Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
878
Views
0
Helpful
4
Replies

ACE Design Question

shday
Level 1
Level 1

‎08-17-2011 12:46 PM

We are deploying a set of ACE30's and we are thinking about creating a single transport that will be used to route all traffic to and from the ACE and deploying the VIP space virtually.  In other words the VIP IP assignments will not be an actual vlan interface configured anyway on my 6500 or on my ACE.  My upstream router will have a route to get to 192.168.1.0/24 going to 172.24.10.1 so it will route the traffic fine.  I will have a default route point back to my upstream router on 172.24.10.3 so the return traffic will be fine. 

I know this will work, but I'm trying to determine if it would be a  better design to actually assign Vlan interface for the 192.168.1.0/24  network.  Maybe it doesn't matter????

interface vlan 302                            ---Transport vlan

  ip address 172.24.10.2 255.255.255.240

  alias 172.24.10.1 255.255.255.240

  peer ip address 172.24.10.3 255.255.255.240

  service-policy input mgmt

  service-policy input allow-ping

  service-policy input application-conn

  no shutdown

class-map match-all application-conn

match virtual-address 192.168.1.6 tcp eq www

policy-map type loadbalance first-match application-conn

class class-default

  serverfarm application-conn

policy-map mutli-match application-conn-mmpl

class application-conn

loadbalance vip inservice

loadbalance policy application-conn

loadbalance vip icmp-reply

Labels:
0 Helpful
4 Replies 4

ohynderi
Level 1
Level 1

‎08-18-2011 04:59 AM

Hello,

From ACE perspective, it doesn't matter if the VIPs are part of an interface subnet or not. Only difference: ACE won't response to arp requests sent to the VIP IPs…

Small question, you mentioned vlan 302 only. Does it mean you have a one-arm topology? If possible i would always recommend to have a separate client and server vlan.

--Olivier

0 Helpful

thomascollins
Level 3
Level 3
In response to ohynderi

‎08-18-2011 08:25 AM 

ohynderi wrote:
Hello,
From ACE perspective, it doesn't matter if the VIPs are part of an interface subnet or not. Only difference: ACE won't response to arp requests sent to the VIP IPs…
Small question, you mentioned vlan 302 only. Does it mean you have a one-arm topology? If possible i would always recommend to have a separate client and server vlan.
--Olivier

Hi Olivier,

Just wondering why you would recommend two seperate VLANs (client/server)?  I'm designing a one-arm topology because our clients and servers sit on the same subnet.  What problems might I expect to run into? 

Thanks,

Tom

0 Helpful

shday
Level 1
Level 1
In response to thomascollins

‎08-18-2011 02:01 PM

I do have my vlan seperation between client and server.  I currently have my VIPs configure in a virtual space with no vlan interface and no layer two vlan assigned, but I can still ping the vips from my upstream router.

I guess I'm no understanding why I can ping them if I don't have an arp entry.  I'm thinking that someone would have an arp entry, but I definitely don't see the arp entries in my arp tables in either my upstream router or in my ACE module.

0 Helpful

ohynderi
Level 1
Level 1
In response to thomascollins

‎08-19-2011 03:14 AM

Tom,

Just pay attention to not have asymmetric routing (ie traffic from server to client bypassing the ace).

Thanks,

Olivier

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card