Technical data
Firewall Load Balancing Guide
8 - 14 © 2012 Brocade Communications Systems, Inc. May 31, 2012
The following command sets the load balancing method to balance requests based on the firewall that has the
least number of connections for the requested service. Since the firewall definitions above specify the HTTP
service, the ServerIron will load balance requests based on the firewall that has fewer HTTP session entries in the
ServerIron session table.
SI-Ext-A(config-tc-2)# fw-predictor per-service-least-conn
The following command is part of the always-active feature, which provides the additional data link between the
this ServerIron and its partner.
SI-Ext-A(config-tc-2)# l2-fwall
SI-Ext-A(config-tc-2)# exit
The following commands add static MAC entries for the firewall interfaces with the ServerIron. The static MAC
entries are required only if the configuration uses static routes and a single virtual routing interface, as in this
example, and if the default gateway for the client or server is the firewall. If the configuration uses a dynamic
routing protocol (for example, RIP or OSPF), the static entries are not required. Alternatively, the static entries are
not required if you use the ServerIron itself as the default gateway for the client or the server. For example, the
static entries are not required if you configure the client to use 10.10.1.111 as its default gateway.
SI-Ext-A(config)# vlan 1
SI-Ext-A(config-vlan-1)# static-mac-address 00e0.5201.0426 ethernet 4/1
priority 1 router-type
SI-Ext-A(config-vlan-1)# static-mac-address 00e0.5203.2f80 ethernet 3/1
priority 1 router-type
SI-Ext-A(config-vlan-1)# exit
The following commands configure the SLB parameters, four real servers and one VIP. The servers are bound to
the VIP by the HTTP port. Notice that the servers are configured as remote servers. If Proxy ARP is enabled on
the internal ServerIrons, you can define the real servers as local servers instead of remote servers. However, if
Proxy ARP is not enabled on the internal ServerIrons, the real servers must be remote servers.
SI-Ext-A(config)# server remote-name web1 10.10.2.40
SI-Ext-A(config-rs-web1)# port http
SI-Ext-A(config-rs-web1)# server remote-name web2 10.10.2.41
SI-Ext-A(config-rs-web2)# port http
SI-Ext-A(config-rs-web2)# server remote-name web3 10.10.2.42
SI-Ext-A(config-rs-web3)# port http
SI-Ext-A(config-rs-web3)# server remote-name web4 10.10.2.43
SI-Ext-A(config-rs-web4)# port http
SI-Ext-A(config-rs-web4)# server virtual webby 10.10.1.10
SI-Ext-A(config-vs-webby)# port http
SI-Ext-A(config-vs-webby)# bind http web4 http web3 http web2 http web1 http
Enter the following command to enable SLB-to-FWLB.
NOTE: This command applies only to the ServerIrons that contain the SLB configuration. Do not enter this
command on the internal ServerIrons.
SI-Ext-A(config)# server slb-fw
The following commands assign FWLB processing for all forwarding modules to the same WSM CPU. The device
uses the same CPU to process all FWLB traffic. You must assign all the traffic to the same WSM CPU. The
commands in this example assign traffic on the forwarding modules in slots 3 and 4 to WSM CPU 1 on the Web
Switching Management Module in slot 2.
SI-Ext-A(config)# wsm wsm-map slot 3 wsm-slot 2 wsm-cpu 1
SI-Ext-A(config)# wsm wsm-map slot 4 wsm-slot 2 wsm-cpu 1
NOTE: For simplicity, the configuration of the other ServerIrons in this example do not include wsm wsm-map
commands. However, the commands you need to enter depend on the slot locations of the modules in the device
and the WSM CPU you want to use.
The following commands enable FWLB.