Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/8
51525354555657585960
Firewall Load Balancing Guide
5 - 24 © 2012 Brocade Communications Systems, Inc. May 31, 2012
Configuring Active-Active HA FWLB with VRRP
NOTE: Layer 3 routing is supported only on ServerIron Chassis devices running software release 08.0.00 or
later.
This section shows examples of commonly used ServerIron IronClad FWLB deployments with Layer 3
configurations. The ServerIrons in these examples perform Layer 3 routing in addition to Layer 2 and Layer 4 – 7
switching.
Generally, the steps for configuring Layer 4 – 7 features on a ServerIron running Layer 3 are similar to the steps on
a ServerIron that is not running Layer 3. The examples focus on the Layer 3 aspects of the configurations.
This section contains the following configuration examples:
“Overview of Active-Active FWLB with VRRP” on page 5-24
NOTE: The IronClad FWLB configurations shown in these examples are the ones that are supported. If you
need to use the ServerIron’s Layer 3 routing support in a FWLB configuration that is not shown, contact Brocade
Communications Systems.
Overview of Active-Active FWLB with VRRP
Figure 5.3 shows an example of an active-active FWLB configuration that uses VRRP. Each pair of ServerIrons
provides redundant FWLB, while VRRP on the external pair of ServerIrons provides redundancy for the default
gateway address used by the client.
Figure 5.3 Active-Active FWLB with VRRP
SI-B
SI-A
Firewall-1
Firewall-2
Management
Station
Layer 2
Switch
SI-B
Client
10.10.6.99
10.10.6.2
Synchronization
Link
Additional
Data Link
Synchronization
Link
Additional
Data Link
10.10.2.30
Port 4/12
10.10.6.111
VRRP VRID 1
10.10.6.111
Port 4/12
10.10.6.112
VRRP VRID 1
10.10.6.111
Port 3/1
Port 3/1
Port 4/1
Port 4/1
Port 4/1
Port 4/1
Port 3/2 Port 3/2
Trunk Ports 3/5 - 3/6
T
runk Ports 3/5 - 3/6
IP: 10.10.1.1
MAC: 00e0.5201.0426
IP: 10.10.1.2
MAC: 00e0.5201.2180
IP: 10.10.2.1
MAC: 00e0.5201.042e
IP: 10.10.2.2
MAC: 00e0.5201.2188
T
runk Ports 3/5 - 3/6
T
runk Ports 3/5 - 3/6
SI-A
ServerIron SI-Ext-B
VLAN 1
VE 1: 10.10.1.112
ServerIron SI-Ext-A
VLAN 1
VE 1: 10.10.1.111
Port 4/12
10.10.6.111
VRRP VRID 1
10.10.6.111
ServerIron SI-Int-A
10.10.2.222
ServerIron SI-Int-B
10.10.2.223