Web OS 10.0 Application Guide
318
n
Chapter 13: Firewall Load Balancing
212777-A, February 2002
4.
The firewalls decide if they should allow the packets and, if so, forwards them to a virtual
server on the clean-side Web switch.
Client requests are forwarded or discarded according to rules configured for each firewall.
N
OTE
–
Rule sets must be consistent across all firewalls.
5.
The clean-side Web switch performs normal SLB functions.
Packets forwarded from the firewalls are sent to the original destination address, that is, the vir-
tual server on the clean-side Web switch. There, they are load balanced to the real servers using
standard SLB configuration.
6.
The real server responds to the client request.
7.
Redirection filters on the clean-side Web switch balance responses among different IP
addresses.
Redirection filters are needed on all ports on the clean-side Web switch that attach to real serv-
ers or internal clients on the clean-side of the network. Filters on these ports redirect the Inter-
net-bound traffic to a real server group that consists of a number of different IP addresses. Each
IP address represents an IP interface on a different subnet on the dirty-side Web switch.
8.
Outbound traffic is routed to the firewalls.
Static routes are configured on the clean-side switch. One static route is needed for each stream
that was configured on the dirty-side Web switch. For instance, the first static route would be
configured to lead to the first dirty-side IP interface using the first firewall as the next hop. The
second static route would lead to the second dirty-side IP interface using the second firewall as
the next hop, and so on.
Since Web switches intelligently maintain state information, all traffic between specific IP
source/destination addresses flows through the same firewall, maintaining session persistence.
N
OTE
–
If Network Address Translation (NAT) software is used on the firewalls, FWLB ses-
sion persistence requires the RTS option to be enabled on the Web switch (see
9.
The firewall decides if it should allow the packet and, if so, forwards it to the dirty-side
Web switch.
Each firewall forwards or discards the server responses according to the rules that are config-
ured for it. Forwarded packets are sent to the dirty-side Web switch and out to the Internet.
10.
The client receives the server response.
Summary of Contents for Web OS 10.0
Page 26: ...Web OS 10 0 Application Guide 26 n Basic Switching Routing 212777 A February 2002...
Page 116: ...Web OS 10 0 Application Guide 116 n Web Switching Fundamentals 212777 A February 2002...
Page 168: ...Web OS 10 0 Application Guide 168 n Chapter 6 Server Load Balancing 212777 A February 2002...
Page 216: ...Web OS 10 0 Application Guide 216 n Chapter 8 Application Redirection 212777 A February 2002...
Page 288: ...Web OS 10 0 Application Guide 288 n Advanced Web Switching 212777 A February 2002...
Page 440: ...Web OS 10 0 Application Guide 440 n Chapter 16 Persistence 212777 A February 2002...
Page 470: ...Web OS 10 0 Application Guide 470 n Chapter 17 Bandwidth Management 212777 A February 2002...
Page 474: ...Web OS 10 0 Application Guide 474 n Glossary 212777 A February 2002...