Filter
Top Products
Avaya P333R-LB
WAN Router
Avaya P333R-LB
Gigabit Ethernet
with LAG
Avaya P333R-LB
VRRP
LAN
Internet
WAN Router
Avaya P333R-LB
Gigabit Ethernet
with LAG
Avaya P333R-LB
IP
a
IP
b
VRRP
LAN
Internet
Communication without boundaries
Application 2—Firewall
Load Balancing
Firewalls can inherently constitute a bottleneck
since they are software-based. There is also the
issue of transparent availability: firewalls can act
as a single point of failure, causing severe problems
with Internet access.
The P333R-LB can be used to load-balance across
multiple routers and firewalls and overcome
these problems.
Implementing the P333R-LB removes the bottleneck
since the load is distributed at hardware speed over
multiple firewalls.
To ensure availability, the P333R-LB switches on
both sides of the firewall perform continuous health
checks on the links to the firewall, the firewall itself,
and each other.
The two applications below show firewall load
balancing in systems both with and without NAT
(Network Address Translation).
No single point of failure. The doubling up of the key
components ensures that communication between
the LAN and Internet is always maintained.
If one P333R-LB fails, due to VRRP, the second
switch can instantaneously take over all load
balancing functions. If a firewall fails, then the
P333R-LB will transparently redirect all traffic
through the second firewall.
“No NAT” Application. In this case, there are pairs
of P333R-LB switches on each side of the firewalls.
This is necessary since sessions must travel across
the same firewall. If the session is sent to the
second firewall, it will be disconnected by the
“statefull” firewall. It is therefore important to
have the same load balancing decisions on both
sides of the firewall.
NAT Application. In this case, P333R-LB switches
are only required on the LAN side of the firewalls.
The session traffic coming from the Internet will
have the specific IP address of the firewall from
which the session started.
5
• NAT (Network Address
Translation)—allows
you to use any IP
address within your
organization while
only using legal
IP addresses outside.
This is useful when you
have a limited number of
legal IP addresses (e.g.,
for ISPs).
Firewall Load Balancing – no NAT
Firewall Load Balancing – with NAT