Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00a
141142143144145146147148149150
Brocade ServerIron ADX Advanced Server Load Balancing Guide 137
53-1003441-01
Chapter
3
Pass-Through Flow Management
Pass-through flow management overview
Stateful devices, such as firewalls and Deep Packet Inspection (DPI) devices, require visibility into
both forward and reverse traffic flows to process them appropriately. These devices fail to function
if the network handles traffic asymmetrically.
Using the pass-through flow management feature, the ServerIron ADX supports stateful handling of
network flows while ensuring that it sends the reverse traffic to the same device that previously
forwarded it.
Pass-through flow management is a standalone feature and is applicable for TCP and UDP traffic
flows only. You can only combine it with the following ServerIron ADX features:
Access control list (ACL)
Layer 3 routing
Any global session management-related commands that affect the session in general and are
not specific to a specific feature; for example, the server tcp-age minutes and server udp-age
minutes commands
Configuring pass-through flow management
By default, pass-through flow management is disabled on the ServerIron ADX. You can enable it by
configuring it under a physical or virtual interface.
Under a physical interface, enter the following commands:
ServerIronADX(config)# interface ethernet 1/5
ServerIronADX(config-if-e10000-1/5)# flow-mgmt stick-to-sender
Under a virtual interface, enter the following commands:
ServerIronADX(config)# interface ve v1
ServerIronADX(config-vif-1)# flow-mgmt stick-to-sender
Syntax: [no] flow-mgmt stick-to-sender
Pass-through flow management only applies to traffic that arrives on the interface under which it is
enabled. The flow-mgmt stick-to-sender command only affects the traffic initiated from the
configured interface. For example, you configure the command on interface e1, but you do not
configure it on interface e2. If the client initiates a connection, and the traffic arrives on e1 and
leaves through e2, the ServerIron ADX tracks the traffic in both directions; the forward traffic flows
from e1 to e2 and the reverse traffic flows from e2 to e1. However, if the client initiates a
connection, and the traffic arrives on e2 and leaves through e1, the ServerIron ADX does not track
the traffic in both directions; the forward traffic flows from e2 to e1 and the reverse traffic flows
from e1 to e2.