ACE load balancer question - no source ip translate

MichaelKim24362 · ‎05-04-2023

There is no NAT related config on ACE, so I believe that load balance is not using source translation.

On the backbone, there is route-map configured on the Server vlan. This route-map is used for "set IP next-hop", but I cannot understand the purpose of this route-map. Can you explain? The config below is part of actual config but modified.

### ACE ###
probe tcp 8000
port 8000
interval 2
faildetect 2
passdetect interval 5
passdetect count 5
rserver host ABC
ip address 10.10.10.51
inservice
rserver host CBA
ip address 10.10.10.52
inservice
serverfarm host ABCDE-8000
probe 8000
rserver ABC
inservice
rserver CBA
inservice
sticky ip-netmask 255.255.255.255 address source ABCDE-8000
timeout 10
timeout activeconns
replicate sticky
serverfarm ABCDE-8000
class-map match-any ABCDE-8000-VIP
2 match virtual-address 10.10.1.100 tcp eq 8000
policy-map multi-match ABCDE-8000-POLICY
class ABCDE-8000-VIP
loadbalance vip inservice
loadbalance policy ABCDE-8000-Sfarm
loadbalance vip icmp-reply active
interface vlan 70
description ### ACE-OUTESIDE ###
ip address 10.10.1.3 255.255.255.0
alias 10.10.1.1 255.255.255.0
peer ip address 10.10.1.2 255.255.255.0
no normalization
no icmp-guard
service-policy input ABCDE-8000-POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.1.30

### show conn ###
903749 1 in TCP 70 10.75.50.57:52980 10.10.1.100:8000 ESTAB
984007 1 out TCP 70 10.10.1.100:8000 10.75.50.57:52980 ESTAB

### Switch ###
interface Vlan100
description ### ABCDE ###
ip address 10.10.10.28 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip policy route-map PBR
standby 100 ip 10.10.10.30
standby 100 priority 110
standby 100 preempt delay minimum 150 reload 180
!
route-map PBR permit 5
match ip address ACE
!
route-map PBR permit 10
match ip address ACL101
set ip next-hop 10.10.1.1
!
route-map PBR permit 20

thanhbachle2766 · ‎07-31-2023

Hello,

The provided configuration consists of Cisco ACE (Application Control Engine) and a switch configuration. The focus here is on understanding the purpose of the route-map applied on the switch's Vlan100 interface. I had break it down:

Switch Configuration:

The switch has an interface Vlan100 with IP address 10.10.10.28 and subnet mask 255.255.255.0.
The switch is running HSRP (Hot Standby Router Protocol) with virtual IP 10.10.10.30, and it is in standby mode with priority 110.
The route-map named "PBR" (Policy-Based Routing) is applied on the Vlan100 interface.
The route-map has two permit statements, numbered 5 and 10.

Explanation:

The route-map PBR permit 5 matches traffic based on an access list named ACE.
The route-map PBR permit 10 matches traffic based on an access list named ACL101.
If a packet matches the criteria specified in permit 5 (ACE access list), it will take the normal routing path.
If a packet matches the criteria specified in permit 10 (ACL101 access list), it will be forwarded to the next-hop IP address 10.10.1.1.

From the given configuration, it appears that the route-map PBR is used for policy-based routing to selectively route traffic from Vlan100 to the next-hop IP address 10.10.1.1. The purpose of this specific policy-based routing is not clear from the provided information, as it depends on the access list ACE and ACL101's configurations, which are not included here.

Rubio's Survey