Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
11121314151617181920
4 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Understanding ServerIron FWLB
1
DRAFT: BROCADE CONFIDENTIAL
Dynamic route environments
ServerIrons in IronClad (high-availability) configurations automatically block Layer 3 route traffic at
the backup ServerIron to avoid loops, thus simplifying configuration in these environments. Refer to
“Router paths” on page 13.
Static route environments
Firewalls in static route environments have static or default routes, as do the external (Internet) and
internal routers.
Layer 2 firewall environments
Layer 2 firewalls do not route (as Layer 3 firewalls do), so the path configuration is slightly different
from the path configuration for Layer 3 firewalls.
NOTE
Layer 2 firewalls are only supported for IPv4.
NOTE
In all types of FWLB configurations, the ServerIrons must be able to reach the firewalls at Layer 2.
Thus, the firewalls must be directly attached to the ServerIrons or attached to them through Layer 2
devices.
Load balancing paths
To send traffic through firewalls, the ServerIron ADX uses paths. A path consists of the following
information:
Path ID – The path ID is a number that identifies the path. In a basic FWLB configuration, the
paths go from one ServerIron ADX to the other through the firewalls. In IronClad FWLB,
additional paths go to routers. On each ServerIron ADX, the path IDs must be contiguous (with
no gaps), starting with path ID 1.
ServerIron ADX port – The number of the port that connects the ServerIron ADX to the firewall.
The port number specified can be either the physical port number connected to the firewall or
a dynamic port number 65535 that allows for the ServerIron ADX to dynamically detect the
port to which the firewall is connected.
Destination IP address – The management address of the ServerIron or Layer 2 switch on the
other side of the firewall. The ServerIron ADX on the private network side and the other
ServerIron ADX or Layer 2 switch are the endpoints of the data path through the firewall. If the
path goes to a router, this parameter is the IP address of the firewall’s interface with the
ServerIron ADX.
Next-hop IP address – The IP address of the firewall interface connected to this ServerIron
ADX.
Figure 1 shows an example of FWLB paths.