Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
0
Helpful
2
Replies

ACE Loadbalancing-TFTP server

sajism220
Level 1
Level 1

‎09-11-2008 10:08 AM

Hi,

This is regarding the ace-TFTP server load balancing, the ace will load balance on port 69.We have tried to do the same, its seems to the ACE getting the TFTP request but not able to reply back to the client, also we are also probing the same on port number 69.If any one face this issue, please share.

Regds

Saji k.s

Doha

Labels:
0 Helpful
2 Replies 2

Syed Iftekhar Ahmed
Level 8
Level 8

‎09-11-2008 10:02 PM

TFTP is little complex. It uses two flows and unfortunately we dont have tftp inpect/fix available in ACE

1) Client initiate the session using UDP flow to port 69 from a random port, lets say X

2) server replies with data, opening a new UDP flow towards the client. Server's source port is random, while destination port for this response is X .

3) Now ACE has no clue about TFTP flows (lack of tftp fix/inspect), hence client will recieve tftp response from Real server directly.Since the response is not from VIP (where client sent the request),Client will drop the response

For TFTP we will have to source nat the server response using VIP (where the initial request was sent).

I have written a sample config keeping the above tftp process in mind and I think it will work.

In this config vlan 20 is the client VLAN where VIP is defined and VLAN 30 is the server vlan where the REAL tftp servers reside.

Since this TFTP workaround requires Source NAT using VIP address , this config will only work for ACE 2.X code ( In previous codes using VIP for source NAT was not supported)

Try it if you can

rserver host tftp-server1

ip address 10.10.10.101

inservice

rserver host tftp-server2

ip address 10.10.10.102

inservice

serverfarm host TFTP-SFARM

rserver tftp-server1

inservice

rserver tftp-server2

inservice

class-map match-any TO-TFTP-VIP

description class-map for client to TFTP VIP traffic

match virtual-address 192.168.0.100 udp eq 69

class-map match-any FROM-TFTP-REAL

description class-map from tftp server to client

match virtual-address 0.0.0.0 0.0.0.0 udp eq any

policy-map type loadbalance first-match TFTP-POLICY

class class-default

serverfarm TFTP-SFARM

policy-map multi-match CLIENT-VLAN-VIPS

class APP1-VIP-CLASS

loadbalance vip inservice

loadbalance policy APP1-POLICY

loadbalance vip icmp-reply

policy-map multi-match SERVER-VLAN-VIPS

class FROM-TFTP-REAL

nat dynamic 100 vlan 20

interface vlan 20

description CLIENT-VLAN

ip address 192.168.0.1 255.255.255.0

access-group input anyone

access-group output anyone

nat-pool 100 192.168.0.100 192.168.0.100 netmask 255.255.255.255

service-policy input CLIENT-VLAN-VIPS

no shutdown

interface vlan 30

description SERVER-VLAN

ip address 10.10.10.254 255.255.255.0

access-group input anyone

access-group output anyone

service-policy input SERVER-VLAN-VIPS

no shutdown

0 Helpful

jonathan.kirkness
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎05-26-2010 07:19 AM

Has anyone been successful with load balancing the TFTP requests on ACE?

With the CSS, this can be done with a source group.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card