cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4566
Views
0
Helpful
5
Replies

How to Virtual IP configuration in ACE module?

rachitdholakia
Level 1
Level 1

Hi,

I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module.

I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.

Can anybody please post the steps/commands to perform this activity? An early response would be appreciated.

Regards,

Rachit.

5 Replies 5

Cesar Roque
Level 4
Level 4

Hi Rachit,

Here is a basic configuration example:

access-list Allow_Access line 10 extended permit ip any any

rserver host test

  ip address 10.198.16.98

  inservice

rserver host test2

  ip address 10.198.16.93

  inservice

serverfarm host test

  rserver test 80

    inservice

  rserver test2 80

    inservice

sticky http-cookie test group2

  cookie insert

  serverfarm test

class-map match-all VIP

  2 match virtual-address 10.198.16.122 tcp eq www

  policy-map type loadbalance first-match test

  class class-default

    sticky-serverfarm group1

policy-map multi-match clients

  class VIP

    loadbalance vip inservice

    loadbalance policy test

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 112

interface vlan 112

  ip address 10.198.16.91 255.255.255.192

  access-group input Allow_Access

  nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

  service-policy input NSS_MGMT

  service-policy input clients

  no shutdown

ip route 0.0.0.0 0.0.0.0 10.198.16.65

Here is the configuration guide:

http://tools.cisco.com/squish/101AD

----------------------------------------

Cesar R

--------------------- Cesar R ANS Team

Hi Cesar,

Many thanks for your reply.

I did the configuration and it is working (may be parially) now. I still have few questions so if you can help please.

1) I did not have aby Virtual IP configured for ACE30 module on which i am working on. Is following command responsible for creating/configuring Virtual IP address for ACE module?

nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

If not, what this command exactly does?

2) I have configured round robin predictor for my configuration that contains 4 rservers, each with equal weight value. The configuration is for http loadbalancing. What i was expecting is that when i open browser 4 times, every time it will go to new server. But, instead of that, it follows random pattern like it goes to one server couple of times and then goes to another server and so on. Also, if i just refresh in the same browser, it stays on the same server. Is it expected behavior? Is it something which need to do in my http cookie settings or some other setting in my browser which opens http connections?

Regards,

Rachit.

Hi Rachit,

About your first question, this is the line that define the VIP address:

class-map match-all VIP

  2 match virtual-address 10.198.16.122 tcp eq www

This line is for natting purpose, it could be to NAT the source address of the clients:

nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

About your second question, yes the behavior you mentioned is normal.  If you refresh the page in the same browser the client will go to the same server because is using the same session.  

-----------------------------------

Cesar R

--------------------- Cesar R ANS Team

Hi Cesar,

Thanks.

Is NAT really mandatory for this configuration to work?

I removed "nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat" configuration from interface and removed "nat dynamic 1 vlan 112" from policy-map but then loadbalancing configuration didn't work.

Regards,

Rachit.

Hi Rachit,

Is not mandatory because there are other ways to make it work.  The problem basically is that if you don't use the nat, the servers can see the real client IP address, so when the server sends the response back if there is a L3 device between the ACE and the servers it will try to send the traffic directly to the client bypassing the ACE. Meaning an assymetric flow.

When you use the nat the source IP address will be the nat-pool, so the server will send the response back to the ACE and then the ACE will send it back to the client.

There are other topologies where the nat is not needed like Route Mode or One-Armed mode where there is only a L2 devices between the ACE and the servers, that way the traffic has to come back to the ACE because is the only path

--------------------------------

Cesar R

--------------------- Cesar R ANS Team

Review Cisco Networking for a $25 gift card