Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
31323334353637383940
Firewall Load Balancing Guide
5 - 4 © 2012 Brocade Communications Systems, Inc. May 31, 2012
The ServerIron sends a TCP SYN packet to the port on the firewall.
The ServerIron expects the firewall to respond with a SYN ACK.
If the ServerIron receives the SYN ACK, the ServerIron sends a TCP RESET, satisfied that the TCP port
is alive.
UDP health check – The ServerIron sends a UDP packet with garbage (meaningless) data to the UDP port:
If the firewall responds with an ICMP “Port Unreachable” message, the ServerIron concludes that the
port is not alive.
If the server does not respond at all, the ServerIron assumes that the port is alive and received the
garbage data. Since UDP is a connectionless protocol, the ServerIron and other clients do not expect
replies to data sent to a UDP port. Thus, lack of a response indicates a healthy port.
Configuring HA Active-Active FWLB
This section contains the following sections:
“Overview of Active-Active FWLB” on page 5-4
“Configuring the Management IP Address and Default Gateway” on page 5-6
“Configuring the Partner Port” on page 5-7
“Configuring the Additional Data Link (the Always-Active Link)” on page 5-7
“Configuring the Router Port” on page 5-7
“Configuring the Additional Data Link (the Always-Active Link)” on page 5-7
“Configuring the Router Port” on page 5-7
“Configuring the Firewalls” on page 5-8
“Adding the Firewalls” on page 5-8
“Changing the Maximum Number of Sessions” on page 5-9
“Connection Rate Control” on page 5-9
“Limiting the Number of New Connections for an Application” on page 5-9
“Adding the Firewalls to the Firewall Group” on page 5-10
“Changing the Load-Balancing Method” on page 5-10
“Hashing Load Balance Metric in FWLB” on page 5-10
“Enabling the Active-Active Mode” on page 5-11
“Configuring the Paths and Static MAC Address Entries” on page 5-11
“Dropping Packets When a Firewall Reaches Its Limit” on page 5-12
“Restricting TCP Traffic to a Firewall to Established Sessions” on page 5-12
“Assigning FWLB Processing to a WSM CPU” on page 5-12
“Enabling FWLB” on page 5-13
“Complete CLI Example” on page 5-13
Overview of Active-Active FWLB
Active-Active operation provides redundancy in case a ServerIron becomes unavailable, while enhancing
performance by using both ServerIrons to process and forward traffic.