Solved: Re: Firewall Loadbalancing with IOS SLB

michael.kopp · ‎08-29-2005

Hi all,

I have a small problem regardin IOS SLB as firewall loadbalancer.

Let`s say I have a firewallfarm with IOS SLB between FWs and Internetgatway.

When I deploy this scenario with CSM, I have to configure reals for my firewalls and a real for my internet gateway.

Now I looked at the configs for the same with IOS SLB. There I only configure reals for Firewalls, but I don`t have to configure a real for the Internetgateway.

So now my questions, how does the IOS SLB firewall loadbalancer know how to forward the packet to the Internet Gateway ? Does it utilize the Routing table / CEF table and does a lookup for the next-hop there ? If yes, let`s say I use the "interface awareness" feature in 12.2.18SXE, and my interfaces are associated with different VRFs, does IOS SLB look then in the CEF table for the corresponding VRF ?

Hope somebody can answer this to me

Regards

Michael

Gilles Dufour · ‎08-29-2005

the ios slb is a feature of the ios, so all forwarding decision is based on the routing table.

For FWLB to work, you need to create at least 1 static route pointing to one of the real.

ios slb will assume all other reals handle the traffic for this destination as well and it will loadbalance the traffic between all the reals.

If your internet gateway is not part of the firewallfarm, all routes pointing to your internet gateway will be handled as before.

Regarding VRF, I'm not sure if ios slb will work with VRF.

You can try a 'sho ip slb wildcard' to see what traffic will be processed by ios slb.

If traffic comes in on a vrf interface, I don't think it can be slb processed.

Regards,

Gilles.

View solution in original post

Gilles Dufour · ‎08-29-2005