- Blue, 1500 points or more
I need some assistance and guidance from a seasoned individual who has specific experience implementing a server farm solution that uses load balancing, firewalling and HSRP.
My questions involve the placement of the default gateway.
I would think that for traffic in the client -> server direction, it should be the following way (keep in mind an L2 access layer design):
TRAFFIC FLOW: client -> core ->server farm aggregation switch ->firewall ->load balancer ->L2 access switch -> server
...where, starting from the agg switch that receives client traffic destined for the server, the defaults should be set accordingly:
agg switch forwards all traffic destined for server subnets to the firewall's OUTSIDE interface; firewall forwards server subnet traffic to the load balancers VIP for the subnet; load balancer forwards traffic to a specific server that is part of the load-balanced group.
TRAFFIC FLOW 2: server -> access switch ->load balancer -> firewall ->agg switch -> core
...where, starting from the server and destined for the core, the defaults should be set accordingly:
server defaults to load balancer ( but what interface on the LB); load balancer defaults to firewall INSIDE interface; firewall defaults to subnet HSRP group -> traffic forwarded to core
Am I making sense? (I normally don't! LOL)
[EDIT] By the way, I realize that there are many ways to implement such a design. It can be very nuanced. What I am looking for is a few scenarios based on real-world experience.
Thank you in advance.