Showing results for 
Search instead for 
Did you mean: 

ACE load balancer question - no source ip translate

Level 1
Level 1

There is no NAT related config on ACE, so I believe that load balance is not using source translation.

On the backbone, there is route-map configured on the Server vlan. This route-map is used for "set IP next-hop", but I cannot understand the purpose of this route-map. Can you explain? The config below is part of actual config but modified.

### ACE ###
probe tcp 8000
port 8000
interval 2
faildetect 2
passdetect interval 5
passdetect count 5
rserver host ABC
ip address
rserver host CBA
ip address
serverfarm host ABCDE-8000
probe 8000
rserver ABC
rserver CBA
sticky ip-netmask address source ABCDE-8000
timeout 10
timeout activeconns
replicate sticky
serverfarm ABCDE-8000
class-map match-any ABCDE-8000-VIP
2 match virtual-address tcp eq 8000
policy-map multi-match ABCDE-8000-POLICY
class ABCDE-8000-VIP
loadbalance vip inservice
loadbalance policy ABCDE-8000-Sfarm
loadbalance vip icmp-reply active
interface vlan 70
description ### ACE-OUTESIDE ###
ip address
peer ip address
no normalization
no icmp-guard
service-policy input ABCDE-8000-POLICY
no shutdown
ip route

### show conn ###
903749 1 in TCP 70 ESTAB
984007 1 out TCP 70 ESTAB

### Switch ###
interface Vlan100
description ### ABCDE ###
ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip policy route-map PBR
standby 100 ip
standby 100 priority 110
standby 100 preempt delay minimum 150 reload 180
route-map PBR permit 5
match ip address ACE
route-map PBR permit 10
match ip address ACL101
set ip next-hop
route-map PBR permit 20

1 Reply 1

Level 1
Level 1


The provided configuration consists of Cisco ACE (Application Control Engine) and a switch configuration. The focus here is on understanding the purpose of the route-map applied on the switch's Vlan100 interface. I had break it down:

Switch Configuration:

  • The switch has an interface Vlan100 with IP address and subnet mask
  • The switch is running HSRP (Hot Standby Router Protocol) with virtual IP, and it is in standby mode with priority 110.
  • The route-map named "PBR" (Policy-Based Routing) is applied on the Vlan100 interface.
  • The route-map has two permit statements, numbered 5 and 10.


  • The route-map PBR permit 5 matches traffic based on an access list named ACE.
  • The route-map PBR permit 10 matches traffic based on an access list named ACL101.
  • If a packet matches the criteria specified in permit 5 (ACE access list), it will take the normal routing path.
  • If a packet matches the criteria specified in permit 10 (ACL101 access list), it will be forwarded to the next-hop IP address

From the given configuration, it appears that the route-map PBR is used for policy-based routing to selectively route traffic from Vlan100 to the next-hop IP address The purpose of this specific policy-based routing is not clear from the provided information, as it depends on the access list ACE and ACL101's configurations, which are not included here.