Re: Cisco GSS 4492R configuration with Cisco ACE4710

CLP Partners AXA · ‎12-09-2010

Dear all, I have to deploy the Cisco GSS in our 2 dataceters globally seprate IP ranges to loadbalance the exchange 2010 environment with Cisco ACE 4710 series SLBs. The scenario is to deploy one GSS + ACE on each datacenters and our nameserver will point to both GSS's IP addresses to get through. Incase primary site "site A" goes down name server will point the client's request to "site B".

Could you please suggest on something regarding the physical setup of the GSS here and what configuration should on SLB ACE will make it work? Do GSS and ACE need to be in the same vlan? is this necessary to use Both interface of the GSS to get things working? How the GSS will check the health check on ACE if they both are on different vlans/ip range?

Our ACE will be in routed mode do we need to assign the Real server default gateway as ACE inside interface with the server farm or just do the SNAT of the client IPs so the request can come back to ACE?

Is there any kind of standard design topolgy for this setup, you guys suggest? Please provide your suggestions asap..

Thanks for your help.

Regds,

Farhan

Kristopher Martinez · ‎12-09-2010

Farhan,

Attached is a GSS best practices document written by one of my collegues. This is a bit dated, but it is still relevant. This should give you a good start.

Kris

CLP Partners AXA · ‎12-09-2010

Thanks Kris for the document, however is ther something else with mutilple deployment sceanrios for GSS somewhere? as this still didnt solve my quest about the physical layout of ACE and GSS together and how will GSS talk to ACE?

does the eth1 on the GSS is designed for this communication?

Regds,

Farhan

Kristopher Martinez · ‎12-09-2010

Farhan,

You can use one interface for GSS keepalives and one for GSS communications. Both communications and keepalives can run over a single interface. This mainly depends on your requirements. I typically recommend running the keepalives over the "public" interface on the GSS and running the GSS communications over an internal network.. More information on GSS port numbers for FWs is located here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v3.1.1/administration/guide/ACLs.html#wp999192

GSS to ACE communication is dictated by the keepalives that you configure on the GSS to the ACE. This can be as little as a PING to a virtual address or using the proprietary KAL-AP protocol to get load statistics for more intelligent load balancing. More information on keepalives is located here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v3.1.1/configuration/gui/gslb/guide/KALs.html

Kris

CLP Partners AXA · ‎01-26-2011

Thanks for your answer Kris. I am currently using only one port ETH0 for both

the communication with my ACE.

Regds,

GE

Francesco Casotto · ‎01-26-2011

Farhan,

if you wish to use KAL-AP, which allows greater control, some configuration is needed on the loadbalancer too, for the ACE appliance you can refer to:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/slb/guide/probe.html#wp1192803

Hope it helps,

Francesco

mega5llc1 · ‎08-29-2011

Genworth/all,

I am in the process of doing a very similar implementation to the one you mentioned here. I too am still a little uncertain about the physical topology of the device installation with regards to the firewall and switches. Do you have any diagrams that you could share or other documentation that you could post that would help me?

I noticed that you mentioned a setup with failover capabilities, but i can't seem to find many GSS/ACE implementation documents related to this. I am trying to set up an active/passive link between our two data centers for DR purposes. Any advice on what type of configurations would be appropriate on both devices?

Thanks