Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 49
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
38 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Understanding ServerIron FWLB
3
DRAFT: BROCADE CONFIDENTIAL
Session limits
To avoid overloading a firewall, the ServerIron ADX does not forward a packet to a firewall if either of
the following conditions exists:
• The firewall already has the maximum allowed number of open sessions with the ServerIron
ADX. An open session is represented by a session entry. By default, a firewall can have up to
two million session entries on the ServerIron ADX. In a high-availability pair, the firewall can
have up to two million session entries combined on both ServerIron ADXs. You can change the
maximum number of sessions on an individual firewall basis to a number from 1 through
2,000,000.
• The firewall has already received the maximum allowed number of new sessions within the
previous one-second interval. By default, the ServerIron ADX will allow up to two million new
sessions to the same firewall. The maximum includes TCP and UDP sessions combined. You
can change the maximum number of sessions per-second separately for TCP and UDP, to a
value from 1 through 2,000,000.
Session aging
The ServerIron ADX ages out inactive session entries. The aging mechanism differs depending on
whether the session entry is a Layer 3 entry or a Layer 4 entry:
• Layer 3 session entries – The ServerIron ADX uses the sticky age timer to age out Layer 3
session entries. The default sticky age is 5 minutes. You can change the sticky age to a value
from 2 through 60 minutes.
- To change the timer, enter the server sticky-age <num> command at the global CONFIG
level of the CLI.
• Layer 4 session entries – The ServerIron ADX clears a session entry that has TCP ports when
the ServerIron ADX receives a TCP FIN or RESET to end the session. For a TCP session that
ends abnormally, the ServerIron ADX uses the TCP age timer to age out the session. The
ServerIron ADX uses the UDP age timer to age out all UDP sessions. The default TCP age timer
is 30 minutes. The default UDP age timer is 5 minutes. You can configure either timer to a
value from 2 through 60 minutes.
- To change the TCP age timer, enter the server tcp-age <num> command at the global
CONFIG level of the CLI.
- To change the UDP age timer, enter the server udp-age <num> command at the global
CONFIG level of the CLI.
NOTE
Server Load Balancing (SLB) uses the same values for the sticky age, TCP age, and UDP age timers.
If you change a timer, the change applies to both SLB and FWLB.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.397 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals