Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 158
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX Firewall Load Balancing Guide 147
53-1002436-01
Configuration example for FWLB-to-SLB
6
DRAFT: BROCADE CONFIDENTIAL
The following command enable the always-active feature and disables the Spanning Tree Protocol
(STP) in VLAN
1, which contains the ports that will carry the FWLB traffic.
SI-Ext-A(config)# vlan 1
SI-Ext-A(config-vlan-1)# always-active
SI-Ext-A(config-vlan-1)# no spanning-tree
The following commands configure a virtual routing interface on VLAN 1 (the default VLAN), then
configure an IP address on the interface. The virtual routing interface is associated with all the
ports in the VLAN.
SI-Ext-A(config-vlan-1)# router-interface ve 1
SI-Ext-A(config-vlan-1)# exit
SI-Ext-A(config)# interface ve 1
SI-Ext-A(config-ve-1)# ip address 10.10.1.111 255.255.255.0
SI-Ext-A(config-ve-1)# exit
The following command configures an IP default route. The next hop for this route is the ServerIron
ADX’s interface with firewall FW1.
SI-Ext-A(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.1
The following commands configure the dedicated synchronization link between the ServerIron ADX
and its active-active partner. The trunk command configures the two ports of the link into a trunk
group. The next two commands add the trunk group to a separate port-based VLAN, since the
synchronization link must be in its own VLAN. The server fw-port command identifies the port
number the link is on. If the link is a trunk group, you must specify the MAC address of the group’s
primary port.
SI-Ext-A(config)# trunk switch ethernet 3/5 to 3/6
SI-Ext-A(config)# trunk deploy
SI-Ext-A(config)# vlan 10
SI-Ext-A(config-vlan-10)# untagged ethernet 3/5 to 3/6
SI-Ext-A(config-vlan-10)# exit
SI-Ext-A(config)# server fw-port 3/5
The following command configures the data link between this ServerIron ADX and its active-active
partner. You must use the server partner-ports command to specify all the data links with the
partner. However, do not use the command for the synchronization link.
SI-Ext-A(config)# server partner-ports ethernet 3/1
The following commands add the firewall definitions. In this example, port HTTP is specified for
each firewall. Specifying the application ports on the firewalls is optional. The port http
no-health-check command under each firewall disables the Layer 4 health check for the HTTP port.
When you add an application port to a firewall definition, the ServerIron ADX automatically enables
the Layer 4 health check for that port. You must disable the Layer 4 health check if the firewall is
unable to act as a proxy for the application and respond to the health check. If the firewall does not
respond to the health check, the ServerIron ADX assumes that the port is unavailable and stops
sending traffic for the port to the firewall.
The ServerIron ADX will still use a Layer 3 health check (IP ping) to test connectivity to the firewall.
SI-Ext-A(config)# server fw-name fw1 10.10.1.1
SI-Ext-A(config-rs-fw1)# port http
SI-Ext-A(config-rs-fw1)# port http no-health-check
SI-Ext-A(config-rs-fw1)# exit
SI-Ext-A(config)# server fw-name fw2 10.10.1.2
SI-Ext-A(config-rs-fw2)# port http
SI-Ext-A(config-rs-fw2)# port http no-health-check
SI-Ext-A(config-rs-fw2)# exit
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.256 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals