Today's high availability network devices, such as routers, load balancing systems, and the like, typically employ of pair of network devices; one network device, known as the ‘active unit,’ which processes network traffic, and a second ‘standby unit,’ which monitors the active unit, and takes over processing of the network traffic if the active unit fails. To enable the standby unit to continue processing of connections that were in progress at the time of the failure, certain information about each connection should be made available to the standby unit during processing. This process is known as ‘connection mirroring.’ For simple connections, this may be limited to sending connection information at a beginning and an end of the connection. However, for more complex, high-level protocols, such as Secure Sockets Layer (SSL), and the like, significant amounts of connection information may need to be sent continuously to the standby unit during a lifetime of the connection.
To ensure reliability during failover of the standby unit, the connection mirroring system typically verifies that the information that is sent to the standby unit is properly received. This may be performed by having the standby unit verify the integrity of the information it receives, and provide an acknowledgement of the information. However, such communications may slow processing of connections by the active unit, and increase the amount of network traffic that is sent between the active unit and the standby unit.
Moreover, while some network connections may benefit from mirroring, others may not. In some networked applications, whether the connection benefits from mirroring may depend on a complex interplay of attributes associated with the connection, a user, a server, and the data that is managed by the network device. For example, in a typical load balancing system, configuring the system so that mirroring only occurs for those connections that may benefit from it often requires a complicated configuration that needs to be updated frequently as an application being handled changes. Therefore, there is a need in the industry for improved methods and systems for managing the reliability of a connection mirroring of network devices. Thus, it is with respect to these considerations and others that the present invention has been made.