Technical data
Configuring Basic FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 4 - 11
The following command configures an IP default route. The first two "0.0.0.0" portions of the address are the IP
address and network mask. Always specify zeroes when configuring an IP default route. The third value is the IP
address of the next-hop gateway for the default route. In most cases, you can specify the IP address of one of the
firewalls as the next hop. Specifying the default route is the Layer 3 equivalent of specifying the default gateway.
SI-External(config)# ip route 0.0.0.0 0.0.0.0 10.10.1.5
The following commands add the firewall definitions.
SI-External(config)# server fw-name fw1 10.10.1.5
SI-External(config-rs-fw1)# port http
SI-External(config-rs-fw1)# exit
SI-External(config)# server fw-name fw2 10.10.1.6
SI-External(config-rs-fw2)# port http
SI-External(config-rs-fw2)# exit
The following commands add the firewall definitions to the firewall port group.
SI-External(config)# server fw-group 2
SI-External(config-tc-2)# fw-name fw1
SI-External(config-tc-2)# fw-name fw2
The following commands add the paths through the firewalls to the other ServerIron. Each path consists of a path
number, a ServerIron port number, the IP address at the other end of the path, and the next-hop IP address. In this
example, the topology does not contain routers other than the ServerIrons. If your topology does contain other
routers, configure firewall paths for the routers too. For router paths, use the same IP address as the path
destination and the next hop.
NOTE: The path IDs must be in contiguous, ascending numerical order, starting with 1. For example, path
sequence 1, 2, 3 , 4 is valid. Path sequence 4, 3, 2, 1 or 1, 3, 4, 5 is not valid.
SI-External(config-tc-2)# fwall-info 1 4/1 10.10.2.222 10.10.1.5
SI-External(config-tc-2)# fwall-info 2 4/2 10.10.2.222 10.10.1.6
The following command sets the load balancing method to balance requests based on the firewall that has the
least number of connections for the requested service.
SI-External(config-tc-2)# fw-predictor per-service-least-conn
SI-External(config-tc-2)# exit
The following commands assign FWLB processing for all forwarding modules to the same WSM CPU. The device
uses the same CPU to process all FWLB traffic. You must assign all the traffic to the same WSM CPU. The
commands in this example assign traffic on the forwarding modules in slots 3 and 4 to WSM CPU 1 on the Web
Switching Management Module in slot 2.
SI-External(config)# wsm wsm-map slot 3 wsm-slot 2 wsm-cpu 1
SI-External(config)# wsm wsm-map slot 4 wsm-slot 2 wsm-cpu 1
NOTE: For simplicity, the configuration of the other ServerIron in this example does not include wsm wsm-map
commands. However, the commands you need to enter depend on the slot locations of the modules in the device
and the WSM CPU you want to use.
The following commands enable FWLB.
SI-External(config)# ip l4-policy 1 fw tcp 0 global
SI-External(config)# ip l4-policy 2 fw udp 0 global
The following command saves the configuration changes to the startup-config file.
SI-External(config)# write memory
Commands on the Internal ServerIron
ServerIron> enable
ServerIron# configure terminal
ServerIron(config)# hostname SI-Internal
SI-Internal(config)# vlan 10