Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
11121314151617181920
8 ServerIron ADX Firewall Load Balancing Guide
53-1002436-01
Understanding ServerIron FWLB
1
DRAFT: BROCADE CONFIDENTIAL
Path health checks
One of the required FWLB parameters is a separate path from the ServerIron through each firewall
to each of the ServerIrons on the other side of the firewall. A path to the ServerIron’s gateway router
also is required.
By default, the ServerIron ADX performs a Layer 3 health check of each firewall and router path by
sending an ICMP ping packet on each path. Consider the following to determine the path:
If the ServerIron ADX receives a reply within the allowed amount of time, the ServerIron ADX
concludes that the path is good.
If the ServerIron ADX does not receive a reply within the allowed amount of time, the ServerIron
ADX concludes that the path is down.
By default, the ServerIron ADX waits 400 milliseconds for a reply to an ICMP health check packet. If
the reply does not arrive, the ServerIron ADX makes two more attempts by default. Therefore, the
total amount of time the ServerIron ADX waits for a response is 1.2 seconds by default.
You can increase the total amount of time the ServerIron will wait for a response by increasing the
number of attempts. The default maximum number of health check attempts is 3. The valid
number of attempts is a value from 3 through 31.
Optionally, you can configure the ServerIron ADXs in an FWLB configuration to use Layer 4 TCP or
UDP health checks instead of Layer 3 health checks for firewall paths. When you configure a Layer
4 health check, the Layer 3 (ICMP) health check, which is used by default, is disabled. The Layer 4
health check applies only to firewall paths. The ServerIron ADX always uses a Layer 3 (ICMP) health
check to test the path to the router.
NOTE
You must configure the same path health check parameters on all the ServerIron ADXs in the FWLB
configuration. Otherwise, the paths will not pass the health checks.
Application health checks
When you add firewall configuration information to the ServerIron, you also can add information for
individual application ports. Adding the application information is optional.
You can specify the following:
The application’s protocol (TCP or UDP) and port number
The Layer 4 health check state (enabled or disabled) for the application
Adding an application port provides the following benefits:
The ServerIron ADX includes the source and destination port numbers for the application when
it creates a session entry. Thus, adding the application port provides more granular load
balancing.
The ServerIron ADX checks the health of the TCP or UDP service used by the application by
sending a Layer 4 TCP or UDP health check to the firewall.
Layer 4 health checks are enabled by default. However, you can disable the Layer 4 health checks
globally or on individual applications on individual firewalls.