03-04-2010 11:09 AM
Hi,
We got new ACE 4710 device and i am trying to configure that in Bridging mode.
I am trying to loadbalance between two servers which is connected as shown below:
Servers -> Switch -> Router (with subinterface).
Servers IP: 172.16.11.1 and 172.16.11.2
Router IP: 172.16.11.254
Default route is router IP address for servers.
I am new to ACE and I am confused about how to assign interface on ACE so that ACE can bridge the traffic between router and servers VLAN.
We have some more servers which are on different VLAN but can connect to these servers as router is doing inter-vlan routing too.
I want inter-vlan routing and load balancing between above two servers concurrently. Pls. help in this regard.
Also attaching the ACE config file.
03-05-2010 12:29 AM
You have to first change the vlan to which the router is attached.
Than on the ACE you configure both the router vlan and the server vlan.
Do not configure any ip address under the vlan, but instead configure a bridge-group with the same id.
Then create a bvi interface with that bridge group id.
Under the bvi interface, configure an ip address from the same subnet of the router and servers.
ACE will bridge the server and router vlan so that the servers will appear as direclty connected to the router.
No need to change ip addresses or gateways.
Gilles.
03-05-2010 01:41 AM
So in that case, will other VLAN servers can directly access those two servers which are part of ACE?
Do I have to assign different VLANs on switch for physical interface on ACE. In my case gig1/1 - VLAN10 and gig1/2 to VLAN13?
Thanks,
Pawan
03-05-2010 02:18 AM
Hi,
I tried the setup as per your suggestions, below are the details:
Router interface config:
---------------------------------
interface GigabitEthernet0/0.13
description "ACE vlan 13"
encapsulation dot1Q 13
ip address 172.16.11.254 255.255.255.0
!
Topology
-------------
Router
| vlan 13 (gig1/2)
ACE
| vlan 11 (gig1/3)
Servers
interface gigabitEthernet 1/2
channel-group 1
no shutdown
interface gigabitEthernet 1/3
channel-group 1
no shutdown
interface gigabitEthernet 1/4
shutdown
interface port-channel 1
switchport trunk allowed vlan 11,13
no shutdown
interface vlan 11
description "Server side"
bridge-group 3
service-policy input remote-access
no shutdown
interface vlan 13
description "Client side"
bridge-group 3
access-group input everyone
service-policy input client-vips
no shutdown
interface bvi 3
ip address 172.16.11.10 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.11.254
Servers default route is 172.16.11.254 (Router,s interface)
The problem is that now I am not able to ping servers from other VLAN's and even from ACE I am not able to ping servers and router IP.
I assigned vlan13 and vlan11 to ACE gig1/2 and gig1/3 respectively in layer 2 switch.
Appreciate your help in this..
Thanks,
Pawan
06-01-2010 06:21 PM
06-01-2010 11:17 PM
Yes, I am successfully able to done this solution.
Thanks,
Pawan
06-02-2010 05:46 AM
Hi Pawan,
Could you please provide a code snippet of your solution? I would like to see the way you implemented your setup.
Thanks
06-02-2010 05:57 AM
Here is the config, hope this will help.
Admin Context
=============
resource-class ngmp_rc1
limit-resource all minimum 0.00 maximum unlimited
limit-resource sticky minimum 0.20 maximum unlimited
interface gigabitEthernet 1/1
switchport access vlan 1000
no shutdown
interface gigabitEthernet 1/2
switchport trunk allowed vlan 10,13
no shutdown
interface gigabitEthernet 1/3
no shutdown
interface gigabitEthernet 1/4
shutdown
access-list ALL line 8 extended permit ip any any
access-list everyone line 8 extended permit ip any any
access-list everyone line 16 extended permit icmp any any
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
interface vlan 1000
ip address 192.168.16.16 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.16.254
context apps
allocate-interface vlan 10
allocate-interface vlan 13
member apps_rc1
APPS Context
============
rserver host srv1
ip address 192.168.10.1
inservice
rserver host srv2
ip address 192.168.10.2
inservice
rserver host srv3
ip address 192.168.10.3
inservice
serverfarm host apps_srv
rserver srv1
inservice
rserver srv2
inservice
rserver srv3
inservice
class-map match-all ftp-vip
2 match virtual-address 172.16.10.10 tcp eq ftp
class-map match-all http-vip
2 match virtual-address 172.16.10.11 tcp eq 8080
class-map type management match-any remote-mgmt
201 match protocol snmp any
202 match protocol ssh any
203 match protocol icmp any
204 match protocol http any
205 match protocol https any
206 match protocol xml-https any
policy-map type management first-match remote-mgmt
class remote-mgmt
permit
policy-map type loadbalance first-match slb
class class-default
serverfarm apps_srv
policy-map multi-match client-vips
class ftp-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply
inspect ftp
class http-vip
loadbalance vip inservice
loadbalance policy slb
loadbalance vip icmp-reply
interface vlan 10
bridge-group 1
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
no shutdown
interface vlan 13
bridge-group 1
access-group input bpdu-fixup
access-group input ALL
access-group output ALL
service-policy input remote-mgmt
service-policy input client-vips
no shutdown
interface bvi 1
ip address 192.168.10.9 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.10.254
Thanks,
Pawan
06-05-2010 02:48 PM
There are inconsistencies in the configs:
After the setup, clear the ARP table in the ACE.
06-07-2010 12:28 AM
Peter,
I think you misunderstood Pawan.
The config he sent is the one that WORKS for him...and indeed there is nothing wrong with it.
Thanks Pawan for sharing it.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide