Solved: Re: ACE bridge and routed interface in the same context

lukaszkhalil · ‎10-05-2010

Hello

I am wondering if it is possible to configure one ACE context to support both routed and bridge interface?

I would like to have a bridge-mode context but in the same time I would like to have a separated OOB interface for management.

If it is possible how they could interact to each other?

Thank you in advance for any answer

Regards

Lukasz

Gilles Dufour · ‎10-05-2010

that's correct.

Gilles.

View solution in original post

Gilles Dufour · ‎10-05-2010

Yes, you can have a mix of routed and bridged interfaces.

If the destination mac-address of packet coming in is an ACE mac-address, traffic is routed (even on bridged interface).

But if the destination mac-address is not ACE, traffic is L2 switched on bridged interfaces.

Gilles.

lukaszkhalil · ‎10-05-2010

Hello

Thank you for your answer.

What about the real servers initiated traffic ? How the ACE will know which def gw should it use ?

Does the bridged and routed ip subnets will be able to communicate based on the ace routing table or it will have to use the external router ?

Lukasz

Gilles Dufour · ‎10-05-2010

As I said. Traffic sent to ACE mac-address is routed (whatever the interface type).

So, if you configure your rserver with ACE as the default gateway, when a rserver initiates a connection, traffic gets to the ACE and ACE uses its routing table to decide where to forward the traffic through any interface.

However, if you configure another router as the default gateway on the rserver, when this server initiates a connection, traffic coming to ACE will not use ACE dest mac address, so traffic is L2 switched to the other side of the bvi.

Gilles.

lukaszkhalil · ‎10-05-2010

OK, thank you.

Could you please explain to me how ace know which default route should it use in case of having two BVI interfaces (two default gataways) and why do we need to configure a default route in the bridge mode ?

Lukasz

Gilles Dufour · ‎10-05-2010

You need default route for 2 reasons.

1 - if you have L7 class-map, ACE will have to terminate the connection and work like proxy. Therefore it will look into its routing table how to route back to the client.

2 - when ACE does create a new connection, it needs to setup 2 flows for inbound and outbound traffic.

In order to setup those flows, it needs to know all the mac-address involved.

If a mac-address is not in its arp table, the traffic is rejected.

The default route is therefore there to guarantee that we regularly arp for the gateway and therefore have its mac-address in our arp table.

In regards to selection of the correct gateway, it would only apply when routing...therefore when rserver initiated connections are routed.

If you have not configured ACE as the default gateway for the server, traffic is bridged and therefore not route selection is required.

If routing needs to be done, we roundrobin over the available routes.

Gilles.

lukaszkhalil · ‎10-05-2010

OK, just to summarize.

Although we need to create def gw per BVI for the correct flow processing, two BVI interfaces should not communicate to each other unless they are allowed by the external device.

Is it correct ?

Lukasz

Gilles Dufour · ‎10-05-2010

that's correct.

Gilles.

lukaszkhalil · ‎10-05-2010

ok, thank you very much for all your answers

Lukasz

lukaszkhalil · ‎11-12-2010

Hello

We've just tried to configure bridged and routed interfaces at the same time in the lab and we've had a problem.

When we added the def gw for the bridged config we noticed that we had an issue with the traffic src by the rservers in the routed config.

When we deleted the new def gw, the problem disappeared.

I am attaching the lab config.

When we added to it the following line

ip route 0.0.0.0 0.0.0.0 10.1.1.163

reals B1-B10 could not communicate to the outside world.

Do you know why it does not worked and what could we do to fix it ?

Thank you in advance.

Regards

Lukas