Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
974
Views
0
Helpful
3
Replies

ACE design with inter-Vlan routing

Go to solution
Surya ARBY
Level 4
Level 4

‎10-26-2011 01:09 PM

Hello all.

I'm working on a design for a customer where the ACE will perform inter vlan routing.

A few questions about that :

- is routed traffic enforced in hardware with some kind of CEF-like mechanism ? (I suppose yes because there is a FIB ? per

https://supportforums.cisco.com/docs/DOC-19253 ) we expect a certain load and routing is software will not be acceptable

- if I put my VIPs within the VLANs hosting the application, is there any restriction on accesses made to this VIP (if the VIP is reached after the routing process is performed) ?

example :

VLAN2 (client) ----- ACE ----- VLAN3 (servers)
192.168.2.0/24                 192.168.3.0/24

If I try to access the VIP (192.168.3.20) from a PC in the VLAN2 (192.168.2.15) does it work ?

I assume yes because the VIP appears as a connected /32 in the routing table, I just want to be sure to not fall into some tricky part of code because the access to the VIP is done after the routing process. I just want to be sure there is no drawback / restriction about that.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marko Leopold
Level 1
Level 1
In response to Surya ARBY

‎10-27-2011 02:40 AM

Hello Surya!

Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.

And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.

Cheers,

Marko

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Surya ARBY
Level 4
Level 4

‎10-26-2011 01:10 PM

the illustration should be 

VLAN2 (client) ----- ACE (L3)----- VLAN3 (servers)
192.168.2.0/24                     192.168.3.0/24
0 Helpful

Go to solution
Marko Leopold
Level 1
Level 1
In response to Surya ARBY

‎10-27-2011 02:40 AM

Hello Surya!

Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.

And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.

Cheers,

Marko

0 Helpful

Go to solution
Surya ARBY
Level 4
Level 4
In response to Marko Leopold

‎10-27-2011 03:28 AM

Thank you.

Is routing done by the control plane or by a micro engine within the octeon chipset in the dataplane ?

I couldn't find the info anywhere

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card