Technical data
ServerIron ADX Firewall Load Balancing Guide 153
53-1002436-01
Supporting dual homed servers in FWLB design
6
DRAFT: BROCADE CONFIDENTIAL
FIGURE 23 Example of server with two NICs
Consider a failure situation where the link between Firewall-1 and External ServerIron ADX-A has
failed. All four ServerIron ADXs will detect this firewall path failure. Also, assume that the active NIC
on the internal server has failed and the standby NIC has taken over. The VRRP-E ownership on the
internal ServerIron ADXs however will not change as this VRRP-E instance is not tracking server
side interfaces.
The ingress traffic which arrives in External ServerIron A will be forwarded to the internal server
through External ServerIron ADX B, Firewall-2 and Internal ServerIron ADX B. The response traffic
will first arrive at the Internal ServerIron ADX B through the "currently active" standby NIC. Since
this traffic would be destined to the VRRP-E address, the internal ServerIron ADX B forwards it to
Internal ServerIron A over the firewall partner port. Upon receiving this traffic over the partner port,
the Internal ServerIron ADX A forwards it at Layer 3 to Firewall-1 which then drops the traffic as it
won't have an exit path.
SI SI
L3 Router
L3 Router
Internet
SI
SI
External
ServerIron A
Internal
ServerIron A
VRRP-E (Master)
External
ServerIron B
Internal
ServerIron B
VRRP-E (Backup)
Server
Firewall 1
Firewall 2
Active
Standby