Cisco Cisco IOS Software Release 12.2(18)SXD
Features
10
Cisco IOS Release 12.2(18)SXD
IOS SLB firewall load balancing provides the following capabilities:
•
Connections initiated from either side of the firewall farm are load-balanced.
•
The load is balanced among a set of firewalls—the firewall farm.
•
All packets for a connection travel through the same firewall. Subsequent connections can be
“sticky,” ensuring that they are assigned to the same firewall.
“sticky,” ensuring that they are assigned to the same firewall.
•
Probes are used to detect and recover from firewall failures.
•
Redundancy is provided. Hot Standby Router Protocol (HSRP), stateless backup, and stateful
backup are all supported.
backup are all supported.
•
Multiple interface types and routing protocols are supported, enabling the external (Internet side)
load-balancing device to act as an access router.
load-balancing device to act as an access router.
•
Proxy firewalls are supported.
Home Agent Director
The Home Agent Director load balances Mobile IP Registration Requests (RRQs) among a set of home
agents (configured as real servers in a server farm). Home agents are the anchoring points for mobile
nodes. Home agents route flows for a mobile node to its current foreign agent (point of attachment).
agents (configured as real servers in a server farm). Home agents are the anchoring points for mobile
nodes. Home agents route flows for a mobile node to its current foreign agent (point of attachment).
The Home Agent Director has the following characteristics:
•
Can operate in dispatched mode or in directed server NAT mode, but not in directed client NAT
mode. In dispatched mode, the home agents must be Layer 2-adjacent to the IOS SLB device.
mode. In dispatched mode, the home agents must be Layer 2-adjacent to the IOS SLB device.
•
Can operate in both fast and CEF switching modes.
•
Does not support stateful backup. See the
for more
information.
•
Delivers RRQs destined to the virtual Home Agent Director IP address to one of the real home
agents, using the weighted round robin load-balancing algorithm. See the
agents, using the weighted round robin load-balancing algorithm. See the
for more information about this algorithm.
•
Requires DFP in order to allocate RRQs based on capacity.
For more information about Mobile IP, home agents, and related topics, refer to the Cisco IOS IP
Configuration Guide, Release 12.2.
Configuration Guide, Release 12.2.
Maximum Connections
IOS SLB allows you to configure maximum connections for server and firewall load balancing.
•
For server load balancing, you can configure a limit on the number of active connections that a real
server is assigned. If the maximum number of connections is reached for a real server, IOS SLB
automatically switches all further connection requests to other servers until the connection number
drops below the specified limit.
server is assigned. If the maximum number of connections is reached for a real server, IOS SLB
automatically switches all further connection requests to other servers until the connection number
drops below the specified limit.
•
For firewall load balancing, you can configure a limit on the number of active TCP or UDP
connections that a firewall farm is assigned. If the maximum number of connections is reached for
the firewall farm, new connections are dropped until the connection number drops below the
specified limit.
connections that a firewall farm is assigned. If the maximum number of connections is reached for
the firewall farm, new connections are dropped until the connection number drops below the
specified limit.
Multiple Firewall Farm Support
You can configure more than one firewall farm in each load-balancing device.