Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
3
Replies

Comparing ACE to CSS

Sbutzek
Level 1
Level 1

‎11-23-2006 08:55 AM

I'm currently evaluating the ACE module for out enviroment.

May we will take out all our CSS11500 and convert to the ACE Module.

But i have a feq Questins about the Config.

1)

Sometimes i currently use groups for source-nat. I do nat the source-IP in the same VIP as the content rule.

How can i archive this also for the ACE?

I'm missing somthing line "nat client" how it is working on the CSM.

2)

Also i have a general Question about NAT on the ACE.

I have an enviroment where i have many VIPs pointing do my different servers.

If a client is accessing the VIP there is only a destination NAT done by the content rule loadbalancing.

For all Connections which are initiated from the servers i do a NAT/PAT into a group.

"clause 100 permit any nql servernet destination any sourcegroup nat-out"

Can the Ace handle this similar, so that only connections from inside are translated?

Sven

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-24-2006 03:51 AM

1/ with ACE, you define a natpool under the interface that will be used to reach the server.

Then, you assign the natpool to your policy map.

ie:

interface vlan 30

natpool 1 172.16.1.10 172.16.1.15 netmask 255.255.255.0

policy multimatch SLB1

class VIP122

nat dynamic 1 vlan 30

2/ you can use a different policy-map for your internal interface where you do nat. And on the external interface you have a policy with no nat.

Gilles.

0 Helpful

Sbutzek
Level 1
Level 1
In response to Gilles Dufour

‎11-28-2006 01:39 PM

Great, but now i have another question.

It is about Cookies and Stickyness, very complex:

On CSS i can have a cookie like this:

"Cookie: hrz-server1!sessionid=189545484f9u85"

"Cookie: hrz-server2!sessionid=289545484f9u85"

....

"Cookie: hrz-server6!sessionid=685u4895454u85"

and Search for the prefix "hrz-" searching the cookie String

"server1"

"server2"

...

"server3"

to determine the right server and end up with a eos Char of "!".

On The Ace, i have to tell, how the cookie is named, but the Name of the cookie itself differs more than tow times. I think the name of thee cookie is

"hrz-server1!sessionid"

"hrz-server2!sessionid"

...

"hrz-server3!sessionid"

Is this right, that the ACE searchs the name of the cookie, or does it work like the prefix on the css and is not correctly documented?

Any Idea how i can stick the client to the right Server using a cookie like here with the ACE Module?

Sven

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to Sbutzek

‎11-29-2006 02:31 AM

Sven,

here is how you have to do it with ACE:

class-map type http loadbalance match-all hz-server1

2 match http header Cookie header-value ".*server1.*"

Do the same class-map for each of the server.

Then create a policy like this

policy-map type loadbalance first-match LB-L7

class hz-server1

serverfarm server1

class hz-server2

serverfarm server2

class class-default

serverfarm linux1

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card