Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsComputer equipment8/80
41424344454647484950
Switching and Routing
May 2012 © 2012 Brocade Communications Systems, Inc. 2 - 33
This command applies only to Layer 3 IP interfaces for use with IP forwarding.
The address | nat-address | standby-address parameter identifies the type of IP interface you are adding.
•The address parameter adds a standard IP interface. This option is applicable in most cases.
•The nat-address parameter applies to active-standby configurations. This parameter configures a shared IP
interface for use with SLB source NAT. Enter the same command with the same IP address on each of the
ServerIrons in the active-standby configuration. The address is active only on one ServerIron (the ServerIron
that is currently active) at a time.
NOTE: SLB source NAT is different from standard Network Address Translation (NAT).
•The standby-address parameter applies to active-standby configurations and allows both ServerIrons to
share the same router interface. One of the ServerIrons actively supports the interface while the other
ServerIron provides failover for the interface if the first ServerIron becomes unavailable. Real servers can use
the shared interface as their default gateway. Enter the same command with the same IP address on each of
the ServerIrons in the active-standby configuration. The address is active only on one ServerIron (the
ServerIron that is currently active) at a time.
The <ip-addr> parameter specifies the IP address.
The <ip-mask> parameter specifies a class-based (or “Classical”) IP sub-net mask.
The <mask-bits> parameter specifies the number of significant bits in a Classless Interdomain Routing (CIDR)
sub-net mask.
You can use either format to configure the interface. For example, both the following commands are valid and
produce the same result:
ip address 10.10.10.1 255.255.255.0
ip address 10.10.10.1/24
Configuring an IP Filter
You can use IP filters (or ACLs) to selectively control SLB and TCS traffic. The filters or ACLs can match on
source and destination IP address, network mask, and TCP/UDP port information.
All filters and ACLs are dynamic; they take place immediately for new connections and do not require a reboot of
the ServerIron. New filters or ACLs do not affect existing connections.
Each filter or ACL provides one of the following actions:
•Permit
For SLB, permits access to a virtual server (identified by VIP) or to a specific TCP/UDP port on the virtual
server.
For TCS, permits redirection of a client request to a cache server.
•Deny
For SLB, denies access to a virtual server (identified by VIP) or to a specific TCP/UDP port on the virtual
server. The packet is dropped.
For TCS, denies access to the cache server and instead sends the request out to the Internet. The
packet is not dropped.
By default, no filters or ACLs are configured on the ServerIron. All packets are implicitly permitted. However, as
soon as you add a filter or ACL, all packets that do not match the filter or ACL are implicitly denied. This behavior
ensures tighter control in filtered environments. To change this behavior so that all packets that do not match a
filter are permitted instead of denied, configure the last filter (1024) or ACL to permit any traffic.