Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
919293949596979899100
ServerIron ADX Firewall Load Balancing Guide 81
53-1002436-01
Configuration example for a high-availability multizone FWLB
4
DRAFT: BROCADE CONFIDENTIAL
Failover algorithm
ServerIron ADXs in high-availability multizone FWLB configurations use the following criteria for
failover:
Connection to zones – If one ServerIron ADX in an active-standby ServerIron ADX has
connectivity to more zones than the other ServerIron ADX, the ServerIron ADX with connectivity
to more zones is the active ServerIron ADX.
Total number of good paths – If each ServerIron ADX has connectivity to an equal number of
zones, the ServerIron ADX with more good paths, within the configured tolerance, is the active
ServerIron ADX. The paths include firewall paths and router paths. By default, the ServerIron
ADXs can tolerate up to half of the firewall paths and half the router paths being down before
failover based on good paths occurs. You can change the path tolerance.
Priority – If all the previous metrics are equal on each ServerIron ADX, the ServerIron ADX with
the higher priority is the active ServerIron ADX.
Configuration example for a high-availability multizone FWLB
The following sections show all the ServerIron ADX commands you would enter on each ServerIron
ADX to implement the configuration shown in
Figure 14 on page 79.
Most of the configuration tasks for high-availability multizone FWLB are the same as the tasks for
other FWLB configurations.
Commands on Zone1-SI-A zone 1
The following commands configure ServerIron ADX “Zone1-SI-A” on the left side of zone 1 in
Figure 14 on page 79.
The following commands change the device name, configure the management IP address, and
specify the default gateway. Notice that the management IP address is in the same sub-net as the
firewall interface with the ServerIron ADX. If the ServerIron ADX and the firewall are in different
sub-nets, you must configure source IP addresses and enable source NAT.
In this configuration, the default gateway for each ServerIron ADX is the IP address of the firewall
interface with that ServerIron ADX. In this case, the IP address is the address of firewall FW1’s
interface with this ServerIron ADX.
ServerIronADX(config)# hostname Zone1-SI-A
Zone1-SI-A(config)# ip address 209.157.24.13 255.255.255.0
Zone1-SI-A(config)# ip default-gateway 209.157.24.1
The following command disables the Spanning Tree Protocol (STP). You must disable STP on all the
devices in this type of FWLB configuration.
Zone1-SI-A(config)# no span
The following command identifies the router port, which is the ServerIron ADX port connected to a
router. In the example in
Figure 14 on page 79, each ServerIron ADX has one router port.
Zone1-SI-A(config)# server router-ports 5