Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 106
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX Firewall Load Balancing Guide 95
53-1002436-01
Configuration examples with Layer 3 routing
4
DRAFT: BROCADE CONFIDENTIAL
The following commands add the firewall definitions to the firewall port group (always group 2). The
firewall group contains all the ports in VLAN 1 (the default VLAN).
Zone1-SI-A(config)# server fw-group 2
Zone1-SI-A(config-fw-2)# fw-name fw1
Zone1-SI-A(config-fw-2)# fw-name fw2
The following command enables the active-active mode. For details about configuring this
command, refer to
“Enabling the active-active mode” on page 48.
Zone1-SI-A(config-fw-2)# sym-priority 255
The following commands add the paths through the firewalls to the ServerIron ADXs in zones 2 and
3. In addition, static MAC entries are added for the firewall interfaces. Static MAC entries are
required in this type of configuration, in which one sub-net and one virtual routing interface are
used.
NOTE
The path IDs must be in contiguous, ascending numerical order, starting with 1. For example, path
sequence 1, 2, 3, 4 is valid. Path sequence 4, 3, 2, 1 or 1, 3, 4, 5 is not valid.
Zone1-SI-A(config-fw-2)# fwall-info 1 4/1 10.10.2.222 10.10.1.1
Zone1-SI-A(config-fw-2)# fwall-info 2 4/11 10.10.2.222 10.10.1.2
Zone1-SI-A(config-fw-2)# fwall-info 3 4/1 10.10.2.223 10.10.1.1
Zone1-SI-A(config-fw-2)# fwall-info 4 4/11 10.10.2.223 10.10.1.2
Zone1-SI-A(config-fw-2)# fwall-info 5 4/1 10.10.3.111 10.10.1.1
Zone1-SI-A(config-fw-2)# fwall-info 6 4/11 10.10.3.111 10.10.1.2
Zone1-SI-A(config-fw-2)# exit
Zone1-SI-A(config)# vlan 1
Zone1-SI-A(config-vlan-1)# static-mac-address 00e0.5201.a17a ethernet 4/1
priority 1 router-type
Zone1-SI-A(config-vlan-1)# static-mac-address 00e0.5207.973c ethernet 4/11
priority 1 router-type
Zone1-SI-A(config-vlan-1)# exit
The following commands set the load balancing method to balance requests based on the firewall
that has the least number of connections for the requested service. For example, the ServerIron
ADX will load balance HTTP requests based on the firewall that has fewer HTTP session entries in
the ServerIron ADX session table.
Zone1-SI-A(config)# server fw-group 2
Zone1-SI-A(config-fw-2)# fw-predictor per-service-least-conn
Zone1-SI-A(config-fw-2)# exit
The following command configures a standard IP ACL for the IP addresses in one of the zones this
ServerIron ADX is not in. In this configuration, only one zone definition is required on each
ServerIron ADX, including Zone1-SI-A and Zone1-SI-S. Because the active Zone 1 ServerIron ADX is
already in zone 1, the ServerIron ADX will forward packets either to the active ServerIron ADX in
zone 2 or to the only other active ServerIron ADX that is not in zone 2. In this case, the other active
ServerIron ADX is in zone 3. Thus, if ServerIron ADX Zone1-SI-A receives a packet that is not
addressed to the sub-net Zone1-SI-A is in, and is not addressed to a sub-net in zone 2, the
ServerIron ADX assumes that the packet is for an address in the other zone, zone 3. The ServerIron
ADX forwards the packet to the ServerIron ADX in zone 3.
The command configures an ACL for the addresses in zone 2, which contains addresses in the
10.10.2.x/24 sub-net. The “0.0.0.255” values indicate the significant bits in the IP address you
specify. In this case, all bits except the ones in the last node of the address are significant.
Zone1-SI-A(config)# access-list 2 permit 10.10.2.0 0.0.0.255
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.336 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals