Nortel Networks WEB OS 212777 User Manual
Page 338
Web OS 10.0 Application Guide
338
n
Chapter 13: Firewall Load Balancing
212777-A, February 2002
Complete the Configuration of the Primary Dirty-Side Web Switch
1.
Create an FWLB real server group on the primary dirty-side Web switch.
A real server group is used as the target for the FWLB redirection filter. Each IP address that is
assigned to the group represents a path through a different firewall. In this case, since two fire-
walls are used, two addresses are added to the group.
Earlier, it was stated that this example uses IF 2 on all Web switches whenever routing through
the top firewall, and IF 3 on all Web switches whenever routing through the lower firewall.
Therefore, the first address will represent the primary clean-side IF 2, and the second repre-
sents the primary clean-side IF 3.
Using the
hash
metric, all traffic between specific IP source/destination address pairs flows
through the same firewall, ensuring that sessions established by the firewalls are maintained
for their duration (persistence).
N
OTE
–
Other load balancing metrics, such as
leastconns
,
roundrobin
,
minmiss
,
response
, and
bandwidth
, can be used when enabling the Return to Sender (RTS) option.
“Free-Metric FWLB” on page 346
.
>> # /cfg/slb
>> # on
>> # real 1
>> # rip 10.10.3.1
>> # ena
>> # ../real 2
>> # rip 10.10.3.2
>> # ena
>> # ../group 1
>> # add 1
>> # add 2
>> # metric hash