Basic fwlb implementation, Basic fwlb implementation 317, Figure 13-3: basic fwlb process 317 – Nortel Networks WEB OS 212777 User Manual

Page 317

Advertising
background image

Web OS 10.0 Application Guide

Chapter 13: Firewall Load Balancing

n

317

212777-A, February 2002

Basic FWLB Implementation

In this example, traffic is load balanced among the available firewalls.

Figure 13-3 Basic FWLB Process

1.

The client requests data.

The external clients intend to connect to services at the publicly advertised IP address assigned
to a virtual server on the clean-side Web switch.

2.

A redirection filter balances incoming requests among different IP addresses.

When the client request arrives at the dirty-side Web switch, a filter redirects it to a real server
group that consists of a number of different IP addresses. This redirection filter splits the traffic
into balanced streams: one for each IP address in the real server group. For FWLB, each IP
address in the real server group represents an IP Interface (IF) on a different subnet on the
clean-side Web switch.

3.

Requests are routed to the firewalls.

On the dirty-side switch, one static route is needed for each traffic stream. For instance, the first
static route will lead to an IP interface on the clean-side Web switch using the first firewall as
the next hop. A second static route will lead to a second clean-side IP interface using the second
firewall as the next hop, and so on. By combining the redirection filter and static routes, traffic
is load balanced among all active firewalls.

All traffic between specific IP source/destination address pairs flows through the same fire-
wall, ensuring that sessions established by the firewalls persist for their duration.

N

OTE

More than one stream can be routed though a particular firewall. You can weight the

load to favor one firewall by increasing the number of static routes that traverse it.

"Dirty" Side

"Clean" Side

Internet

Firewalls

Servers

Web Switch

Client

Web Switch

3

4

5

8

7

6

1

2

9

10

1. Client sends a request
2. Redir filter selects upper or lower path
3. Static route directs request through
the selected firewall
4. Firewall forwards valid traffic
5. SLB selects an available server
6. Server responds

7. Redir filter selects reverse path
8. Static route directs response back
through the same firewall
9. Firewall forwards valid traffic
10. Client receives response

Advertising
Popular Brands
Popular manuals