Foundry Switch and Router Installation and Configuration Guide
8 - 26 December 2000
to the Internet, you can define TCS policy filters. TCS policy filters explicitly permit or deny cache access to web
traffic from a specific sub-net or IP address.
Load Balancing and Redundancy Features
The following sections describe the load balancing and redundancy features listed in Table 8.1 on page 8-2. For
more information about the ServerIron, see the Foundry ServerIron Installation and Configuration Guide.
Server Load Balancing (SLB)
Server Load Balancing (SLB) allows you to map one logical (virtual) server connection to multiple physical (real)
servers. Thus, a single IP address (virtual server IP address) can serve as the connection point for multiple TCP/
UDP services such as HTTP, FTP, and Telnet. These services can be located on a single server or across
multiple servers.
For additional information, see the Foundry ServerIron Installation and Configuration Guide.
Router Support for Globally-Distributed SLB
Foundry Layer 3 Switches contain a Layer 4 HTTP health check, which you can use to support globally-
distributed SLB. Globally-distributed SLB allows the same web site (and same IP address) to reside on multiple
servers, which usually are in geographically dispersed locations. You can use the Layer 3 Switch support for
globally-distributed SLB with Foundry’s ServerIron Layer 4 – 7 switch, with third-party SLBs, and even with
directly-connected web servers.
See “Route Health Injection” on page 26-1 for more information about this feature.
Firewall Load Balancing
Firewall load balancing enhances overall firewall performance by distributing traffic across multiple firewalls and
synchronizing the connections to eliminate unnecessary reauthentications.
To implement basic firewall load balancing, you configure two ServerIrons, one on each side of your firewalls.
• One of the ServerIrons is on the Internet side of the firewalls.
• The other ServerIron is on the private network side.
For added reliability, you can configure pairs of ServerIrons on each side of the firewalls. One of the ServerIrons
in each pair is active and performs the firewall load balancing. The other ServerIron remains in standby mode but
takes over if the active ServerIron becomes unavailable. Multiple zones are supported for networks that contain
Demilitarized Zones (DMZs) in addition to private networks.
See the “Configuring Firewall Load Balancing” chapter in the Foundry ServerIron Installation and Configuration
Guide for information.
Virtual Router Redundancy Protocol (VRRP)
The Virtual Router Redundancy Protocol (VRRP), described in RFC 2338, allows routers to be configured
together as a virtual router. Generally, a host configured to use a default router will lose its connection to the rest
of the network if the default router becomes unavailable. However, if you configure several routers as a VRRP
virtual router, and then use the virtual router as the default router for the hosts, the hosts receive uninterrupted
service even if one of the routers within the virtual router becomes unavailable.
One of the routers in the virtual router is the “active” or “master” router and handles the traffic sent to the virtual
router’s MAC address or IP address. The other routers remain in standby mode while the active router is
functioning.
If the active router becomes unavailable, one of the standby routers becomes the new active router. The new
active router uses the same virtual MAC address and virtual IP address as the previous master, so hosts are
unaware that a router has become unavailable. As far as the hosts are concerned, the MAC address and IP
address of the virtual router is still alive. You can fix the link or router problem off-line while network service
continues uninterrupted.