cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
885
Views
0
Helpful
6
Replies

ACE Loadbalancing to a rserver not directly connected

kris-andrews
Beginner
Beginner

Hi All,

I have a scenario where an ACE load balancer needs to load balance to a couple of servers on another subnet not directly connected to the ACE. At first this seems resonable to configure the rservers and create static routes to reach them, my concern is the return path and the rservers being hidden behind the VIP.

Has anyone had a similar scenario?

Has anyone got any comments on this?

Regards

Kris

6 Replies 6

Collin Clark
Advisor
Advisor

Kris-

You would source NAT the traffic on the ACE. It would translate to a different address that the server would reply to for continued communications. Here's a link that can explain it better than I can

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html

Hope it helps.

Thanks Collin,

I have taken a look at the link you sent, so just to confirm,

When a clients request comes in with a destination address of the VIP, the ACE will load balance to the servers (by default the ACE does not translate the clients source address) by routing to the rserver addresses, by default if the clients source address is not source NAT'ed on the ACE the server will route directly back to the client bypassing the ACE.

So i guess to overcome this issue i would need to ensure that the clients source address is NAT'ed by the ACE to ensure that the server response is routed back to the ACE and then routed back to the client.

Also, in general, when a server responds to a client i thought the servers real address is hidden by the VIP by default, does the same apply in this scenario?

Does this sound right?

Kris

I would say you are correct on all statements.

Thanks again Colin for your feedback,

Regarding source NAT on the ACE, all the example configurations i have seen include configuring a nat pool under the interface.

Do you know if it's possible to source NAT the traffic from the interface alias address of the interface, the reason i ask is the interface subnet i want to source NAT from has no free addresses to allocate to a NAT pool?

Any ideas,

Your help is very much appreciated.

Kris

Hi Kris

Whether you can use the interface IP as NAT Pool I cannot answer you (never tried to do so, but I don't think it will work as you have different Interface IP's in a HA ACE Konfig on the active and passiv peer), but you can make a NAT Pool with only one IP. That works great and you just need one IP. You can even reuse this "one IP Pool" in different Classes.

best regards

Simon

Hi All,

I can suggest the following link to explain this in detail:

http://2and2is5.wordpress.com/2010/05/11/deploying-the-cisco-ace-load-balancer-in-a-virtualized-environment/

Kris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers