Table of Contents
Advertisement
As shown in
n
Subnet 1 includes all equipment between the exterior routers and dirty-side Web switches.
n
Subnet 2 includes the dirty-side Web switches with their interswitch link, and dirty-side
firewall interfaces.
n
Subnet 3 includes the clean-side firewall interfaces, and clean-side Web switches with
their interswitch link.
n
Subnet 4 includes all equipment between the clean-side Web switches and their servers.
In this network, external traffic arrives through both routers. Since VRRP is enabled, one of
the dirty-side Web switches acts as primary and receives all traffic. The dirty-side primary Web
switch performs FWLB in a fashion similar to basic FWLB: a redirection filter splits traffic
into multiple streams which are routed through the available firewalls to the primary clean-side
Web switch.
Just as with the basic method, four-subnet FWLB uses the hash metric to distribute firewall
traffic and maintain persistence, though other load-balancing metrics can be used by configur-
ing an additional Return to Sender (RTS) option (see
Four-Subnet FWLB Implementation
In this example, traffic between the redundant Web switches is load balanced among the avail-
able firewalls.
Internet
Figure 13-6 Four-Subnet FWLB Process
212777-A, February 2002
Figure
13-5, the network is divided into four sections:
Dirty Side
Subnet 1
1
Routers
Simple
Switches
Secondary
Web Switch
1. VRRP forces incoming traffic to converge on primary dirty-side Web switch
2. Firewall load balancing occurs between primary Web switches
3. Primary clean-side Web switch performs standard SLB
"Free-Metric FWLB" on page
Subnet 2
Subnet 3
Primary
2
Firewalls
Chapter 13: Firewall Load Balancing
Web OS 10.0 Application Guide
346).
Clean Side
Subnet 4
Primary
3
Simple
Switches
Secondary
Web Switch
Servers
n
327
Advertisement
Table of Contents
