Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2270
Views
0
Helpful
8
Replies

Does ACE SM in L2 mode need the default gateway

axfalk1
Level 1
Level 1

‎06-07-2012 06:15 PM

                   Can someone pls tell me if ACE SM in L2 mode need the default gateway? We're running v. 3.2a.

Thanks.

Labels:
0 Helpful
8 Replies 8

Jorge Bejarano
Level 4
Level 4

‎06-07-2012 08:27 PM

Basic Load Balancing Using Bridged Mode on ACE.png

Hello,

Here you have diagram about it

Below you have a configuration sample:

rserver host lnx1
  ip address 172.16.3.11
  inservice
rserver host lnx2
  ip address 172.16.3.12
  inservice
rserver host lnx3
  ip address 172.16.3.13
  inservice
rserver host lnx4
  ip address 172.16.3.14
  inservice
rserver host lnx5
  ip address 172.16.3.15
  inservice

serverfarm host web
  rserver lnx1
    inservice
  rserver lnx2
    inservice
  rserver lnx3
    inservice
  rserver lnx4
    inservice
  rserver lnx5
    inservice

class-map match-all slb-vip
  2 match virtual-address 172.16.3.100 any

policy-map type management first-match remote-access
  class class-default
    permit

policy-map type loadbalance http first-match slb
  class class-default
    serverfarm web

policy-map multi-match client-vips
  class slb-vip
    loadbalance vip inservice
    loadbalance policy slb

interface vlan 30
  description "Client Side"
  bridge-group 3
  access-group input everyone
  service-policy input client-vips
  no shutdown

interface vlan 31
  description "Server Side"
  bridge-group 3
  service-policy input remote-access
  no shutdown

interface bvi 3
  ip address 172.16.3.5 255.255.255.0
  description "client - server bridge group"
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.3.1

Those servers need to point at the router in front of the ACE as the default gateway and the ACE will point at it as well.

Hope this helps!!!

Jorge

0 Helpful

axfalk1
Level 1
Level 1
In response to Jorge Bejarano

‎06-08-2012 06:01 AM

Thanks for your reply. I understand the rationale of pointing the back-end servers to the router as the default gateway, but can't think of any reason for doing the same for the ACE. Can someone please shed the light on this?

Thanks again...

0 Helpful

ajayku2
Cisco Employee
Cisco Employee
In response to axfalk1

‎06-09-2012 01:38 PM

Hello,

When you receive the packet on the VIP it forward the packet back to the server but when the reply comes back and then it change the server IP to VIP. So thats when it need routing to send the packet back to the client. That's the reason for default gateway.

So it's like this:

(Client IP -- VIP IP) >>[ ACE is between ] (Client IP -Server IP)

Return Packet

(Server IP - Client IP) >>[ ACE is between ] ( VIP IP - Client IP) Now ACE wants to route the packet to client. Thats when it need a route. So is the need for default gateway.

Hope that helps.

regards,

Ajay Kumar

0 Helpful

axfalk1
Level 1
Level 1
In response to ajayku2

‎06-10-2012 07:56 PM

Ajay, thanks for your response. Your example applies to  the ACE in routed mode. In this case, we're talking about the ACE in transparrent (Layer 2) mode, which is basically a device bridging 2 vlans. You wouldn't want to introduce a layer 2 IP address in this case, would you?

_ thanks...

0 Helpful

ajayku2
Cisco Employee
Cisco Employee
In response to axfalk1

‎06-11-2012 01:15 AM

Question:

Your example applies to  the ACE in routed mode. In this case, we're  talking about the ACE in transparrent (Layer 2) mode, which is basically  a device bridging 2 vlans. You wouldn't want to introduce a layer 2 IP  address in this case, would you?

Even in Layer 2 the same logic applies the VIP remains on ACE and it has to do destination NAT...

Lets say for example:

Client IP --- 10.10.10.10

VIP IP - 10.10.10.12

server IP - 10.10.10.14

Packet from client to VIP :

[10.10.10.10-10.10.10.12] >> ACE after making load balancing decision >> [10.10.10.10-10.10.10.14]

Response from Server :

[10.10.10.14-10.10.10.10]  ACE will intercept and change it [ 10.10.10.12-10.10.10.10 ]

In case if you dont need load balancing then yes for direct communication between server and client ACE does not need default gateway.

0 Helpful

axfalk1
Level 1
Level 1
In response to ajayku2

‎06-11-2012 06:01 AM

Ajay, having the ACE in transparrent or routed mode has no impact on the way it processes a packet. What sets apart these two modes is the fact that ACE doesn't route a packet when it's in the transparrent mode; - instead, it acts a a bridge and does Layer 2 processing. I have pleanty of functional configurations for the ACE SM being in transparrent mode and none of it has a default gateway for the ACE. Yet, it looks like Cisco's best practice requires a Layer 3 default gateway for the ACE configured in transparrent mode and I would like to understand the rationale for it.

Thanks..

0 Helpful

ajayku2
Cisco Employee
Cisco Employee
In response to axfalk1

‎06-11-2012 06:47 AM

I understand what you are willing to say:

till every client IP come with the same L2 subnet everything will work fine. As ACE will not require default gateway in those cases.  The issue will occur when the source of the packet is not local.

Say for example:

Client IP >> Firewall >> ACE >> server

Think of a scenerio when firewall forward a packet with destination NAT. ACE will perceive the source as a IP from different subnet so while sending the response it will need default route otherwise it will simply drop the packet saying no route found..

I think thats the reason why best practicerequires a Layer 3 default gateway for the ACE.

0 Helpful

axfalk1
Level 1
Level 1
In response to ajayku2

‎06-12-2012 08:51 AM

Sorry, I ammissing your point. But I am wondering if you would need a dfg if the ACE is initiating connections, like for FTP, TFTP, etc?

thanks..

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card