Technical data
Firewall Load Balancing Guide
8 - 10 © 2012 Brocade Communications Systems, Inc. May 31, 2012
The value “0” is equivalent to “any” and means the ServerIron should perform FWLB for all TCP traffic. The
second ip policy command enables FWLB for all UDP traffic.
ServerIronA(config)# ip policy 1 fw tcp 0 global
ServerIronA(config)# ip policy 2 fw udp 0 global
ServerIronA(config)# write memory
Commands on ServerIron B (Internal)
Enter the following commands to configure SLB. In an FWLB-to-SLB configuration, all SLB configuration takes
place on the internal ServerIron (ServerIron B, the internal ServerIron, in this example).
The following commands change the ServerIron’s host name to “ServerIronB", configure the ServerIron’s
management IP address, and specify the default gateway.
ServerIron(config)# hostname ServerIronB
ServerIronB(config)# ip address 192.168.2.200 255.255.255.0
ServerIronB(config)# ip default-gateway 192.168.2.1
The following commands configure the real servers. Notice that the servers are configured as local servers
instead of remote servers. You can configure the real servers as local servers if Proxy ARP is enabled on the
internal router.
ServerIronB(config)# server real-name RS1 192.168.2.50
ServerIronB(config-rs-RS1)# port http
ServerIronB(config-rs-RS1)# exit
ServerIronB(config)# server real-name RS2 192.168.2.60
ServerIronB(config-rs-RS2)# port http
ServerIronB(config-rs-RS2)# exit
The following commands configure the virtual server and bind it to the real servers with TCP port 80 (HTTP).
ServerIronB(config)# server virtual-name www.brocade.com 192.168.1.2
ServerIronB(config-vs-www.brocade.com)# port http
ServerIronB(config)# server virtual www.foundrynet.com
ServerIronB(config-vs-www.brocade.com)# bind http RS1 http
ServerIronB(config-vs-www.brocade.com)# bind http RS2 http
Enter the following command to enable FWLB-to-SLB.
NOTE: This command applies only to the ServerIron that contains the SLB configuration. Do not enter this
command on the Internet ServerIron (ServerIronA).
ServerIronB(config)# server fw-slb
Enter the following commands to complete the FWLB configuration on this ServerIron. Notice that the fwall-info
commands configure paths that are reciprocal to the paths configured on ServerIron A. Path 1 on each ServerIron
goes through one of the firewalls while path 2 goes through the other firewall.
ServerIronB(config)# server fw-name FW1-IPout 192.168.2.30
ServerIronB(config-rs-FW1-IPout)# exit
ServerIronB(config)# server fw-name FW2-IPout 192.168.2.40
ServerIronB(config-rs-FW2-IPout)# exit
ServerIronB(config)# server fw-group 2
ServerIronB(config-tc-2)# fw-name FW1-IPout
ServerIronB(config-tc-2)# fw-name FW2-IPout
ServerIronB(config-tc-2)# fwall-info 1 1 192.168.1.100 192.168.2.30
ServerIronB(config-tc-2)# fwall-info 2 2 192.168.1.100 192.168.2.40
ServerIronB(config-tc-2)# exit
ServerIronB(config)# static-mac-address abcd.4321.34e2 ethernet 1 high-priority
router-type
ServerIronB(config)# static-mac-address abcd.4321.34e3 ethernet 2 high-priority
router-type
ServerIronB(config)# ip policy 1 fw tcp 0 global