Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 58
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
ServerIron ADX Firewall Load Balancing Guide 47
53-1002436-01
Configuring HA active-active FWLB
3
DRAFT: BROCADE CONFIDENTIAL
Adding the firewalls to the firewall group
To add the firewalls to the firewall group, enter the following commands.
ServerIronADX(config)# server fw-group-2
ServerIronADX(config-fw-2)# fw-name FW1
ServerIronADX(config-fw-2)# fw-name FW2
Syntax: server fw-group 2 | 4
This command changes the CLI to the firewall group configuration level. The IPv4 address format
firewall group number is 2. The IPv6 address format firewall group number is 4. These are the only
supported firewall groups.
Syntax: [no] fw-name <string>
This command adds a configured firewall to the firewall group. For an IPv6 firewall example, refer to
“IPv6 example for basic Layer 3 FWLB” on page 24.
Changing the load balancing method
By default, the ServerIron ADX load balances firewall traffic flows by selecting the firewall with the
lowest number of total connections. You can configure the ServerIron ADX to load balance based
on the lowest number of connections for the traffic flow’s application.
For example, suppose a configuration has two firewalls (FW1 and FW2), and each firewall has two
application ports defined (HTTP and SMTP). Also assume the following:
• FW1 has 10 HTTP connections and 80 SMTP connections.
• FW2 has 60 HTTP connections and 10 SMTP connections.
Using the default load balancing method, traffic for a new flow is load balanced to FW2, because
this firewall has fewer total connections. This is true regardless of the application in the traffic.
However, using the load balancing by application method, a new traffic flow carrying HTTP traffic is
load balanced to FW1 instead of FW2, because FW1 has fewer HTTP connections. A new traffic
flow for SMTP is load balanced to FW2, because FW2 has fewer SMTP connections.
To enable load balancing by application, enter the following command at the firewall group
configuration level.
ServerIronADX(config-fw-2)# fw-predictor per-service-least-conn
Syntax: [no] fw-predictor total-least-conn | per-service-least-conn
The total-least-conn parameter load balances traffic based on the total number of connections
only. This is the default.
The per-service-least-conn parameter load balances traffic based on the total number of
connections for the traffic’s application. This is valid for TCP or UDP applications.
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 0.236 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals