Cisco Cisco IOS Software Release 12.2(14)ZA
Functions and Capabilities
15
Cisco IOS Release 12.2(14)ZA4
Maximum Connections
IOS SLB allows you to configure maximum connections for server and firewall load balancing.
•
For server load balancing, you can configure a limit on the number of active connections that a real
server is assigned. If the maximum number of connections is reached for a real server, IOS SLB
automatically switches all further connection requests to other servers until the connection number
drops below the specified limit.
server is assigned. If the maximum number of connections is reached for a real server, IOS SLB
automatically switches all further connection requests to other servers until the connection number
drops below the specified limit.
•
For firewall load balancing, you can configure a limit on the number of active TCP or UDP
connections that a firewall farm is assigned. If the maximum number of connections is reached for
the firewall farm, new connections are dropped until the connection number drops below the
specified limit.
connections that a firewall farm is assigned. If the maximum number of connections is reached for
the firewall farm, new connections are dropped until the connection number drops below the
specified limit.
Multiple Firewall Farm Support
You can configure more than one firewall farm in each load-balancing device.
Network Address Translation (NAT)
Cisco IOS NAT, RFC 1631, allows unregistered “private” IP addresses to connect to the Internet by
translating them into globally registered IP addresses. As part of this functionality, Cisco IOS NAT can
be configured to advertise only one address for the entire network to the outside world. This
configuration provides additional security and network privacy, effectively hiding the entire internal
network from the world behind that address. NAT has the dual functionality of security and address
conservation, and is typically implemented in remote access environments.
translating them into globally registered IP addresses. As part of this functionality, Cisco IOS NAT can
be configured to advertise only one address for the entire network to the outside world. This
configuration provides additional security and network privacy, effectively hiding the entire internal
network from the world behind that address. NAT has the dual functionality of security and address
conservation, and is typically implemented in remote access environments.
This section includes information about the following topics:
•
•
•
•
•
•
•
Session Redirection
Session redirection involves redirecting packets to real servers. IOS SLB can operate in one of two
session redirection modes, dispatched mode or directed mode.
session redirection modes, dispatched mode or directed mode.
Note
In both dispatched and directed modes, IOS SLB must track connections. Therefore, you must design
your network so that there is no alternate network path from the real servers to the client that bypasses
the load-balancing device.
your network so that there is no alternate network path from the real servers to the client that bypasses
the load-balancing device.