Avaya P333R-LB 사용자 설명서
Chapter 14
Load Balancing in the P333R-LB
20
Avaya
P333R-LB User’s Guide
15.
Health Check
In order for the P333R-LB to perform a health check, an IP address beyond the
firewall should be configured as a health check address. The health check session
returns through the same firewall according to the NAT address it was given. For
information on configuration, see the configuration example.
firewall should be configured as a health check address. The health check session
returns through the same firewall according to the NAT address it was given. For
information on configuration, see the configuration example.
Persistency
As in the case of Transparent Routing Firewalls, Non-Transparent Routing
Firewalls perform Statefull Inspection on all packets going through them, checking
that all the packets of a given session traverse the same firewall in both directions.
In transparent FWLB, persistency is ensured by the Load Balancing device. In non-
transparent FWLB, the firewalls ensure persistency through NAT, and there is no
need for the Load Balancing device to intervene.
Firewalls perform Statefull Inspection on all packets going through them, checking
that all the packets of a given session traverse the same firewall in both directions.
In transparent FWLB, persistency is ensured by the Load Balancing device. In non-
transparent FWLB, the firewalls ensure persistency through NAT, and there is no
need for the Load Balancing device to intervene.
Bridging Firewall Load Balancing
This section explains how the P333R-LB supports Bridging FWLB, and includes a
configuration example.
configuration example.
Implementation
Bridging firewalls are firewalls that do not perform forwarding at the IP layer, but
rather appear as transparent bridges. Bridging firewalls are transparent to devices
inside and outside the secured network.
For bridging FWLB, the P333R-LBs have to be positioned on both sides of the
firewalls. The Bridging Firewall does not have an IP address or a MAC address to
which traffic is directed, therefore a Bridging Firewall has to physically appear on
the traffic path. Each P333R-LB load balances between IP interfaces of the peer
P333R-LB behind the firewall. In order for this to work, the P333R-LB has to have a
different VLAN and subnet for each firewall, and the physical ports connected to
the firewalls have to be on different VLANs as well. In addition, for each VLAN,
both load balancers must be in the same subnet. The Real Servers are IP interfaces of
the load balancer on the other side of the firewalls, not of the firewalls themselves.
rather appear as transparent bridges. Bridging firewalls are transparent to devices
inside and outside the secured network.
For bridging FWLB, the P333R-LBs have to be positioned on both sides of the
firewalls. The Bridging Firewall does not have an IP address or a MAC address to
which traffic is directed, therefore a Bridging Firewall has to physically appear on
the traffic path. Each P333R-LB load balances between IP interfaces of the peer
P333R-LB behind the firewall. In order for this to work, the P333R-LB has to have a
different VLAN and subnet for each firewall, and the physical ports connected to
the firewalls have to be on different VLANs as well. In addition, for each VLAN,
both load balancers must be in the same subnet. The Real Servers are IP interfaces of
the load balancer on the other side of the firewalls, not of the firewalls themselves.