Working mechanism of firewall load balancing – H3C Technologies H3C SecPath F1000-E User Manual

5

1.

The host sends a request, with VSIP being the destination address.

2.

Upon receiving the request, the general device forwards it to LB device.

Note that the VSIP cannot be contained in an ARP request and response; therefore the general device

only forwards the request to the LB device.

3.

Upon receiving the request, the LB device uses an algorithm to calculate to which server it
distributes the request.

4.

The LB device distributes the request.

Note that the LB device encapsulates VSIP as the destination IP address, and the server’s MAC address

(obtained through ARP) as the destination MAC address. In this way, the request can be forwarded
normally to the server.

5.

The server receives and processes the request, and then sends a response.

Note that the destination IP address of the response is the host IP.

6.

After receiving the response, the general device forwards the response to the host.

Because the response is addressed to the host rather than the LB device, DR-mode server load balancing

is thus called.

Working Mechanism of Firewall Load Balancing

Figure 5 Network diagram for firewall load balancing

Firewall load balancing includes the following basic elements:

•

Cluster: A cluster consists of LB devices and firewalls to provide network traffic load balancing.

•

LB device: A device that distributes traffic from the request sender to multiple firewalls. LB devices fall

into level 1 LB devices and level 2 LB devices. In the above figure, if traffic is from Host A to Host B,
LB device A is level 1, and LB device B is level 2; if traffic is from Host B to Host A, LB Device B is level

1, and LB Device A is level 2.

•

Firewall: A firewall filters packets.