Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

141

142

143

144

145

146

147

148

149

150

ServerIron ADX Firewall Load Balancing Guide 135

53-1002436-01

DRAFT: BROCADE CONFIDENTIAL

Chapter

Configuring FWLB and SLB

In this chapter

•Configuring SLB-to-FWLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

•Configuration example for SLB-to-FWLB . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

•Configuring FWLB-to-SLB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

•Configuration example for FWLB-to-SLB . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

•Supporting dual homed servers in FWLB design . . . . . . . . . . . . . . . . . . . . 152

FWLB and SLB configuration overview

NOTE

This chapter shows basic FWLB configurations with Layer 3 firewalls. Currently, these are the

configurations supported by the ServerIron. If you need to perform concurrent SLB and FWLB in a

different type of FWLB configuration, contact Brocade.

You can configure the ServerIron ADX to concurrently perform FWLB and SLB at the same time. The

software supports the following configurations:

• SLB-to-FWLB – The ServerIron ADX on the Internet side of the firewalls performs FWLB for

traffic directed toward real servers connected to the ServerIron ADX on the private side of the

firewalls. In this configuration, all the SLB configuration (virtual IP address, real server, and

port bindings) resides on the Internet ServerIron ADX. The real servers are configured as

remote servers. In addition, the SLB-to-FWLB feature is enabled on the Internet ServerIron

ADX. The internal ServerIron ADX is configured for FWLB but requires no additional

configuration.

• FWLB-to-SLB – The internal ServerIron ADX (the one on the private side of the firewalls)

contains all the SLB configuration information. In this configuration, the FWLB-to-SLB feature is

enabled on this ServerIron ADX rather than the Internet ServerIron ADX. This configuration

enables the internal ServerIron ADX to learn the firewall from which a client request is received

and send the server reply back through the same firewall.

Your choice of implementation depends on the ServerIron ADX you want to use for the SLB

configuration. Use SLB-to-FWLB if you want to place the SLB configuration on the Internet

ServerIron ADX. Use FWLB-to-SLB is you want to place the SLB configuration on the internal

ServerIron ADX.

NOTE

In FWLB HA configurations, sym-priority should not be configured under the virtual servers when

both FWLB and SLB are configured. In FWLB HA configurations, the ServerIron ADX ADX that is active

for the firewall group is also the owner of the virtual servers configured.