3 monitoring ip policies, Monitoring ip policies -11, Ipx addresses -3 – Riverstone Networks WICT1-12 User Manual

Page 483

Advertising
background image

Riverstone Networks RS Switch Router User Guide Release 8.0 20-11

IP Policy-Based Forwarding Configuration

Monitoring IP Policies

On Policy Router 2, load balancing groups an ACL profile allows traffic to pass to the clients. IP policy configuration
will distribute the traffic across the two next hops (the firewalls) based on a hashing of the destination IP address (the
client’s address). The following is the configuration for Policy Router 2 in

Figure 20-4

.

Note

Although the configuration of the firewall devices are not shown here, you need
to ensure that services are allowed to pass through the firewall while providing site
security.

20.3 MONITORING IP POLICIES

The

ip-policy show

command reports information about active IP policies, including profile definitions, policy

configuration settings, and next-hop gateways. The command also displays statistics about packets that have matched
an IP policy statement as well as the number of packets that have been forwarded to each next-hop gateway.

! Create server VLAN
vlan create vServices ip id 10
vlan add ports et.1.1 to vServices
vlan add ports et.1.2 to vServices
vlan add ports et.1.3 to vServices
vlan add ports et.1.4 to vServices
! Create Firewall VLAN
vlan create vFirewall ip id 20
vlan add ports et.2.1 to vFirewall
vlan add ports et.2.2 to vFirewall
! Create interfaces
interface create ip iServices address-netmask 192.168.1.1/24 vlan vServices
interface create ip iFirewall address-netmask 13.1.1.1/24 vlan vFirewall
! Create ACL to allow server traffic to pass to clients
acl AclToClient permit ip any any any any
! Configure IP policy
ip-policy polToClient permit acl AclToClient next-hop-list “13.1.1.3 13.1.1.4”
action policy-only
ip-policy PolToClient apply interface iServices
ip-policy PolToClient set load-policy ip-hash sip
ip-policy PolToClient set pinger on
! Configure load balancing group for FTP on servers
load-balance create group-name MyFtp virtual-ip 12.1.1.1 virtual-port 21 protocol
tcp
load-balance add host to group 192.168.1.3 port 21 group-name MyFtp
load-balance add host to group 192.168.1.4 port 21 group-name MyFtp
! Configure load balancing group for HTML on servers
load-balance create group-name MyWeb virtual-ip 12.1.1.2 virtual-port 80 protocol
tcp
load-balance add host to group 192.168.1.3 port 80 group-name MyWeb
load-balance add host to group 192.168.1.4 port 80 group-name MyWeb

Advertising
Popular Brands
Popular manuals