Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 96
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX Firewall Load Balancing Guide 85
53-1002436-01
Configuration example for a high-availability multizone FWLB
4
DRAFT: BROCADE CONFIDENTIAL
Zone1-SI-A(config-fw-2)# fwall-info 7 16 209.157.25.15 209.157.24.254
Zone1-SI-A(config-fw-2)# fwall-info 8 16 209.157.25.16 209.157.24.254
Zone1-SI-A(config-fw-2)# fwall-info 9 5 209.157.24.250 209.157.24.250
Zone1-SI-A(config-fw-2)# exit
Each fwall-info command consists of a path number, a ServerIron ADX port number, the IP address
at the other end of the path, and the next-hop IP address. The paths that pass through FW1 use
ServerIron ADX port 1, which is connected to FW1. The paths that pass through FW2 (by way of the
standby ServerIron ADX, Zone1-SI-S) use ServerIron ADX port 16, which is connected to Zone1-SI-S.
Note that the connection on port 16 is different from the private link between the two ServerIron
ADXs on ports 9 and 10. The connection on port 16 is in the same VLAN as the links to the routers
and firewalls (the default VLAN, VLAN 1). The private link on ports 9 and 10 is in a separate
port-based VLAN and is not used in any of the paths. The private link on ports 9 and 10 in VLAN 2 is
used only to exchange failover information. All traffic between zones uses the links in the default
VLAN.
Notice that the last path, unlike the other paths, has the same IP address for the destination and
the next hop for the path. This path is a router path and ends at the router itself. The other paths
are firewall paths and end at the ServerIron ADX at the other end of the firewall.
The following commands add static entries to the ServerIron ADX’s MAC table for the firewall
interfaces.
Zone1-SI-A(config)# vlan 1
Zone1-SI-A(config-vlan-1)# static-mac-address abcd.5200.348d ethernet 1 priority
1 router-type
Zone1-SI-A(config-vlan-1)# static-mac-address abcd.5200.0b50 ethernet 16 priority
1 router-type
Zone1-SI-A(config-vlan-1)# exit
Each command includes the MAC address of the firewall’s interface with the ServerIron ADX and
the ServerIron ADX port that is connected to the firewall. The priority 1 and router-type parameters
identify the MAC entry type and are required.
NOTE
If you enter the static-mac-address command at the global CONFIG level, the static MAC entry
applies to the default port-based VLAN (VLAN 1). If you enter the static-mac-address command at
the configuration level for a specific port-based VLAN, the entry applies to that VLAN and not to the
default VLAN.
The following command saves the configuration information to the ServerIron ADX’s startup-config
file on flash memory. You must save the configuration information before reloading the software or
powering down the device. Otherwise, the information is lost.
Zone1-SI-A(config)# write memory
The following commands change the CLI to the Privileged EXEC level, and reload the software.
Because this configuration includes a trunk group, you must reload the software to place the trunk
group into effect.
Zone1-SI-A(config)# exit
Zone1-SI-A# reload
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.161 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals