Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
21222324252627282930
Firewall Load Balancing Guide
4 - 6 © 2012 Brocade Communications Systems, Inc. May 31, 2012
ServerIronB(config)# static-mac-address abcd.4321.34e3 ethernet 2 high-priority
router-type
ServerIronB(config)# ip policy 1 fw tcp 0 global
ServerIronB(config)# ip policy 2 fw udp 0 global
ServerIronB(config)# write memory
Configuration Examples with Layer 3 Routing Support
NOTE: Layer 3 routing is supported only on ServerIron Chassis devices running software release 08.0.00 or
later.
This section shows examples of commonly used ServerIron basic FWLB deployments with Layer 3 configurations.
The ServerIrons in these examples perform Layer 3 routing in addition to Layer 2 and Layer 4 – 7 switching.
Generally, the steps for configuring Layer 4 – 7 features on a ServerIron running Layer 3 are similar to the steps on
a ServerIron that is not running Layer 3. The examples focus on the Layer 3 aspects of the configurations.
This section contains the following configuration examples:
“Basic FWLB with One Sub-Net and One Virtual Routing Interface” on page 4-6
“Basic FWLB with Multiple Sub-Nets and Multiple Virtual Routing Interfaces” on page 4-9
NOTE: The basic FWLB configurations shown in these examples are the ones that are supported. If you need to
use the ServerIron’s Layer 3 routing support in a FWLB configuration that is not shown, contact Brocade
Communications Systems.
Basic FWLB with One Sub-Net and One Virtual Routing Inter-
face
Figure 4.1 shows an example of a basic FWLB configuration in which each ServerIron is in only one sub-net. On
each ServerIron, a virtual routing interface is configured on all the ports in VLAN 1 (the default VLAN), and an IP
sub-net address is configured on the virtual routing interface.
The ServerIron supports dynamic routing protocols, including RIP and OSPF. However, some firewalls do not
support dynamic routing and instead require static routes. The network in this example assumes that the firewalls
do not support dynamic routing. Since the network uses static routes, each ServerIron is configured with an IP
default route that uses one of the firewall interfaces as the next hop for the route.
In addition, the client and server in this network each use a firewall interface as the default gateway. When this is
the case, you need to do one of the following:
Configure each ServerIron with static MAC entries for the firewall interfaces. This example uses the static
entries.
Configure the clients and servers to use the ServerIron itself as the default gateway.