Manualshelf

Network Router User Manual

ManualsBrandsNortel Networks ManualsNetwork RouterWEB OS 212777
331332333334335336337338339340
Web OS 10.0 Application Guide
338
Chapter 13: Firewall Load Balancing
212777-A, February 2002
Complete the Configuration of the Primary Dirty-Side Web Switch
1. Create an FWLB real server group on the primary dirty-side Web switch.
A real server group is used as the target for the FWLB redirection filter. Each IP address that is
assigned to the group represents a path through a different firewall. In this case, since two fire-
walls are used, two addresses are added to the group.
Earlier, it was stated that this example uses IF 2 on all Web switches whenever routing through
the top firewall, and IF 3 on all Web switches whenever routing through the lower firewall.
Therefore, the first address will represent the primary clean-side IF 2, and the second repre-
sents the primary clean-side IF 3.
Using the hash metric, all traffic between specific IP source/destination address pairs flows
through the same firewall, ensuring that sessions established by the firewalls are maintained
for their duration (persistence).
NOTE Other load balancing metrics, such as leastconns, roundrobin, minmiss,
response, and bandwidth, can be used when enabling the Return to Sender (RTS) option.
For more information, see Free-Metric FWLB on page 346.
>> # /cfg/slb
>> # on
>> # real 1
>> # rip 10.10.3.1
>> # ena
>> # ../real 2
>> # rip 10.10.3.2
>> # ena
>> # ../group 1
>> # add 1
>> # add 2
>> # metric hash