Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1261
Views
0
Helpful
2
Replies

ACE 4710 Appliance Deployment Scenarios

santipongv
Level 1
Level 1

‎02-04-2010 08:08 AM

I came up with 2 scenarios for ACE4710 appliance deployment.  Please see drawings in the attached file.  Please let me know which scenario will work or both will work.

Goal:

  1. To load balance user traffic from the Internet to Server Farm A.
  2. To load balance user traffic from the Internet to Server Farm B and then to load balance traffic from Server Farm B to Server Farm C (Scenario I).  Default gateway for Server Farm C is the Internet Firewall.
    or
  3. To load balance user traffic from the Internet to Server Farm B and then to load balance traffic from Server Farm B to Server Farm C (Scenario II).  Default gateway for Server Farm C is the ACE.

Thank you in advance.

Labels:
Preview file
1969 KB
0 Helpful
2 Replies 2

JOHN WAITE
Level 1
Level 1

‎02-18-2010 03:55 PM

Both would work but why you'd use the F/W or ACE as the DG for serverfarm C when you have perfectly functional 3750 L3 switches sitting there is confusing.

Also I have done this with two farms, but three would be equally easy.

My setup is this,

Serverfarm A - web

Serverfarm B - App

2 VIP's.

1st for client to web farm

2nd for web server to app farm

Using ACE & FWSM and ASA's.

ACE & FWSM using bridged mode (transparent) with multiple context's. 1st context for web. 2nd context for App. Using route-health-injection to advertise VIP back to MSFC (in our case Cat6509 but could be 3750).

Works great and using this setup we avoid having to do source nat. Plus the separate contexts helps cut down the config size for each building block. I could add a third VIP for the backend App to DB conversation but that would break our particular app and since the DB's are clustered using MSCS, is not needed.

Good luck.

0 Helpful

santipongv
Level 1
Level 1
In response to JOHN WAITE

‎02-19-2010 04:31 AM

Thank you for your response.  We don't use 3750 switch as L3 since it's in DMZ.  Hence, we will use ACE as a DG for those server farms, so that all traffic will be going through the ACE.  Also, this will prevent unwanted traffic to serverfarms bypassing the ACE.  We are planning to deploy in phases.  Phase I is to create a new VLAN for Serverfarm A.  Then, we will move Serverfarm B to this new VLAN in phase II (Scenario II).  We also want to minimize configuration changes on these servers.  My main concern was that I am not certain if the load balance will work in Scenario II step 2 (to load balance traffic from Serverfarm B to Serverfarm C), which is the opposite direction of the load balancing traffic in step 1 (users => Serverfarm B).  Thank you in advance.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card