Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
1
Replies

ACE load balancer question - no source ip translate

MichaelKim24362
Level 1
Level 1

‎05-04-2023 07:41 AM - edited ‎05-04-2023 07:43 AM

There is no NAT related config on ACE, so I believe that load balance is not using source translation.

On the backbone, there is route-map configured on the Server vlan. This route-map is used for "set IP next-hop", but I cannot understand the purpose of this route-map. Can you explain? The config below is part of actual config but modified.

### ACE ###
probe tcp 8000
port 8000
interval 2
faildetect 2
passdetect interval 5
passdetect count 5
rserver host ABC
ip address 10.10.10.51
inservice
rserver host CBA
ip address 10.10.10.52
inservice
serverfarm host ABCDE-8000
probe 8000
rserver ABC
inservice
rserver CBA
inservice
sticky ip-netmask 255.255.255.255 address source ABCDE-8000
timeout 10
timeout activeconns
replicate sticky
serverfarm ABCDE-8000
class-map match-any ABCDE-8000-VIP
2 match virtual-address 10.10.1.100 tcp eq 8000
policy-map multi-match ABCDE-8000-POLICY
class ABCDE-8000-VIP
loadbalance vip inservice
loadbalance policy ABCDE-8000-Sfarm
loadbalance vip icmp-reply active
interface vlan 70
description ### ACE-OUTESIDE ###
ip address 10.10.1.3 255.255.255.0
alias 10.10.1.1 255.255.255.0
peer ip address 10.10.1.2 255.255.255.0
no normalization
no icmp-guard
service-policy input ABCDE-8000-POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.1.30

### show conn ###
903749 1 in TCP 70 10.75.50.57:52980 10.10.1.100:8000 ESTAB
984007 1 out TCP 70 10.10.1.100:8000 10.75.50.57:52980 ESTAB

### Switch ###
interface Vlan100
description ### ABCDE ###
ip address 10.10.10.28 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip policy route-map PBR
standby 100 ip 10.10.10.30
standby 100 priority 110
standby 100 preempt delay minimum 150 reload 180
!
route-map PBR permit 5
match ip address ACE
!
route-map PBR permit 10
match ip address ACL101
set ip next-hop 10.10.1.1
!
route-map PBR permit 20

Labels:
0 Helpful
1 Reply 1

thanhbachle2766
Level 1
Level 1

‎07-31-2023 02:49 AM

Hello,

The provided configuration consists of Cisco ACE (Application Control Engine) and a switch configuration. The focus here is on understanding the purpose of the route-map applied on the switch's Vlan100 interface. I had break it down:

Switch Configuration:

  • The switch has an interface Vlan100 with IP address 10.10.10.28 and subnet mask 255.255.255.0.
  • The switch is running HSRP (Hot Standby Router Protocol) with virtual IP 10.10.10.30, and it is in standby mode with priority 110.
  • The route-map named "PBR" (Policy-Based Routing) is applied on the Vlan100 interface.
  • The route-map has two permit statements, numbered 5 and 10.

Explanation:

  • The route-map PBR permit 5 matches traffic based on an access list named ACE.
  • The route-map PBR permit 10 matches traffic based on an access list named ACL101.
  • If a packet matches the criteria specified in permit 5 (ACE access list), it will take the normal routing path.
  • If a packet matches the criteria specified in permit 10 (ACL101 access list), it will be forwarded to the next-hop IP address 10.10.1.1.

From the given configuration, it appears that the route-map PBR is used for policy-based routing to selectively route traffic from Vlan100 to the next-hop IP address 10.10.1.1. The purpose of this specific policy-based routing is not clear from the provided information, as it depends on the access list ACE and ACL101's configurations, which are not included here.

Rubio's Survey
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card