для Cisco Cisco IOS Software Release 12.2(18)SXF
11
IOS Server Load Balancing Feature in IOS Release 12.2(18)SXF7
Features
•
Requires DFP in order to allocate RRQs based on capacity.
For more information about Mobile IP, home agents, and related topics, refer to the Cisco IOS IP
Configuration Guide, Release 12.2.
Configuration Guide, Release 12.2.
Interface Awareness
Some environments require IOS SLB on both sides of a farm of CSGs, SSGs, or firewalls. For example,
you might want IOS SLB to perform RADIUS load balancing on one side of a farm and firewall load
balancing on the other, or firewall load balancing on both sides of a firewall farm.
you might want IOS SLB to perform RADIUS load balancing on one side of a farm and firewall load
balancing on the other, or firewall load balancing on both sides of a firewall farm.
Such “sandwich” environments require IOS SLB to take into account the input interface when mapping
packets to virtual servers, firewall farms, connections, and sessions. In IOS SLB, this function is called
interface awareness. When interface awareness is configured, IOS SLB processes only traffic arriving
on configured access interfaces. (An access interface is any Layer 3 interface.)
packets to virtual servers, firewall farms, connections, and sessions. In IOS SLB, this function is called
interface awareness. When interface awareness is configured, IOS SLB processes only traffic arriving
on configured access interfaces. (An access interface is any Layer 3 interface.)
Maximum Connections
IOS SLB allows you to configure maximum connections for server and firewall load balancing.
•
For server load balancing, you can configure a limit on the number of active connections that a real
server is assigned. If the maximum number of connections is reached for a real server, IOS SLB
automatically switches all further connection requests to other servers until the connection number
drops below the specified limit.
server is assigned. If the maximum number of connections is reached for a real server, IOS SLB
automatically switches all further connection requests to other servers until the connection number
drops below the specified limit.
•
For firewall load balancing, you can configure a limit on the number of active TCP or UDP
connections that a firewall farm is assigned. If the maximum number of connections is reached for
the firewall farm, new connections are dropped until the connection number drops below the
specified limit.
connections that a firewall farm is assigned. If the maximum number of connections is reached for
the firewall farm, new connections are dropped until the connection number drops below the
specified limit.
Multiple Firewall Farm Support
You can configure more than one firewall farm in each load-balancing device.
Network Address Translation (NAT)
Cisco IOS NAT, RFC 1631, allows unregistered “private” IP addresses to connect to the Internet by
translating them into globally registered IP addresses. As part of this functionality, Cisco IOS NAT can
be configured to advertise only one address for the entire network to the outside world. This
configuration provides additional security and network privacy, effectively hiding the entire internal
network from the world behind that address. NAT has the dual functionality of security and address
conservation, and is typically implemented in remote access environments.
translating them into globally registered IP addresses. As part of this functionality, Cisco IOS NAT can
be configured to advertise only one address for the entire network to the outside world. This
configuration provides additional security and network privacy, effectively hiding the entire internal
network from the world behind that address. NAT has the dual functionality of security and address
conservation, and is typically implemented in remote access environments.
This section includes information about the following topics:
•
•
•
•
•
•
•