Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual page 51

When used for creating Layer-2 segmentation among SLB domains, this feature ensures that traffic
from one SLB domain destined to another SLB domain goes through the upstream gateway and is
not switched locally. This ensures that every packet between a client and server has to go through
the ServerIron ADX for load-balancing.
Figure 1
example when traffic from "Domain1" is bound for"Domain2" it is translated from VLAN 2 to VLAN
12 at the ServerIron ADX. It is then able to reach the "Gateway" on VLAN 12. The return traffic from
the "Gateway" leaves on VLAN 13 and is translated to VLAN 3 at the ServerIron ADX. It is then able
to reach "Domain2" on VLAN 3.
FIGURE 1
The topology described in
in Figure
FIGURE 2
ServerIron ADX Security Guide
53-1002440-03
is an example of the VLAN bridging feature deployed in a one-armed topology. In this
VLAN bridging in a one-armed topology
ServerIron ADX
Vlan -Bridging
2-12, 3-13, 4-14
Vlan 2
Domain1
Figure 1
2.
VLAN bridging in a one-armed topology in High Availability configuration (hot-standby)
Gateway
Vlans
12, 13, 14
Layer-2
Vlans
2, 3, 4, 12, 13, 14
Switch
Vlan 3
Domain2
can be implemented in the hot-standby configuration as shown
Traffic segmentation
Vlan 4
Domain3
1
37