Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
171172173174175176177178179180
166 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Configuring FWLB for firewalls with active-standby NICs
A
DRAFT: BROCADE CONFIDENTIAL
FIGURE 24 FWLB configuration using always-active with active-standby firewall interfaces
In this example, the links on each firewall are marked to indicate whether they are in the active
(ACT) or standby (STY) state. The ServerIron ADX sends traffic to the active firewall interface but not
to the standby interface. For example, ServerIron ADX SI-Ext-A sends traffic to firewall FW1 through
port 3 because the firewall’s link with the ServerIron ADX is on port 3. However, if the link becomes
unavailable and the firewall fails over to the other link, ServerIron ADX SI-Ext-A can no longer reach
the firewall through port 3. ServerIron ADX SI-Ext-A must use the additional data link configured on
ports 5 and 6 (a trunk group in this configuration) to reach the firewall, by sending the traffic
through ServerIron ADX SI-Ext-B. (The always-active feature enables the ServerIron ADXs in the
active-standby pair to use each other as data paths in instances such as this.)
BigIron
BigIron
BigIron-A
121.212.247.225
121.212.247.241
0.0.0.0 0.0.0.0 121.212.247.242
VRID: 121.212.247.241
ServerIron SI-Ext-A
121.212.247.228
Default gateway:
121.212.247.225
FW-1-External
121.212.247.226
FW-1-Internal
121.212.247.242
ServerIron SI-Ext-A
121.212.247.244
Default gateway:
121.212.247.241
Port1
Port3
Port2
FW1
ACT
STY
ACT
STY
Port3
Port1
Port2
Port1
Port1
NetIron-A
Static route:
VRRP Master
Trunk ports 5 and 6
Trunk ports 5 and 6
Trunk ports 5 and 6
Trunk ports 5 and 6
Additional
data link
Additional
data link
Synchronization link
Synchronization link
ServerIron SI-Ext-S
121.212.247.229
Default gateway:
121.212.247.230
ServerIron SI-Ext-S
121.212.247.245
Default gateway:
121.212.247.241
0.0.0.0 0.0.0.0 121.212.247.242
VRID: 121.212.247.241
NetIron-S
Static route:
VRRP Master
Port1
Port3Port2
Port3
Port2
Port1
121.212.247.230
BigIron-S
FW-2-External
121.212.247.227
FW-2-Internal
121.212.247.243
FW2
ACT
ACT
STY
STY
121.212.247.246
Port1