Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
31323334353637383940
Configuring HA FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 5 - 3
To change the UDP age timer, enter the server udp-age <num> command at the global CONFIG level of
the CLI.
NOTE: SLB uses the same values for the sticky age, TCP age, and UDP age timers. If you change a timer, the
change applies to both SLB and FWLB.
Health Checks
The ServerIron regularly checks the health of the firewall and router paths, and of the applications on the firewalls,
if you add applications to the firewall configurations.
Path Health Checks
One of the required FWLB parameters is a separate path from the ServerIron through each firewall to each of the
ServerIrons on the other side of the firewall. A path to the ServerIron’s gateway router also is required.
By default, the ServerIron performs a Layer 3 health check of each firewall and router path by sending an ICMP
ping packet on each path.
If the ServerIron receives a reply within the allowed amount of time, the ServerIron concludes that the path is
good.
If the ServerIron does not receive a reply within the allowed amount of time, the ServerIron concludes that the
path is down.
By default, the ServerIron waits 400 milliseconds for a reply to an ICMP health check packet. If the reply does not
arrive, the ServerIron makes two more attempts by default. Therefore, the total amount of time the ServerIron
waits for a response is 1.2 seconds by default.
You can increase the total amount of time the ServerIron will wait for a response by increasing the number of
attempts. The valid number of attempts is a value from 3 – 31.
The default maximum number of health check attempts is 3 and can be configured to a value from 3 – 31.
NOTE: You must configure the same path health check parameters on all the ServerIrons in the FWLB
configuration. Otherwise, the paths will not pass the health checks.
Application Health Checks
When you add firewall configuration information to the ServerIron, you also can add information for individual
application ports. Adding the application information is optional.
You can specify the following:
The application’s protocol (TCP or UDP) and port number
The Layer 4 health check state (enabled or disabled) for the application
Adding an application port provides the following benefits:
The ServerIron includes the source and destination port numbers for the application when it creates session
entry. Thus, adding the application port provides more granular load balancing.
The ServerIron checks the health of the TCP or UDP service used by the application, by sending a Layer 4
TCP or UDP health check to the firewall.
Layer 4 health checks are enabled by default. However, you can disable the Layer 4 health checks globally or on
individual application on individual firewalls.
The ServerIron performs the Layer 4 TCP and UDP health checks as follows:
TCP health check – The ServerIron checks the TCP port’s health based on a TCP three-way handshake: