Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
141142143144145146147148149150
Firewall Load Balancing Guide
9 - 8 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Process for Load Balancing
By default, FWLB uses a hashing algorithm to select a firewall for a packet based on the packet’s source and
destination IP address. Optionally, you can configure the ServerIron to also hash based on source and destination
TCP or UDP application ports. Once the ServerIron selects a firewall for a given pair of source and destination IP
addresses (and, if specified, source and destination TCP or UDP application ports), the ServerIron always selects
the same firewall for packets with the same address pairs.
To display the firewall that the hashing algorithm selected for a given pair of source and destination addresses,
enter a command such as the following:
ServerIron# show fw-hash 1.1.1.1 2.2.2.2 2
fw3
In this example, the command output indicates that the FWLB hashing algorithm selected firewall "fw3" for traffic
to IP address 1.1.1.1 from IP address 2.2.2.2.
Syntax: show fw-hash <dst-ip-addr> <src-ip-addr> <fwall-group-id>
[<protocol> <dst-tcp/udp-port> <src-tcp/udp-port>]
The <dst-ip-addr> parameter specifies the destination IP address.
The <src-ip-addr> parameter specifies the source IP address.
The <fwall-group-id> parameter specifies the FWLB group ID. Normally, the FWLB group ID is 2.
The <protocol> parameter specifies the protocol number for TCP or UDP. You can specify one of the following:
•6 TCP
17 – UDP
The <dst-tcp/udp-port> specifies the destination TCP or UDP application port number.
The <src-tcp/udp-port> specifies the source TCP or UDP application port number.
If you configured the ServerIron to hash based on source and destination TCP or UDP application ports as well as
IP addresses, the ServerIron might select more than one firewall for the same pair of source and destination IP
addresses, when the traffic uses different pairs of source and destination application ports. Use the optional
parameters to ensure that the command’s output distinguishes among the selected firewalls based on the
application ports. Here is an example:
ServerIron# show fw-hash 1.1.1.1 2.2.2.2 2 6 80 8080
fw2
ServerIron# show fw-hash 1.1.1.1 2.2.2.2 2 6 80 9000
fw3