Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
41424344454647484950
ServerIron ADX Firewall Load Balancing Guide 37
53-1002436-01
DRAFT: BROCADE CONFIDENTIAL
Chapter
3
Configuring HA FWLB
In this chapter
Understanding ServerIron FWLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring HA active-active FWLB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring active-active HA FWLB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Configuring active-active HA FWLB with VRRP . . . . . . . . . . . . . . . . . . . . . . . 62
Understanding ServerIron FWLB
High Availability (HA) FWLB allows the ServerIron ADX to actively load balance traffic and provide
enhanced performance.
For basic information about FWLB, refer to the following sections:
“Stateful FWLB” on page 7
“Health checks” on page 7
Layer 3 or Layer 4 sessions
The source and destination addresses in a session entry are Layer 3 or Layer 4 session entries.
Consider the following:
A Layer 3 session entry contains source and destination IP addresses.
A Layer 4 session entry contains source and destination TCP and UDP port numbers in addition
to IP addresses.
The session entry type depends on whether you configure application ports (TCP or UDP ports) to
the firewall configuration information on the ServerIron ADX:
If you do not configure application ports on a firewall, the ServerIron ADX creates session
entries using the source and destination IP addresses only. All packets for a given pair of
source and destination IP addresses are always sent to the same firewall.
If you configure an application port on a firewall, the ServerIron ADX includes the source and
destination TCP or UDP port numbers in the session entries for the application. Packets for the
same set of source and destination IP addresses can be sent to different firewalls, depending
on the source and destination TCP or UDP port numbers in the packets. For example, if you
configure TCP port 80 on the firewalls, the ServerIron ADX uses IP addresses and TCP port
numbers in the session table entries for HTTP traffic.