Chapter 1
Benefits of FWLB
FWLB allows you to:
Transparent Routing Firewalls
For transparent FWLB, the load balancer receives a packet, makes a load
balancing decision, and forwards the packet to a firewall. The firewall
does not perform NAT on the packets; the source and destination IP
addresses are not changed.
Two load balancers are required for transparent FWLB, one on each side
of the firewalls. One device intercepts traffic between the WAN and the
firewall, and the second device intercepts traffic between the LAN and
the firewall.
Transparent routing firewalls act as a "next hop" device from the
perspective of the load balancer. After a firewall is selected in a load
balancing decision, normal routing to that firewall takes place.
The load balancers ensure that all packets belonging to a session pass
through the same firewall in both directions. The devices select a firewall
based on a symmetric hash function of the source and destination IP
addresses. This ensures that packets traveling between the same source
and destination IP addresses traverse the same firewall.
The following figure illustrates transparent FWLB.
5
•
Maximize firewall productivity.
•
Scale firewall performance.
•
Eliminate the firewall as a single point of failure.
Figure 1-2. Transparent Firewall Load Balancing
Avaya P330 Load Balancing Manager User Guide