Table of Contents
Advertisement
Web OS 10.0 Application Guide
Configure the Routers
The routers must be configured with a static route to the destination services being accessed by
the external clients.
In this example, the external clients intend to connect to services at a publicly advertised IP
address on this network. Since the real servers are load balanced behind a virtual server on the
clean-side Web switch using normal SLB settings, the routers require a static route to the vir-
tual server IP address. The next hop for this static route is the Web switch Virtual Interface
Router (VIR), which is in the same subnet as the routers:
Route Added: 10.10.4.100 (to clean-side virtual server) via 195.1.1.9 (Subnet 1 VIR)
Configure the Firewalls
Before you configure the Web switches, the firewalls must be properly configured. For incom-
ing traffic, each firewall must be configured with a static route to the clean-side virtual server,
using the VIR in its clean-side subnet as the next hop. For outbound traffic, each firewall must
use the VIR in its dirty-side subnet as the default gateway.
In this example, the firewalls are configured with the following IP addresses:
Table 2 Four-Subnet Firewall IP Address Configuration
Item
Firewall 1
Dirty-side IP interface
Clean-side IP interface
Default Gateway
Route Added
Firewall 2
Dirty-side IP interface
Clean-side IP interface
Default Gateway
Route Added
The firewalls must also be configured with rules that determine which types of traffic will be
forwarded through the firewall and which will be dropped. All firewalls participating in FWLB
must be configured with the same set of rules.
N
OTE
n
330
Chapter 13: Firewall Load Balancing
–
It is important to test the behavior of the firewalls prior to adding FWLB.
Address
10.10.2.3
10.10.3.3
10.10.2.9 (Subnet 2 VIR)
10.10.4.100 (virtual server) via 10.10.3.9 (Subnet 3 VIR)
10.10.2.4
10.10.3.4
10.10.2.9 (dirty-side VIR)
10.10.4.100 (virtual server) via 10.10.3.9 (Subnet 3 VIR)
212777-A, February 2002
Advertisement
Table of Contents
