Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
l
l
l
Firewall Load Balancing
Firewalls are the network guards that protect networks. They carefully checks packets on
networks; however, they are prone to be network bottleneck because of their limited
performance. If the existing devices are replaced to improve the forwarding performance,
resources are wasted. In addition, as the service volume increases, the devices needs to be
replaced frequently; the enterprise will incur high replacement costs.
Similar to server groups, a firewall group consists of multiple firewalls. The firewall group
allocates network traffic to the firewalls using the dynamic load balancing algorithm. This
reduces the burden of a single firewall and improves firewall reliability.
Compared with server load balancing, firewall load balancing is applied to bidirectional traffic,
ensuring that bidirectional traffic of one session passes through the same firewall.
Figure 6-4
Issue 01 (2012-03-15)
Server load balancing supported by the SPU identifies users and sends the same type of
requests from a user to one server. The session stickiness is especially suitable for electronic
commerce. That is, it ensures that all packets of a session are processed by the same server.
Active/Standby switchover between servers
To ensure user request forwarding when the selected server is Down, the SPU switches
user requests to an available backup server.
The SPU provides the following active/standby switchover functions:
– When the master server is unavailable, the SPU randomly selects an available backup
server from multiple backup servers.
– If all the backup servers are unavailable, the SPU sends user requests to another master
server again.
– Users is unaware of the active/standby switchover between servers.
Active/Standby switchover between server groups
The SPU supports the active/standby switchover between server groups. When the number
of active servers in the master server group is smaller than a certain threshold and the backup
server group contains active servers, the backup server groups can take over services. When
the number of active servers in the master server group increases to a certain value, services
are switched back to it.
If the thresholds are not set, the backup server group takes over services when all servers
in the master server group fail. When a server in the master server group becomes active,
services are switched back to it.
Server protection
The SPU protects servers by limiting the number connections to servers or server instances,
connection rate, and inbound/outbound bandwidth.
shows the typical networking of firewall load balancing.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6 Load Balancing Configuration
188
Advertisement
Table of Contents
