Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 156
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX Firewall Load Balancing Guide 145
53-1002436-01
Configuration example for FWLB-to-SLB
6
DRAFT: BROCADE CONFIDENTIAL
ServerIronADXB(config)# server virtual www.brocade.com
ServerIronADXB(config-vs-www.brocade.com)# bind http RS1 http
ServerIronADXB(config-vs-www.brocade.com)# bind http RS2 http
Enter the following command to enable FWLB-to-SLB.
NOTE
This command applies only to the ServerIron ADX that contains the SLB configuration. Do not enter
this command on the Internet ServerIron ADX (ServerIron ADXA).
ServerIronADXB(config)# server fw-slb
Enter the following commands to complete the FWLB configuration on this ServerIron ADX. Notice
that the fwall-info commands configure paths that are reciprocal to the paths configured on
ServerIron ADX A. Path 1 on each ServerIron ADX goes through one of the firewalls while path 2
goes through the other firewall.
ServerIronADXB(config)# server fw-name FW1-IPout 192.168.2.30
ServerIronADXB(config-rs-FW1-IPout)# exit
ServerIronADXB(config)# server fw-name FW2-IPout 192.168.2.40
ServerIronADXB(config-rs-FW2-IPout)# exit
ServerIronADXB(config)# server fw-group 2
ServerIronADXB(config-fw-2)# fw-name FW1-IPout
ServerIronADXB(config-fw-2)# fw-name FW2-IPout
ServerIronADXB(config-fw-2)# fwall-info 1 1 192.168.1.100 192.168.2.30
ServerIronADXB(config-fw-2)# fwall-info 2 2 192.168.1.100 192.168.2.40
ServerIronADXB(config-fw-2)# exit
ServerIronADXB(config)# static-mac-address abcd.4321.34e2 ethernet 1 priority 1
router-type
ServerIronADXB(config)# static-mac-address abcd.4321.34e3 ethernet 2 priority 1
router-type
ServerIronADXB(config)# write memory
Active-active FWLB – with external SLB (FWLB-to-SLB)
The software supports two types of FWLB with SLB configurations. Your choice of implementation
depends on which pair of ServerIron ADXs you want to use for the SLB configuration. Use
SLB-to-FWLB is you want to place the SLB configuration on the external ServerIron ADXs. Use
FWLB-to-SLB if you want to place the SLB configuration on the internal ServerIron ADXs.
The software supports the following configurations:
• FWLB-to-SLB – The internal ServerIron ADX (the one on the server side or private side of the
firewalls) contains all the SLB configuration information. In this configuration, the
FWLB-to-SLB feature is enabled on the internal ServerIron ADX rather than the external
ServerIron ADX. This configuration enables the internal ServerIron ADX to learn the firewall
from which a client request is received and send the server reply back through the same
firewall.
• SLB-to-FWLB – The external ServerIron ADX, on the client or external side of the firewalls,
performs FWLB for traffic directed toward real servers connected to the ServerIron ADX on the
private side of the firewalls. In this configuration, all the SLB configuration (virtual IP address,
real server, and port bindings) resides on the external ServerIron ADX. The real servers are
configured as remote servers. In addition, the SLB-to-FWLB feature is enabled on the external
ServerIron ADX. The internal ServerIron is configured for FWLB but requires no additional
configuration.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.286 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals