Technical data
Configuring Multizone FWLB
May 31, 2012 © 2012 Brocade Communications Systems, Inc. 6 - 31
The following commands set the load balancing method to balance requests based on the firewall that has the
least number of connections for the requested service. For example, the ServerIron will load balance HTTP
requests based on the firewall that has fewer HTTP session entries in the ServerIron session table.
Zone1-SI-A(config-tc-2)# fw-predictor per-service-least-conn
Zone1-SI-A(config-tc-2)# exit
The following commands configure standard IP ACLs for the IP sub-nets in one of the zones this ServerIron is not
in.
Zone1-SI-A(config)# access-list 2 permit 10.10.2.0 0.0.0.255
Zone1-SI-A(config)# access-list 2 permit 10.10.8.0 0.0.0.255
The following commands configure the zone parameters. To configure a zone, specify a name for the zone, then a
zone number (from 1 – 10), followed by the number of the ACL that specifies the IP addresses in the zone. In this
example, the ACL numbers and zone numbers are the same, but this is not required.
Zone1-SI-A(config)# server fw-group 2
Zone1-SI-A(config-tc-2)# fwall-zone Zone2 2 2
Zone1-SI-A(config-tc-2)# exit
The following commands configure the SLB information. Each of the servers in zones 2 and 3 is added as a real
server, then the servers are bound to a VIP. The servers are added using the server remote-name command
instead of the server real-name command because the servers are not directly connected to the ServerIron.
Instead, they are connected to the ServerIron through other routers (in this case, the firewalls).
Zone1-SI-A(config)# server remote-name web1 10.10.8.40
Zone1-SI-A(config-rs-web1)# port http
Zone1-SI-A(config-rs-web1)# exit
Zone1-SI-A(config)# server remote-name web2 10.10.8.42
Zone1-SI-A(config-rs-web2)# port http
Zone1-SI-A(config-rs-web2)# exit
Zone1-SI-A(config)# server remote-name web3 10.10.6.41
Zone1-SI-A(config-rs-web3)# port http
Zone1-SI-A(config-rs-web3)# exit
Zone1-SI-A(config)# server remote-name web4 10.10.6.43
Zone1-SI-A(config-rs-web4)# port http
Zone1-SI-A(config-rs-web4)# exit
Zone1-SI-A(config)# server virtual www.web.com 10.10.1.10
Zone1-SI-A(config-vs-www.web.com)# port http
Zone1-SI-A(config-vs-www.web.com)# bind http web1 http web2 http web3 http web4 http
Zone1-SI-A(config-vs-www.web.com)# exit
The following command enables SLB-to-FWLB.
Zone1-SI-A(config)# server slb-fw
The following commands enable FWLB.
Zone1-SI-A(config)# ip l4-policy 1 fw tcp 0 global
Zone1-SI-A(config)# ip l4-policy 2 fw udp 0 global
The following command saves the configuration changes to the startup-config file.
Zone1-SI-A(config)# write memory
Commands on Zone 1’s Standby ServerIron (Zone1-SI-S)
ServerIron> enable
ServerIron# configure terminal
ServerIron(config)# hostname Zone1-SI-S
Zone1-SI-S(config)# vlan 1
Zone1-SI-S(config-vlan-1)# always-active
Zone1-SI-S(config-vlan-1)# exit
Zone1-SI-S(config)# vlan 2
Zone1-SI-S(config-vlan-2)# always-active
Zone1-SI-S(config-vlan-2)# tagged ethernet 4/11 to 4/12