Methods used to deploy load balancers and firewalls

8

Load balancers and firewalls can be attached to the core switches directly or indirectly. Indirect attachment is recommended.
(1) If load balancers and firewalls are attached directly to the core switches, all traffic will pass through them even if unnecessary. This wastes interface bandwidth, increases the risk of network faults, and makes subsequent expansion inconvenient. The advantage is that network speed will be high.
(2) If load balancers and firewalls are attached indirectly to the core switches, only part of the traffic will be transmitted to the corresponding load balancers and firewalls after you configure routing policies or dynamic routing instances on the core switches. This reduces the traffic and the risk of network faults, and makes subsequent expansion and optimization more convenient. The disadvantage is that the network will be slower.

Other related questions:
Methods used to implement virtual load balancing
Currently, virtual and physical SVN load balancing can be implemented. vLB is used to balance the load of multiple WIs. Physical LB balances the load of WIs to prevent a large number of users from accessing the same WI.

Load balancing
The functions and meanings of load balancing are described as follows: When multiple routes have the same routing protocol preference and metric, these routes are called equal-cost routes, among which load balancing can be implemented. Routers support the multi-route mode, allowing you to configure multiple routes with the same destination and preference. If the destinations and costs of multiple routes discovered by the same routing protocol are the same, load balancing can be performed among the routes. Run the maximum load-balancing number command in the views of various protocols to implement load balancing. Load balancing falls into the following two modes: -Packet-by-packet When the packet-by-packet load balancing is configured, firewalls at the network layer forward packets to the same destination through various equal-cost paths. That is, switches always choose the next hop address that is different from the last one to send packets. -Session-by-session When session-by-session load balancing is configured, firewalls forward packets according to the source address, destination address, source port, destination port, and protocol contained in the packets. When the five factors are the same, firewalls always choose the same next hop address as the last one used to send the packets.

Does the firewall support load balancing?
The firewall supports load balancing.

Configuring load-balancing equivalent routes for USG firewalls
The load-balancing equivalent routes for USG firewalls are configured as follows: Configure load balancing of equivalent routes on the web UI as follows: 1. Choose Route > Static > Equivalent Route. Configure the source IP address, destination IP address, source port, and destination port for the load-balancing equipment route. 2. Calculate a value based on the source IP address, destination IP address, and port number. Packets with the same value are forwarded over the same link. 3. Click Apply. Configure load balancing of equivalent routes in CLI mode as follows: 1. Configure the per-flow load balancing. a. Run the system-view command to enter the system view. b. Run the load-balance flow hash { destination-ip | destination-port | source-ip | source-port } * command to configure the link according to the Hash algorithm. c. Run the interface interface-type interface-number command to enter the interface view. d. Run the route weight weight-value command to configure the load-balancing weight. The larger the load-balancing weight of the interface, the large the traffic borne by the interface. The default value is 1. e. Run the quit command to return to the system view. 2. Configure the per-packet load balancing (Note: Generally, this mode is not used by firewalls). a. Run the system-view command to enter the system view. b. Run the load-balance packet command to configure per-packet load balancing to forward IP packets. c. Run the interface interface-type interface-number command to enter the interface view. d. Run the route weight weight-value command to configure the load-balancing weight. The larger the load-balancing weight of the interface, the large the traffic borne by the interface. The default value is 1. e. Run the quit command to return to the system view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top