cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
483
Views
0
Helpful
1
Replies

ACE module rservers multiple routed hops away

thedinuka
Level 1
Level 1

Hi all, deploying a ACE module in a cat6k. Just want to figure out, can I add to a serverfarm, rservers which are multiple routed hops away from the ACE or the cat6k in which it is deployed. please look at the attached diagrams. I have my servers at two subnets, and I want to add all 5 servers to the same server farm and load balance between them

Is this possible, if any what are the caveats ?

Thanks all

1 Reply 1

ciscocsoc
Level 4
Level 4

Hi,

You can do this, but ypu have to use client-NAT to force the return traffic to pass back through the ACE. You also then need static routes in the ACE context to point at each server.

The following extract from a configuration shows the basic principle:

rserver host master

ip address 10.199.95.2

inservice

rserver host slave

ip address 10.199.38.68

inservice

serverfarm host FARM-web2-Master

description Serverfarm Master

probe PROBE-web2

rserver master

inservice

serverfarm host FARM-web2-Slave

description Serverfarm Slave

probe PROBE-web2

rserver slave

inservice

class-map match-any L4VIPCLASS

2 match virtual-address 10.199.80.12 tcp eq www

3 match virtual-address 10.199.80.12 tcp eq https

policy-map type management first-match REMOTE-MGMT-ALLOW-POLICY

class REMOTE-ACCESS

permit

policy-map type loadbalance first-match LB-POLICY

class class-default

serverfarm FARM-web2-Master backup FARM-web2-Slave

policy-map multi-match L4POLICY

class L4VIPCLASS

loadbalance vip inservice

loadbalance policy LB-POLICY

loadbalance vip icmp-reply active

loadbalance vip advertise

nat dynamic 1 vlan 384

service-policy input L4POLICY

interface vlan 383

description ACE-web2-Clientside

ip address 10.199.80.13 255.255.255.248

alias 10.199.80.12 255.255.255.248

peer ip address 10.199.80.14 255.255.255.248

access-group input ACL-IN

access-group output PERMIT-ALL

no shutdown

interface vlan 384

description ACE-web2-Serverside

ip address 10.199.80.18 255.255.255.240

alias 10.199.80.17 255.255.255.240

peer ip address 10.199.80.19 255.255.255.240

access-group input PERMIT-ALL

access-group output PERMIT-ALL

nat-pool 1 10.199.80.20 10.199.80.20 netmask 255.255.255.240 pat

no shutdown

ip route 0.0.0.0 0.0.0.0 10.199.80.9

ip route 10.199.95.2 255.255.255.255 10.199.80.21

ip route 10.199.38.68 255.255.255.255 10.199.80.21

HTH

Cathy

Review Cisco Networking for a $25 gift card