02-25-2008 02:15 AM
i tried this configuraion for load balance all tcp traffic to waas in datacenter and it worked
ACE(config)# class-map match-any ALL-TCP
ACE(config-cmap)# 10 match virtual-address 0.0.0.0 0.0.0.0 tcp any
ACE(config-cmap)# exit
ACE(config)# policy-map type loadbalance first-match TCP-POLICY-TYPE
ACE(config-pmap-lb)# class class-default
ACE(config-pmap-lb-c)# serverfarm WAAS
ACE(config-pmap-lb-c)# exit
ACE(config)# policy-map multi-match WAAS-INTERCEPT
ACE(config-pmap)# class ALL-TCP
ACE(config-pmap-c)# loadbalance vip inservice
ACE(config-pmap-c)# loadbalance policy TCP-POLICY-TYPE
ACE(config-pmap-c)# exit
the question now i do not want to redirect all tcp traffic of datacenter i want to deny some traffic from being intercepted so i think the solution
in make class-map ALL-TCP to match access-list (not virtual-address) do you think it will work or have any limitation for that
the new configuration "that i want to apply"
ACE(config-pmap-c)ip access-list extn all-tcp
ACE(config-pmap-c)permit tcp any any
ACE(config-pmap-c)exit
ACE(config)# class-map match-any ALL-TCP
ACE(config-cmap)# 10 match access-group all-tcp
ACE(config-cmap)# exit
ACE(config-pmap-c)policy-map type loadbalance first-match TCP-POLICY-TYPE
ACE(config-pmap-c)class class-default
ACE(config-pmap-c)serverfarm WAAS
ACE(config-pmap-c)exit
ACE(config-pmap-c)policy-map multi-match WAAS-INTERCEPT
ACE(config-pmap-c)class ALL-TCP
ACE(config-pmap-c)# loadbalance vip inservice
ACE(config-pmap-c)# loadbalance policy TCP-POLICY-TYPE
ACE(config-pmap-c)# exit
02-29-2008 07:51 AM
you have to confirm that, you are running WAAS version 4.0.13, correct. If it is incorrect please install it.Please make sure that the EPM Adaptor is disabled through the CLI on each WAE. In the waas-ace design guide the traffic flow is from client to rserver
with a redirect to a wae-farm in the middle. for traffic leaving the waas interface that does not match a service policy to be load-balanced, ace would just route it. then would the mac-sticky which is associated with that outbound connection cause the return traffic to come back to the same wae, even though it is not a defined rserver endpoint?
02-29-2008 08:29 AM
Usama,
You can create another wildcard VIP that matches the ports you want to bypass, then set and action of 'forward' in the loadbalance policy map for that traffic.
Zach
03-04-2008 08:50 AM
You will need to create a HTTP loadbalance classmap to match the source address of this traffic. The configuration would look something like this:
class-map match-all TCP_ANY
2 match virtual-address 0.0.0.0 tcp any
class-map type http loadbalance match-any ROUTE
2 match source-address 1.1.1.0 255.255.255.0
policy-map type loadbalance first-match TCP-POLICY-TYPE
class ROUTE
forward
class class-default
serverfarm WAAS
policy-map mulit-match WAS-INTERCEPT
class TCP_ANY
loadbalance policy TCP-POLICY-TYPE
loadbalance vip inservice
Due to the nature of the WAAS traffic, you will also need to turn on mac-sticky on the and disable TCP normalization on the interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide