12-06-2010 10:42 PM
Not sure how to put this, but the Q is what recomondations you would give regarding design configuration using 2 ACE modules in 2 different 6509's.
Some background info:
The 6509's is used as core, and configured with bgp, ospf, vrf and hsrp. The VLAN's configured are in different vrf's and communication between vrf's are going thru the fwsm in the 6509. Fwsm are configured active/standby.
One vrf consists of 1 or more vlan's, fwsm seprates communication between the vrf's and traffic between vrf's needs to go trhu the fwsm. Communication to different remote sites (where the clients are), are in vrf Client and they need to connect to different applications in different vrf's. The different vrf's also needs to communicate with each other. Some of this traffic, client->server and server->server, needs to be loadbalanced. Servers that will be loadbalanced are in the same subnet. These servers have default gateway to the vrf, not the ACE module. The ACE modules are configured with ft.
What would you recommend, designing this?
Today we have configured one-armed mode, with source NAT and contexts. This works, but not many clients/servers are beeing loadbalanced at the moment. Next year more clients/servers will come. I guess there will be between 100-500 sessions at the most from client/server -> server, with loadbalancing. This applies to one context, and each context (it's a standard license, so theres limitations to 5 context I guess) will have 2-10 serverfarms with different applications, that needs to be loadbalanced. One serverfarm will consist of 2-8 servers at the most.
But I'm not sure this is the best way to do it. Or doesn't it matter regarding utlization?
What about routed and brigde mode, something to look at? What are the most common way to configure ACE in a setting like this?
Br
Geir Sand-Strand
12-06-2010 10:54 PM
1 arm / source NAT is the best / less intrusive option.
12-06-2010 10:57 PM
Thanks for the quick reply!
I guess i continue doing using one-arm then.
Br
Geir Sand-Strand
12-06-2010 11:02 PM
Forgot to ask about contexts.
How many serverfarms and one-armed loadbalancing in one context are recommended? Maybe it wouldn't be a problem, only helps me seprate in different context in stead of running more loadbalancingservices in one context.
Just asking this if I need to update the license for running more contexts.
Br
Geir
12-06-2010 11:07 PM
It depends on the load you expect and the thresholds you configured in the ressource class.
You should see "contexts" for an organisational purpose (1 for external services, 1 for internal services, shared services, main services, branch1, branch2...)
Follow the allocation policy you defined for you VLANs.
I have a customer who use 1 context per vlan and performs 1arm+source NAT in each context.
Other customers use a shared context for all external apps and another context for all internal apps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide