Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 59
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
48 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuring HA active-active FWLB
3
DRAFT: BROCADE CONFIDENTIAL
Hashing load balance metric in FWLB
You configure the fw-predictor hash command under the firewall group. When this command is
configured, firewall selection is based on hashing of IP addresses (and ports optionally). The
packet will be dropped if hashing picks a firewall and if either of the following is true:
• The maximum number of sessions (max-conn command) is reached for that firewall.
• The connection rate is exceeded for the firewall or the firewall port.
The connection rate can be specified at the firewall level or a firewall port level.
To configure the hashing features, enter the following commands.
SLB-SI-A(config)# server fw-group 2
SLB-SI-A(config-fw-2)# fw-predictor hash
Syntax: fw-predictor hash
Enabling the active-active mode
To enable the FWLB active-active mode, enter a command such as the following at the firewall
group configuration level.
ServerIronADX(config-fw-2)# sym-priority 1
Syntax: [no] sym-priority <num>
The sym-priority command enables the active-active mode.
The <num> variable specifies a priority value from 1 through 255. While a value must be used, it
does not affect operation of the ServerIron ADX.
Using the value of “0” for the <num> variable is a special case. If you specify “0”, the CLI removes
the priority. When you save the configuration to the startup-config file, the sym-priority command is
removed. You cannot remove the priority using the no sym-priority command.
This command is also used for Symmetric Server Load Balancing (SSLB) where the value of the
<num> variable is significant. For more information about SSLB see the “Symmetric SLB” section
of the “High Availability” chapter in the ServerIron ADX Server Load Balancing Guide.
Configuring the paths and static MAC address entries
The paths go from one ServerIron ADX to the other ServerIron ADXs on the other side of each
firewall. A path also goes to the router.
A path consists of the following parameters:
• The path ID – A number that identifies the path. The paths go from one ServerIron ADX to the
other through the firewalls. A path also goes to the router. On each ServerIron ADX, the
sequence of path IDs must be contiguous (with no gaps), starting with path ID 1. For example,
path sequence 1, 2, 3, 4, 5 is valid. Path sequence 1, 3, 5 or 5, 4, 3, 2, 1 is not valid.
• The ServerIron ADX port – The number of the port that connects the ServerIron ADX to the
firewall. If your configuration does not require static MAC entries, you can specify a dynamic
port (65535) instead of the physical port number for firewall paths. Specifying the dynamic
port allows the ServerIron ADX to select the physical port for the path so you do not need to do
so. You cannot specify the dynamic port for router paths. Router paths require the physical
port number.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.601 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals