Stateful network devices, such as application delivery controllers, network traffic managers, routers, and firewalls for example, are present in many network environments. As one example, a firewall is a stateful network device that maintains the state of active network connections, such as transmission control protocol (TCP) connections, for example. Firewalls identify and allow the transmission of network communications associated with active network connections and restrict the transmission of network communications that do not match a known active connection in order to increase network security.
Accordingly, firewalls, as well as other stateful network devices, expect both directions of network traffic for a connection and require symmetric routing in order to operate properly and determine which connections are active and for which network communications are permitted. In order to provide symmetric routing, some network devices provide per-connection routing, which is also referred to as auto last hop capability or reverse persistence. Network devices can provide per-connection routing by storing the media access control (MAC) address of the stateful network device, and routing interface from which a request was received, as associated with information for the connection. The connection information can include the source and destination Internet protocol (IP) addresses and/or port numbers included in a header of a request, for example.
Using the stored information, the network device can determine the MAC address and routing interface required to route a response back to the stateful network device from which the corresponding request was received, and thereby provide symmetric routing. Without using the stored information, the network device would use Internet protocol (IP) routing or a default route based on the origin of the request (e.g., a client computing device). Such routing may be asymmetric since there may be a network path to the origin of the request that does not include a stateful network device from which the request was received.
Increasingly, virtualization has been used to optimize performance of various network devices. Using virtualization, a host network device may execute virtual machine(s) managed by a hypervisor, which acts as an intermediary between the virtual machine(s) and the host network device hardware. It may be advantageous in some network environments to have a host network device with a virtual environment including virtual machines running different operating systems which execute application to provide traffic management or application delivery functionality, for example. However, many operating systems do not support per-connection routing. Accordingly, symmetric routing would not be guaranteed in a network environment including a host network device with such a virtual environment, thereby negatively impacting the performance of upstream stateful network devices in the network environment.