Configuration Options
Using load balancing to support higher bandwidth in service provider environment
FortiDDoS v3.2 Installation Guide
28-320-183686-20130401
31
•
Figure 20:
Load balancing using FortiDDoS devices using sandwich topology
Refer to
, traffic flows through the FortiDDoS devices and the devices filter
the traffic in both directions.
FortiDDoS devices do not have IP addresses on VLANs. Instead, you configure alias IP
addresses on each switch interface to which the FortiDDoS device connects. The Load
Balancing Switches use the alias IP addresses to direct traffic to the correct FortiDDoS
device.
On the path to the intranet, Load Balancing Switch 1 (LBS1) balances traffic across
VLANs 101, 102, and 103 through the firewalls to Load Balancing Switch 2. On the
path to the Internet, Load Balancing Switch 2 (LBS2) balances traffic across VLANs
201, 202, and 203 through the FortiDDoS device to Load Balancing Switch 1. Each
Load Balancing Switch uses the alias IP addresses configured on the other Load
Balancing Switch as targets for the load-balancing process.
The LBS1 selects a FortiDDoS device based on source IP address using the hash
address source predictor. The LBS2 selects a FortiDDoS device based on the
destination IP address using the hash address destination predictor. This predictor
allows the LBS2 to select the same FortiDDoS device for return flows and buddy
connections such as in case of FTP.
Summary of Contents for FortiDDoS
Page 1: ...FortiDDoS v3 2 Installation Guide ...
Page 37: ......