb vserver Vserver-LB-1 -connFailover stateful

When connection failover is disabled on a virtual server, the resources allocated to the virtual server are freed.

To disable connection failover by using CLI

At the command prompt:

set lb vserver <vServerName> -connFailover <Value>
show lb vserver <vServerName>


set lb vserver Vserver-LB-1 -connFailover disable

To disable connection failover by using GUI

Navigate to Traffic Management> Load Balancing> Virtual Servers. Open the virtual server, in Protection, select Connection Failover as Disabled.

Connection failover