Chapter 14 Load Balancing in the P333R-LB

configuration example.

Persistency

Firewalls perform a Stateful Inspection on every session passing through them and drop a session if not all of its traffic passes through the same firewall. Therefore, when load-balancing between different firewalls, it is imperative that all traffic belonging to a given session traverses the same firewall.

The P333R-LB achieves this goal by implementing a sophisticated persistency mechanism, based on packet characteristics inspection. A symmetric hash function in each module is calculated based on the source and destination IP addresses. The P333R-LB assures that packets with the same characteristics traverse the same firewall in both directions throughout the session.

In the case where there are two P333R-LBs (one on each side of the firewalls), persistency is ensured only if each P333R-LB is configured so that they are compatable with each other. If they are not, and there is a change in the network that affects internal device decisions (for example, adding or removing a Real Server), persistency, or even the network connection, could be lost.

Non-Transparent Routing Firewall Load Balancing

This section explains how the P333R-LB supports non-Transparent Routing firewalls, and includes configuration examples as well.

Implementation

Non-Transparent Routing firewalls are firewalls that support dynamic NAT (Network Address Translation).

For non-Transparent FWLB, the load balancer receives an outgoing packet, makes a load balancing decision, and forwards the packet to a firewall. The firewall keeps a bank of IP addresses and replaces the source IP of the incoming packet (from the LAN) with a unique, yet arbitrary IP address from this bank. The firewall then forwards the packet to an edge router which routes it to the correct destination on the WAN.

For incoming packets, the unique NAT address is used as a destination IP to access the same firewall. The firewall performs reverse NAT by replacing the NAT destination address with the actual destination address (the client IP address), and then forwards the packet to the load balancer which routes the packet to its destination. No Load Balancing is performed on incoming packets.

For non-Transparent Routing FWLB, only one Load Balancing device is required. The device is positioned on the LAN (internal) side of the firewalls. Since the firewalls perform NAT, a Load Balancing device is not needed between the WAN and the firewalls.

As well, non-Transparent Routing FWLB can be configured using static NAT. In

16

Avaya P333R-LB User’s Guide

Page 157 Page 159
Page 158
Image 158
Avaya P333R-LB manual Persistency, Non-Transparent Routing Firewall Load Balancing, Implementation
Page 157 Page 159

P333R-LB specifications

The Avaya P333R-LB is a robust and versatile switch that is part of Avaya's portfolio aimed at enterprise networking solutions. This switch is designed to enhance the performance and scalability of network infrastructure while ensuring high availability and reliability.

One of the main features of the P333R-LB is its Layer 3 switching capability, which allows for efficient routing within an organization's network. This capability is particularly beneficial for organizations with multiple VLANs, as it simplifies the routing process and ensures that data packets are transmitted in the most efficient manner possible.

The P333R-LB is equipped with advanced Quality of Service (QoS) features to prioritize traffic based on the type of application being used. This ensures that critical applications, such as VoIP and video conferencing, receive the necessary bandwidth and low latency required for optimal performance. Additionally, it supports both IPv4 and IPv6 protocols, making it adaptable to a variety of networking environments.

Another important feature of the Avaya P333R-LB is its stackable design. This allows multiple switches to be interconnected, creating a single logical unit. This stacking capability not only simplifies management but also increases overall network capacity and redundancy. In case of a hardware failure, the stack can continue operating without interruption, maintaining network integrity and service continuity.

The switch also integrates advanced security features, including support for MAC filtering, access control lists, and port security. These features help to safeguard network resources from unauthorized access and potential threats. Moreover, the P333R-LB supports 802.1X port-based authentication, which adds an additional layer of security during user access to the network.

The Avaya P333R-LB comes with multiple Gigabit Ethernet ports, allowing for high-speed connectivity to devices such as servers, workstations, and IP phones. This ensures that all devices on the network can communicate effectively, supporting the demands of modern enterprise environments.

For management and monitoring, the P333R-LB offers a user-friendly web interface along with SNMP support, enabling network administrators to easily configure settings and monitor network performance. This simplicity in management is crucial for IT teams that need to ensure optimal network performance while minimizing downtime.

In summary, the Avaya P333R-LB is a feature-rich, scalable, and reliable switch that meets the needs of demanding enterprise networks. With its advanced technologies, QoS support, stackable design, robust security features, and high-speed connectivity options, the P333R-LB is positioned to support a wide range of applications and enhance overall network performance.
Top Page Image Contents