Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
21222324252627282930
ServerIron FWLB Overview
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 3 - 11
1. In releases 07.2.xx and 08.x.xx, global firewall policies must be configured for FWLB. Beginning with release
09.3.01, firewall policies are not required. Instead of firewall polices, you must configure the client-interface
and server-interface commands on the interfaces to distribute traffic to WSM CPUs. Refer to the Release
Notes for release 09.0.00 or to the ServerIron Chassis L4-7 Configuration Guide for more information on
these two commands.
2. Rules for configuring external and internal ServerIrons in a FWLB only configuration:
•The server-interface command is required on interfaces connected to firewalls.
•The client-interface command is required on interfaces connected to routers and clients.
In high availability configurations, the server-interface and the client-interface commands should not
be configured on interfaces used for session synchronization and firewall partner ports.
You may connect hosts (which can act as clients or servers) directly to ServerIrons. The client-
interfaces command must be enabled on all the interfaces connected to these hosts.
3. Rules for External SLB+FWLB configuration, where SLB+FWLB are configured on the external ServerIron
and FWLB is configured on the internal ServerIron):
When configuring internal and external ServerIrons, follow the rules described in Step 2 above. They
apply to both external and internal ServerIrons.
Typically, real servers are not attached to external ServerIrons in this configuration. If the configuration
requires real servers to be attached to external ServerIrons, the server-interface command should be
enabled on interfaces connected to servers.
4. Rules for Internal SLB+FWLB configuration, where SLB+FWLB are configured on the internal ServerIron and
FWLB on the external ServerIron):
On the external ServerIrons, follow the rules described in Step 2 above.
On the internal ServerIrons, the client-interfaces command should be enabled on interfaces connected
to firewalls. The server-interfaces command should be enabled on all the interfaces connected to real
servers.
If there are any remote servers, the server-interfaces command should be enabled on the interface
connected to next hop router.
In high availability configurations, both the client-interface and the server-interface command should
not be configured on interfaces used for session synchronization and firewall partner ports.
•The client-interfaces command should be enabled on Interfaces connected to clients that are directly
attached to internal ServerIrons.
Configuration Guidelines for FWLB in JetCore system
Beginning with this release, firewall policies are not required for FWLB configuration. Also, you do not need to
configure the client-interface and server-interface commands. Traffic will be distributed to WSM CPUs
according to the Layer4-7 CAM entries created for FWLB and SLB.