Technical data
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 5 - 1
Chapter 5
Configuring HA FWLB
High Availability (HA) FWLB allows the ServerIron Chassis device to actively load balance traffic and provide
enhanced performance. This chapter contains the following sections:
• “Understanding ServerIron FWLB” on page 5-1
• “Configuring HA Active-Active FWLB” on page 5-4
• “Configuring New Active-Active HA FWLB” on page 5-17
• “Configuring Active-Active HA FWLB with VRRP” on page 5-24
Understanding ServerIron FWLB
This section contains the following sections:
• “Stateful FWLB” on page 5-1
• “Layer 3/4 Sessions” on page 5-2
• “Session Limits” on page 5-2
• “Session Aging” on page 5-2
• “Health Checks” on page 5-3
• “Path Health Checks” on page 5-3
• “Application Health Checks” on page 5-3
Stateful FWLB
FWLB on ServerIron Chassis devices is always stateful. A ServerIron performs stateful FWLB by creating and
using session entries for source and destination traffic flows and associating each flow with a specific firewall.
When a ServerIron receives a packet that needs to go through a firewall, the ServerIron checks to see whether it
has an existing session entry for the packet.
• If the ServerIron does not have a session entry with the packet’s source and destination addresses, the
ServerIron creates one. To create the session entry, the ServerIron selects the firewall that has the fewest
open sessions with the ServerIron and associates the source and destination addresses of the packet with
that firewall.
The ServerIron also sends the session information to the other ServerIron in the high-availability pair, so that