Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
131132133134135136137138139140
Configuring FWLB and SLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 8 - 11
ServerIronB(config)# ip policy 2 fw udp 0 global
ServerIronB(config)# write memory
From HA Chapter
Active-Active FWLB – with External SLB (FWLB-to-SLB)
The software supports two types of FWLB with SLB configurations. Your choice of implementation depends on
which pair of ServerIrons you want to use for the SLB configuration. Use SLB-to-FWLB is you want to place the
SLB configuration on the external ServerIrons. Use FWLB-to-SLB if you want to place the SLB configuration on
the internal ServerIrons.
The software supports the following configurations:
FWLB-to-SLB – The internal ServerIron (the one on the server side or private side of the firewalls) contains all
the SLB configuration information. In this configuration, the FWLB-to-SLB feature is enabled on the internal
ServerIron rather than the external ServerIron. This configuration enables the internal ServerIron to learn the
firewall from which a client request is received and send the server reply back through the same firewall.
SLB-to-FWLB – The external ServerIron, on the client or external side of the firewalls, performs FWLB for
traffic directed toward real servers connected to the ServerIron on the private side of the firewalls. In this
configuration, all the SLB configuration (virtual IP address, real server, and port bindings) resides on the
external ServerIron. The real servers are configured as remote servers. In addition, the SLB-to-FWLB
feature is enabled on the external ServerIron. The internal ServerIron is configured for FWLB but requires no
additional configuration.
Figure 8.3 shows an example of an active-active FWLB configuration that also supports SLB. The pair of
ServerIrons on the non-secure (external) of the firewalls are connected to clients. The pair of ServerIrons on the
secure side of the firewalls are connected to application servers. Both pairs of ServerIrons load balance the traffic
to the firewalls and also perform SLB load balancing for application traffic.
Both ServerIrons in each pair actively load balance traffic as well as provide redundancy.
You can configure the network in Figure 8.3 for FWLB-to-SLB or SLB-to-FWLB. The configuration commands
after the figure show how to configure SLB-to-FWLB.