Cisco Cisco IOS Software Release 12.2(18)SXD

Page of 324
Cisco IOS Release 12.2(18)SXD
IOS SLB firewall load balancing provides the following capabilities:
Connections initiated from either side of the firewall farm are load-balanced.
The load is balanced among a set of firewalls—the firewall farm.
All packets for a connection travel through the same firewall. Subsequent connections can be 
“sticky,” ensuring that they are assigned to the same firewall.
Probes are used to detect and recover from firewall failures.
Redundancy is provided. Hot Standby Router Protocol (HSRP), stateless backup, and stateful 
backup are all supported.
Multiple interface types and routing protocols are supported, enabling the external (Internet side) 
load-balancing device to act as an access router.
Proxy firewalls are supported.
Home Agent Director
The Home Agent Director load balances Mobile IP Registration Requests (RRQs) among a set of home 
agents (configured as real servers in a server farm). Home agents are the anchoring points for mobile 
nodes. Home agents route flows for a mobile node to its current foreign agent (point of attachment).
The Home Agent Director has the following characteristics:
Can operate in dispatched mode or in directed server NAT mode, but not in directed client NAT 
mode. In dispatched mode, the home agents must be Layer 2-adjacent to the IOS SLB device.
Can operate in both fast and CEF switching modes.
Does not support stateful backup. See the 
 for more 
Delivers RRQs destined to the virtual Home Agent Director IP address to one of the real home 
agents, using the weighted round robin load-balancing algorithm. See the 
 for more information about this algorithm.
Requires DFP in order to allocate RRQs based on capacity.
For more information about Mobile IP, home agents, and related topics, refer to the Cisco IOS IP 
Configuration Guide
, Release 12.2.
Maximum Connections
IOS SLB allows you to configure maximum connections for server and firewall load balancing.
For server load balancing, you can configure a limit on the number of active connections that a real 
server is assigned. If the maximum number of connections is reached for a real server, IOS SLB 
automatically switches all further connection requests to other servers until the connection number 
drops below the specified limit.
For firewall load balancing, you can configure a limit on the number of active TCP or UDP 
connections that a firewall farm is assigned. If the maximum number of connections is reached for 
the firewall farm, new connections are dropped until the connection number drops below the 
specified limit.
Multiple Firewall Farm Support
You can configure more than one firewall farm in each load-balancing device.