Avaya P333R-LB Application Manual page 7
Load balancing stackable switch
Hide thumbs
Also See for P333R-LB:
- Quick start installation manual (38 pages) ,
- User manual (404 pages) ,
- Installation and configuration manual (218 pages)
Advertisement
A p p l i c a t i o n 2 — F i r e w a l l
L o a d B a l a n c i n g
Firewalls can inherently constitute a bottleneck
since they are software-based. There is also the
issue of transparent availability: firewalls can act
as a single point of failure, causing severe problems
with Internet access.
The P333R-LB can be used to load-balance across
multiple routers and firewalls and overcome
these problems.
Implementing the P333R-LB removes the bottleneck
•
NAT (Network Address
since the load is distributed at hardware speed over
Translation)—allows
multiple firewalls.
you to use any IP
address within your
To ensure availability, the P333R-LB switches on
organization while
both sides of the firewall perform continuous health
only using legal
checks on the links to the firewall, the firewall itself,
IP addresses outside.
and each other.
This is useful when you
The two applications below show firewall load
have a limited number of
balancing in systems both with and without NAT
legal IP addresses (e.g.,
(Network Address Translation).
for ISPs).
Firewall Load Balancing – no NAT
Firewall Load Balancing – with NAT
Gigabit Ethernet
with LAG
Avaya P333R-LB
LAN
VRRP
Avaya P333R-LB
Gigabit Ethernet
with LAG
Avaya P333R-LB
LAN
VRRP
Avaya P333R-LB
No single point of failure. The doubling up of the key
components ensures that communication between
the LAN and Internet is always maintained.
If one P333R-LB fails, due to VRRP, the second
switch can instantaneously take over all load
balancing functions. If a firewall fails, then the
P333R-LB will transparently redirect all traffic
through the second firewall.
"No NAT" Application. In this case, there are pairs
of P333R-LB switches on each side of the firewalls.
This is necessary since sessions must travel across
the same firewall. If the session is sent to the
second firewall, it will be disconnected by the
"statefull" firewall. It is therefore important to
have the same load balancing decisions on both
sides of the firewall.
NAT Application. In this case, P333R-LB switches
are only required on the LAN side of the firewalls.
The session traffic coming from the Internet will
have the specific IP address of the firewall from
which the session started.
WAN Router
Avaya P333R-LB
IP
WAN Router
a
IP
b
Internet
Internet
5
Communication without boundaries
Advertisement
