Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 151
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
140 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration example for SLB-to-FWLB
6
DRAFT: BROCADE CONFIDENTIAL
The following commands configure the virtual server and bind it to the real servers with TCP port
80 (HTTP).
ServerIronADXA(config)# server virtual-name www.brocade.com 192.168.1.2
ServerIronADXA(config-vs-www.brocade.com)# port http
ServerIronADXA(config)# server virtual www.brocade.com
ServerIronADXA(config-vs-www.brocade.com)# bind http RS1 http
ServerIronADXA(config-vs-www.brocade.com)# bind http RS2 http
Enter the following command to enable SLB-to-FWLB.
NOTE
This command applies only to the ServerIron ADX that contains the SLB configuration. Do not enter
this command on the internal ServerIron ADX (ServerIronB).
ServerIronADXA(config)# server slb-fw
The following commands add two firewalls, FW1-IPin and FW2-IPin.
ServerIronADXA(config)# server fw-name FW1-IPin 192.168.1.30
ServerIronADXA(config-rs-FW1-IPin)# exit
ServerIronADXA(config)# server fw-name FW2-IPin 192.168.1.40
ServerIronADXA(config-rs-FW2-IPin)# exit
The following commands configure parameters for firewall group 2. The fwall-info commands
configure the paths for the firewall traffic. Each path consists of a path ID, the ServerIron port
attached to the firewall, the IP address of the ServerIron ADX at the other end of the path, and the
next-hop IP address (usually the firewall interface connected to this ServerIron). Make sure you
configure reciprocal paths on the other ServerIron ADX, as shown in the section containing the CLI
commands for ServerIron B.
NOTE
Path information is required even if the firewalls are synchronized.
The fw-name <firewall-name> command adds the firewalls to the firewall group.
ServerIronADXA(config)# server fw-group 2
ServerIronADXA(config-fw-2)# fw-name FW1-IPin
ServerIronADXA(config-fw-2)# fw-name FW2-IPin
ServerIronADXA(config-fw-2)# fwall-info 1 3 192.168.2.200 192.168.1.30
ServerIronADXA(config-fw-2)# fwall-info 2 5 192.168.2.200 192.168.1.40
ServerIronADXA(config-fw-2)# exit
The following commands add static MAC entries for the MAC addresses of the firewall interfaces
connected to the ServerIron. Notice that the QoS priority is configured as priority 1 and the
router-type parameter is specified. These parameters are required.
NOTE
To ensure proper operation, always configure the path IDs so that the IDs consistently range from
lowest path ID to highest path ID for the firewalls. For example, in Figure 20 on page 136, the path
IDs should range from lowest to highest beginning with the firewall interface at the upper left of the
figure.
To ensure smooth operation, you might want to depict your firewalls in a vertical hierarchy as in
Figure 20 on page 136, label the interfaces with their IP addresses, then configure the paths so that
the path IDs to the interfaces range from lowest to highest path ID starting from the uppermost
firewall interface.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.262 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals