Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

151

152

153

154

155

156

157

158

159

160

ServerIron ADX Firewall Load Balancing Guide 149

53-1002436-01

Configuration example for FWLB-to-SLB

DRAFT: BROCADE CONFIDENTIAL

The following commands configure the SLB parameters, four real servers and one VIP. The servers

are bound to the VIP by the HTTP port. Notice that the servers are configured as remote servers. If

Proxy ARP is enabled on the internal ServerIron ADXs, you can define the real servers as local

servers instead of remote servers. However, if Proxy ARP is not enabled on the internal ServerIron

ADXs, the real servers must be remote servers.

SI-Ext-A(config)# server remote-name web1 10.10.2.40

SI-Ext-A(config-rs-web1)# port http

SI-Ext-A(config-rs-web1)# server remote-name web2 10.10.2.41

SI-Ext-A(config-rs-web2)# port http

SI-Ext-A(config-rs-web2)# server remote-name web3 10.10.2.42

SI-Ext-A(config-rs-web3)# port http

SI-Ext-A(config-rs-web3)# server remote-name web4 10.10.2.43

SI-Ext-A(config-rs-web4)# port http

SI-Ext-A(config-rs-web4)# server virtual webby 10.10.1.10

SI-Ext-A(config-vs-webby)# port http

SI-Ext-A(config-vs-webby)# bind http web4 http web3 http web2 http web1 http

Enter the following command to enable SLB-to-FWLB.

NOTE

This command applies only to the ServerIrons that contain the SLB configuration. Do not enter this

command on the internal ServerIrons.

SI-Ext-A(config)# server slb-fw

SI-Ext-A(config)# write memory

Commands on external ServerIron B (SI-Ext-B)

Here are the commands for configuring SI-Ext-B in Figure 22 on page 146. The SLB configuration

is identical to the one on SI-Ext-A.

ServerIronADX> enable

ServerIronADX# configure terminal

ServerIronADX(config)# hostname SI-Ext-B

SI-Ext-B(config)# vlan 1

SI-Ext-B(config-vlan-1)# always-active

SI-Ext-B(config-vlan-1)# no spanning-tree

SI-Ext-B(config-vlan-1)# router-interface ve 1

SI-Ext-B(config-vlan-1)# exit

SI-Ext-B(config)# interface ve 1

SI-Ext-B(config-ve-1)# ip address 10.10.1.112 255.255.255.0

SI-Ext-B(config-ve-1)# exit

SI-Ext-B(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.1

SI-Ext-B(config)# trunk switch ethernet 3/5 to 3/6

SI-Ext-B(config)# trunk deploy

SI-Ext-B(config)# vlan 10

SI-Ext-B(config-vlan-10)# untagged ethernet 3/5 to 3/6

SI-Ext-B(config-vlan-10)# exit

SI-Ext-B(config)# server fw-port 3/5

SI-Ext-B(config)# server partner-ports ethernet 3/1

SI-Ext-B(config)# server fw-name fw1 10.10.1.1

SI-Ext-B(config-rs-fw1)# port http

SI-Ext-B(config-rs-fw1)# port http no-health-check

SI-Ext-B(config-rs-fw1)# exit

SI-Ext-B(config)# server fw-name fw2 10.10.1.2

SI-Ext-B(config-rs-fw2)# port http

SI-Ext-B(config-rs-fw2)# port http no-health-check

SI-Ext-B(config-rs-fw2)# exit