Nortel Networks WEB OS 212777 User Manual
Page 320
Web OS 10.0 Application Guide
320
n
Chapter 13: Firewall Load Balancing
212777-A, February 2002
3.
Configure the clean-side IP interface as if they were real servers on the dirty side.
Later in this procedure, you’ll configure one clean-side IP interface on a different subnet for
each firewall path being load balanced. On the dirty-side Web switch, create two real servers
using the IP address of each clean-side IP interface used for FWLB.
N
OTE
–
Each of the four interfaces used for FWLB (two on each Web switch) in this example
must be configured for a different IP subnet.
4.
Place the IP interface real servers into a real server group.
5.
Set the health check type for the real server group to ICMP.
6.
Set the load-balancing metric for the real server group to
hash
.
Using the
hash
metric, all traffic between specific IP source/destination address pairs flows
through the same firewall. This ensures that sessions established by the firewalls are main-
tained for their duration.
N
OTE
–
Other load balancing metrics such as
leastconns
,
roundrobin
,
minmiss
,
response
, and
bandwidth
can be used when enabling the Return to Sender (RTS) option.
“Free-Metric FWLB” on page 346
.
7.
Enable SLB on the switch.
>> IP Interface 3# /cfg/slb/real 1
(Select real server 1)
>> Real server 1# rip 10.1.3.1
(Assign clean-side IF 2 address)
>> Real server 1# ena
(Enable real server 1)
>> Real server 1# ../real 2
(Select real server 2)
>> Real server 2# rip 10.1.4.1
(Assign clean-side IF 3 address)
>> Real server 2# ena
(Enable real server 1)
>> Real server 2# /cfg/slb/group 1
(Select real server group 1)
>> Real server group 1# add 1
(Add real server 1 to group 1)
>> Real server group 1# add 2
(Add real server 2 to group 1)
>> Real server group 1# health icmp
(Select ICMP as health check type)
>> Real server group 1# metric hash
(Select SLB hash metric for group 1)
>> Real server group 1# /cfg/slb/on