Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

171

172

173

174

175

176

177

178

179

180

162 ServerIron ADX Firewall Load Balancing Guide

53-1002436-01

Displaying the firewall selected by the hashing process for load balancing

DRAFT: BROCADE CONFIDENTIAL

Displaying the firewall selected by the hashing process

for load balancing

By default, FWLB uses a hashing algorithm to select a firewall for a packet based on the packet’s

source and destination IP address. Optionally, you can configure the ServerIron ADX to also hash

based on source and destination TCP or UDP application ports. Once the ServerIron ADX selects a

firewall for a given pair of source and destination IP addresses (and, if specified, source and

destination TCP or UDP application ports), the ServerIron always selects the same firewall for

packets with the same address pairs.

To display the firewall that the hashing algorithm selected for a given pair of source and destination

addresses, enter the following command.

ServerIronADX# show fw-hash 1.1.1.1 2.2.2.2 2

fw3

In this example, the command output indicates that the FWLB hashing algorithm selected firewall

"fw3" for traffic to IP address 1.1.1.1 from IP address 2.2.2.2.

Syntax: (IPv4) show fw-hash <dst-ip-addr> <src-ip-addr> <fwall-group-id> [<protocol>

<dst-tcp/udp-port> <src-tcp/udp-port>]

Syntax: (IPv6) show fw-hash <dst-ipv6-addr> <src-ipv6-addr> <fwall-group-id> [<protocol>

<dst-tcp/udp-port> <src-tcp/udp-port>]

The <dst-ip-addr> parameter specifies the destination IPv4 address.

The <src-ip-addr> parameter specifies the source IPv4 address.

The <dst-ipv6-addr> parameter specifies the destination IPv6 address.

State (Current, Local, and

Partner)

Current, local, and active state information for the path:

• The current state indicates the immediate state information. This is the

most current information.

• The local state indicates the cumulative current states over a

three-second interval. If the current states have been the same for the

previous three seconds, the state is shown in the Local column.

• The partner state.

In each column, the state can be one of the following:

• 0 – Unknown. Generally, this indicates that the link is down.

• 5 – The ServerIron is in active mode for the firewall group.

Priority The IronClad FWLB priority for the firewalls in the firewall group. The ServerIron

ADX with the higher priority for the group ID the default active ServerIron ADX

for the group.

Path-cnt The number of firewall paths.

Router-cnt

Active path cnt The number of paths from this ServerIron ADX that go to active ServerIron

ADXs. A path that goes to a ServerIron ADX that is in standby mode is not

counted in this statistic.

list A list of the configured paths.

TABLE 8 FWLB path information (Continued)

Field Description