beautypg.com

Nortel Networks WEB OS 212777 User Manual

Page 338

background image

Web OS 10.0 Application Guide

338

n

Chapter 13: Firewall Load Balancing

212777-A, February 2002

Complete the Configuration of the Primary Dirty-Side Web Switch

1.

Create an FWLB real server group on the primary dirty-side Web switch.

A real server group is used as the target for the FWLB redirection filter. Each IP address that is
assigned to the group represents a path through a different firewall. In this case, since two fire-
walls are used, two addresses are added to the group.

Earlier, it was stated that this example uses IF 2 on all Web switches whenever routing through
the top firewall, and IF 3 on all Web switches whenever routing through the lower firewall.
Therefore, the first address will represent the primary clean-side IF 2, and the second repre-
sents the primary clean-side IF 3.

Using the

hash

metric, all traffic between specific IP source/destination address pairs flows

through the same firewall, ensuring that sessions established by the firewalls are maintained
for their duration (persistence).

N

OTE

Other load balancing metrics, such as

leastconns

,

roundrobin

,

minmiss

,

response

, and

bandwidth

, can be used when enabling the Return to Sender (RTS) option.

For more information, see

“Free-Metric FWLB” on page 346

.

>> # /cfg/slb

>> # on

>> # real 1

>> # rip 10.10.3.1

>> # ena

>> # ../real 2

>> # rip 10.10.3.2

>> # ena

>> # ../group 1

>> # add 1

>> # add 2

>> # metric hash