beautypg.com

Firewall health checks, Firewall service monitoring, Physical link monitoring – Nortel Networks WEB OS 212777 User Manual

Page 351: Firewall health checks 351, Metho

background image

Web OS 10.0 Application Guide

Chapter 13: Firewall Load Balancing

n

351

212777-A, February 2002

Firewall Health Checks

Basic FWLB health checking is automatic. No special configuration is necessary unless you
wish to tune the health checking parameters. See

Chapter 10, “Health Checking

for details.

Firewall Service Monitoring

To maintain high availability, Web switches monitor firewall health status and send packets
only to healthy firewalls. There are two methods of firewall service monitoring: ICMP and
HTTP. Each Web switch monitors the health of the firewalls on a regular basis by pinging the
IP interfaces configured on its partner Web switch on the other side of the firewall.

If a Web switch IP interface fails to respond to a user-specified number of pings, it (and, by
implication, the associated firewall), is placed in a Server Failed state. At this time, the partner
Web switch stops routing traffic to that IP interface and, instead, distributes it across the
remaining healthy Web switch IP interfaces and firewalls.

When a Web switch IP interface is in the Server Failed state, its partner Web switch continues
to send pings to it at user-configurable intervals. After a specified number of successful pings,
the IP interface (and its associated firewall) is brought back into service.

For example, to configure the switch to allow one-second intervals between health checks or
pings, two failed health checks to remove the firewall, and four successful health checks to
restore the firewall to the real server group, use the following command:

Physical Link Monitoring

Web switches also monitor physical link status of switch ports connected to firewalls. If the
physical link to a firewall goes down, that firewall is placed immediately in the Server Failed
state. When a Web switch detects that a failed physical link to a firewall has been restored, it
brings the firewall back into service.

>> /cfg/slb/real

/inter 1/retry 2/restr 4

See also other documents in the category Nortel Networks Hardware: