Brocade Communications Systems ServerIron ADX 12.4.00 Service Manual Page 95
- Page / 188
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
84 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuration example for a high-availability multizone FWLB
4
DRAFT: BROCADE CONFIDENTIAL
The fw-name commands add the firewalls. Specify the names you entered when configuring the
firewalls. In this example, the names are “FW1” and “FW2”.
The l2-fwall command enables the L2-fwall option. This option blocks the Layer 2 traffic on the
standby ServerIron ADXs. If you do not enable this mode, Layer 2 traffic can pass through the
ServerIron ADXs, causing loops. Layer 3 traffic is automatically blocked on the standby ServerIron
ADXs, so you do not need to explicitly block the traffic. The always-active option (enabled in the
default VLAN in commands described previously) allows the standby ServerIron ADX to still forward
traffic by sending the traffic to the active ServerIron ADX over the private link between the
ServerIron ADXs.
The sym-priority command enables the active-active mode. The priority can be from 0 through 255.
For details about configuring this command, refer to
“Enabling the active-active mode” on page 48
NOTE
If you specify 0, the CLI removes the priority. When you save the configuration to the startup-config
file, the sym-priority command is removed. You cannot remove the priority using the no sym-priority
command.
The following commands configure the firewall paths. In the configuration in Figure 14 on page 79,
each ServerIron ADX has nine paths:
• A path through FW1 to ServerIron ADX Zone3-SI-A, the active ServerIron ADX in zone 3
• A path through FW2 to ServerIron ADX Zone3-SI-A (This path passes through the standby
ServerIron ADX, then through FW2.)
• A path through FW1 to ServerIron ADX Zone3-SI-S, the standby ServerIron ADX in zone 3
• A path through FW2 to ServerIron ADX Zone3-SI-S (This path passes through the standby
ServerIron ADX.)
• A path through FW1 to ServerIron ADX Zone2-SI-A.
• A path through FW2 to ServerIron ADX Zone2-SI-A
• A path through FW1 to ServerIron ADX Zone2-SI-S
• A path through FW2 to ServerIron ADX Zone2-SI-S
• A path to the router
The ServerIron ADX uses the firewall paths to load balance the firewall traffic across the two
firewalls. As in other types of FWLB configurations, the paths must be fully meshed among the
ServerIron ADXs and firewalls. Thus, the ServerIron ADX has a separate path through each of the
firewalls to each of the ServerIron ADXs in the other zones.
The ServerIron ADX also uses the paths for checking the health of the links. The health checking
enables the ServerIron ADX to compensate if the link to a firewall becomes unavailable by sending
traffic that normally goes through the unavailable firewall through the firewall that is still available.
The results of the path health checks also play a role in the failover mechanism. The ServerIron
ADX determines how many zones it can access and how many firewall and router paths are good
based on health checks of the paths. If a path fails a health check, this can result in a failover to
the other ServerIron ADX. (Refer to
“Failover algorithm” on page 81.)
Zone1-SI-A(config-fw-2)# fwall-info 1 1 209.157.23.11 209.157.24.1
Zone1-SI-A(config-fw-2)# fwall-info 2 1 209.157.23.12 209.157.24.1
Zone1-SI-A(config-fw-2)# fwall-info 3 16 209.157.23.11 209.157.24.254
Zone1-SI-A(config-fw-2)# fwall-info 4 16 209.157.23.12 209.157.24.254
Zone1-SI-A(config-fw-2)# fwall-info 5 1 209.157.25.15 209.157.24.1
Zone1-SI-A(config-fw-2)# fwall-info 6 1 209.157.25.16 209.157.24.1
- ServerIron ADX 1
- Document History 2
- Contents 3
- About This Document 8
- Document conventions 9
- Notice to the reader 10
- Related publications 11
- ServerIron FWLB Overview 12
- Firewall environments 14
- Load balancing paths 15
- Firewall selection 17
- Hashing mechanism 17
- Stateful FWLB 18
- Health checks 18
- Path health checks 19
- Application health checks 19
- Firewall health check debug 21
- Basic FWLB topology 22
- HA FWLB topology 23
- Failover 24
- Router paths 24
- Multizone FWLB topology 25
- FWLB configuration limits 26
- Configuring Basic FWLB 28
- IPv4 Firewall-1 37
- IPv4 Firewall-2 37
- External 40
- Internal 40
- Firewall-2 42
- Firewall-1 42
- Configuring HA FWLB 48
- Session limits 49
- Session aging 49
- Task Reference 52
- Configuring the firewall port 53
- Configuring the partner port 54
- Configuring the router port 55
- Configuring the firewalls 55
- Adding the firewalls 55
- Connection rate control 57
- Complete CLI example 62
- HA FWLB with VRRP 73
- Usage notes 78
- Configuring Multizone FWLB 82
- Zone 3Zone 2 84
- Zone1-SI(config)# no span 85
- Failover algorithm 92
- Commands on Zone1-SI-A zone 1 92
- DRAFT: BROCADE CONFIDENTIAL 100
- 53-1002436-01 102
- SI-A SI-A 104
- In this chapter 124
- NAT firewalls 124
- Extra firewall method 129
- Access policy method 130
- Specifying the partner port 134
- Specifying the router ports 134
- Configuring FWLB and SLB 146
- Configuring SLB-to-FWLB 148
- Configuring the real servers 149
- Enabling SLB-to-FWLB 150
- Configuring FWLB-to-SLB 152
- Enabling FWLB-to-SLB 154
- FWLB configuration overview 166
- TCP/UDP port statistics 169
- FWLB path information 172
- Field Description 173
- • 6 – TCP 174
- • 17 – UDP 174
- In this appendix 176
- FWLB selection algorithms 182
- Configuration guidelines 186
- Denying FWLB 187
Related products and manuals for Network switches Brocade Communications Systems ServerIron ADX 12.4.00
(12 pages)
(64 pages)© 2020, manymanuals.com. All rights reserved. | 1.293 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals