Showing results for 
Search instead for 
Did you mean: 


ACE Design Preference

I have 2 ACE 4710 appliances that I will be load balancing. I am currently trying to decide between deploying them in Layer 2 Bridge Mode or Layer 3 Routed Mode. I will have my various security zones broken down into virtual contexts and the vlans trunked into one physical interface that is provisioned for that context.

Can anyone provide any benefits/drawbacks to one design versus the other? I'm going to be load balancing mostly web applications and I have servers already deployed in dns round robin load balancing. I think that with the Layer 2 design I can keep the same IP's I have now on the servers and not cause any changes for the Server Admin Team / Developers.

Any thoughts are greatly appreciated.

Syed Iftekhar Ahmed

It realy depends on your requirements.

Mainly bridge mode is used for multicast support, Multiple DMZs + FWSM, server initiated connections

or for seemless migration from previously installed "bridged load balancing environment".

Some of the differences are

Bridged Mode:

In bridge mode you do not need additional config for "Direct server access" / "Server Initiated connections"

Broadcasts are allowed in Bridged mode.

There is a Source Nat limitaion in briged mode that only applies to non-load-balanced traffic.

Its also useful in scenarios where its not possible to make any layer 3 changes on Real servers (IP add/ Routes)

VIPs and Reals can be in Same/differnt subnet

Routed Mode:

Easy to deploy when there are many subnet with real servers in it.

Broadcasts are dropped in routed mode whereas they are bridged in bridge mode.

In the same lines if you want multicast from your servers you cannot use routed mode.

Routed mode's L3 separation makes debugging and troubleshooting comparitively easy.

VIPs need to be in different subnet

LB functionality is same in both modes.

Syed Iftekhar Ahmed