Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
1
Helpful
3
Replies

ACE Module design question

Ali Koussan
Level 1
Level 1

‎09-03-2013 03:28 AM

                   Hi

In my setup , I have 6500 with FWSM and ACE module . FWSM is configured in trasparent mode , multipl context . ACE is not yet configured .

I have a requirement to configure the ACE to load balance exchage servers traffic.Exchange servers are in Vlan 12 , there are other servers in this vlan that do not need loadbalancing service .  I'm looking for the best deisgn of the ACE so that , Exchange servers traffic use the ACE then pass through the FWSM , while other servers in the same vlan just go the FWSM directly without passing through the ACE.

currently , All servers in vlan 12 are going through the FWSM before it goes to the core.

ACE should run in trasparent mode , multiple context . I'm wondering what is the best option to configure the ACE ,any help ?

Labels:
0 Helpful
3 Replies 3

jasmina27s
Level 1
Level 1

‎09-05-2013 12:46 AM

Hi Ali,

If you don't want all the traffic to go via ACE, you need one arm mode and source NAT.

ACE configuration will have:

1. just one VLAN interface (VLAN 12)

2. a VIP address - can be from VLAN 12 or completely another IP range (client's traffic should be appropriately routed to the VIP)

3. address pool used for source NAT (for client IPs) - should be from VLAN 12 because ACE is not default gateway for relevant servers.

Here is some good example for one arm mode, only difference is that in your case ACE is in the same VLAN with real servers:  http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example

Best regards,

Jasmina

Ali Koussan
Level 1
Level 1
In response to jasmina27s

‎09-07-2013 05:49 AM

Thanks jasmine

In My case the number of clients is over 700 users, using source nat would be ok in case of small deployment .what do you think ?

Suppose that I can isolate the load balanced servers into new vlan , in that case , I do not need one armed mode and I can just configure one ACE context in transparent mode for each type of servers that needs load-balancing

Appreciating your help


Sent from Cisco Technical Support iPad App

0 Helpful

jasmina27s
Level 1
Level 1
In response to Ali Koussan

‎09-08-2013 11:54 PM

Hi Ali,

Where did you find info that source NAT (PAT actually ) ) is limited to small deployments only? I'm not aware of such limitation. There are some limits, but I believe 700 users should not be a problem. Most mentioned drawback is that in case you are using NAT/PAT, your client IP is hidden from servers.

Some other load-balancers (e.g. Citrix NetScaler which is recommended replacement for ACE) are doing source NAT by default, as preferred mode.

If you isolate servers to a new VLAN, bridged/transparent mode for ACE is ok.

Best regards,

Jasmina

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents