Hi Serge,
Welcome to the CISCO NetSupport forum as this seems to be your first day and this is your first question in the forum.
Hope you would feel good experience in the forum in the coming time.
Kindly find my answers below to your questions:
First question: Why cant' I ping my interface (Int. Vlan2) from my server whereas I can do it on FWSM?
Ans 1: For security reasons, the ACE does not allow pings from an interface on a VLAN on one side of the ACE through the appliance to an interface on a different VLAN on the other side of the appliance. For example, a host can ping the ACE address that is on the IP subnet using the same VLAN as the host but cannot ping IP addresses configured on other VLANs on the ACE.
Have you check that ACL and proper routing is there for server towards Int.Vlan2 on ACE(dont presume default route will work for every situation). Also all the required NAT-ing as well in place.
Second question: Why can't I create more than 3 interfaces in a Context ACE ? (The Vlan has well been added in svlc group and the Admin context but the interface doesn't appear in my context)
Ans2:
The ACE supports a maximum of 8,192 interfaces per system that include VLANs, shared VLANs, and BVI interfaces.
The ACE supports a maximum of 4,093 VLANs per system and a maximum of 1,024 shared VLANs per system.
The ACE also supports shared VLANs, which are multiple interfaces in different contexts on the same VLAN within the same subnet. Only routed interfaces can share VLANs. Note that there is no routing across contexts even when shared VLANs are configured.
To assign one or more VLAN interfaces to the context, use the allocate-interface command. Use the no form of the command to remove the VLAN from the context configuration.
allocate-interface vlan number_id
no allocate-interface vlan number_id
Syntax Description
vlan number_id
Identifies the VLAN to assign to the user context. For the number_id argument, enter the number of an existing VLAN that you want to assign to the context as an integer from 1 to 4096.
After you allocate the interface to a user context, you can configure the interface in that context.
When a VLAN is shared in multiple contexts, the interfaces must be on the same subnet. However, the interfaces that share the VLANs will have different MAC addresses. These different MAC addresses on the same VLAN classify traffic on multiple contexts. No routing can occur across contexts even if you configure shared VLANs.
The ACE allows you to assign a VLAN number to a user context even if the VLAN has not been assigned to the ACE. You can configure the VLAN in the user context; however, the VLAN cannot receive traffic until it is allocated to an Ethernet data port.
Check out the following link for configuring the Interfaces in ACE:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/routing_bridging/guide/vlansif.html
3rd Question: I would like to create 2 serverfarms on the 2 different VLAN. Is it possible with context ACE? Because I need to use the LB Services between my 2 internal serverfarms and from the public Network.
Ans 3:
It is possible.
VLANs are allocated per virtual partition to provide each virtual partition with its own well-defined input/output access.
This approach helps ensure complete VLAN separation between the virtual partitions within the Cisco ACE module.
the usage of VLANs could effect virtual partition allocations. There are three designs that impact how VLANs are allocated: bridge mode, routed mode, and cascading virtual partitions.
You can also create a shared vlan between the 2 contexts , these contexts are catering to 2 different serverfarms
you can share a vlan but you need to use the command 'shared-vlan-hostid X' and 'peer shared-vlan-hostid Y' so they do not use the same mac-addresses.
The below mentioned link could be the best to give you detailed idea about the kind of scenario/s you are looking for:
http://snippets101.blogspot.com/search/label/ace
Read the following whitepaper for selecting your vitualization desigh. It would defiitely be a good start for gtting new ideas:
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/White_Paper_Cisco_Application_Control_Engine_A_Technical_Overview_of_Virtual_Partitioning.html
Kindly find more examples with scenario based and complete config as they are quite helpful bridge mode, routed mode, and cascading virtual partitions:
http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples
http://www.cisco.com/en/US/products/hw/modules/ps2706/prod_configuration_examples_list.html
http://vivekganapathi.blogspot.com/2010/07/cisco-ace-4710-load-balancer.html
http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Network_Address_Translation
http://fengnet.com/book/CNF/
I try to answer your question in short otherwise loadbalancing is a a very vast topic with n number of possibilities , So cant share all knowledge in one go. Or might be I miss some better point.
Hope you will find my answers informative and you can come up with more of your queries.
I would be glad to assist you any time
.
Keep In touch with your more queries.
Thanks and Regards,
Sachin Garg
