02-09-2011 01:41 PM
I believe this is sort of a one armed mode configuration
We have servers that are on the same LAN as the configured rservers
all these servers use the vlan interface of the ACE as a default gatway
We would like the server to use a configured VIP to hit the rservers that are in the VIP serverfarm
I configured dynamic nat on the class 3 class map for the vip-however this does not seem to be working
servers are on vlan 712---172.20.222.5, 222.6...rserver configured on ACE 222.10, 222.12
(222.5 and .6 will hit VIP--which is associated with rservers 222.10 and .12)
interface vlan 712
ip address 172.20.222.3 255.255.255.0
alias 172.20.222.1 255.255.255.0
peer ip address 172.20.222.2 255.255.255.0
no normalization
access-group input any
service-policy input ALLOW_ICMP_POLICY
no shutdown
the following was configured
class-map match-all MYCUSTOMER-VIP
2 match virtual-address 172.20.200.35 tcp eq www
class MYCUSTOMER-VIP
loadbalance vip inservice
loadbalance policy ACTIVECARETEAM-VIP
loadbalance vip icmp-reply active
nat dynamic 712 vlan 712
interface vlan 712
ip address 172.20.222.3 255.255.255.0
alias 172.20.222.1 255.255.255.0
peer ip address 172.20.222.2 255.255.255.0
no normalization
access-group input any
nat-pool 712 172.20.222.60 172.20.222.60 netmask 255.255.255.0 pat
service-policy input ALLOW_ICMP_POLICY
no shutdown
interface vlan 722
ip address 172.20.200.4 255.255.255.0
alias 172.20.200.10 255.255.255.0
peer ip address 172.20.200.5 255.255.255.0
no normalization
access-group input any
nat-pool 722 172.20.200.20 172.20.200.20 netmask 255.255.255.0 pat
service-policy input VIPs
service-policy input ALLOW_ICMP_POLICY
no shutdown
the translation is working from outside the
vlan..i.e i see translation when i try and hit the vip...but it is not working from within the same vlan
this is from my desktop
ACE3-apptier# sh xlate
TCP PAT from vlan722:172.20.90.70/2966 to vlan712:172.20.222.60/1028
Solved! Go to Solution.
02-09-2011 08:12 PM
Hi,
With your VIP in vlan 722, you will need to Route traffic upstream from Reals which are in vlan 712 to VIP. A simpler
solution will be to create a New VIP which belongs to Vlan 712 (172.20.222.x) and apply it to Interface Vlan 712
Example:
class-map match-all New-VIP-Vlan712
2 match virtual-address 172.20.222.x tcp eq www
Policy-map multi-match Real-Policy-VIP
class Real-Loadbalancing
loadbalance vip inservice
loadbalance policy Real-Loadbalancing-Policy
loadbalance vip icmp-reply active
nat dynamic 712 vlan 712
interface vlan 712
ip address 172.20.222.3 255.255.255.0
alias 172.20.222.1 255.255.255.0
peer ip address 172.20.222.2 255.255.255.0
no normalization
access-group input any
nat-pool 712 172.20.222.60 172.20.222.60 netmask 255.255.255.0 pat
service-policy input Real-Policy-VIP <--- Apply it on Interface Vlan 712
service-policy input ALLOW_ICMP_POLICY
no shutdown
Let me know if this helps,
Best Regards,
Rahul
02-09-2011 03:25 PM
Hi,
Can your real servers 222.5 and 222.6 ping VIP address 172.20.200.35?
If its ok with you, you can give the VIP an vlan 712 address '172.20.222.x' and apply it on interface vlan 712. With current config, real servers on vlan 712 will need to be routed upstream to reach vip on vlan 722 before they can be loadbalanced on vlan 712.
Best Regards,
Rahul
02-09-2011 07:03 PM
hello rvavale-
no the servers can not ping the VIP..i assume this is becuase the NATing is associated with the Layer 3 class
map and this is directly associated with port 80
the servers can not telnet to port 80 on the VIP either..but I can from my desktop..and I do get translated
I would assume the flow would be
servers hit the vip...get nat'd with the .60 address which is only on the ace..
these get load balanced to the rservers on the same subnet...the rservers through arp
see the .60 address on the ACE and send it back to the ace
(one question would be is if there is an arp address associated with NAT)
The ace than "un" nats and sends it back to the servers..
on option i though of was nating to a pool on the interface but changing the pool to a "random" network..i.e 172.20.111.x
so the rservers would know that this ip is not on the same layer 2 lan and send it back to its default gw...the ACE
would this work?
I see that NAT does produce an arp address on the interface
172.20.222.60 00.0b.fc.fe.1b.02 vlan712 NAT LOCAL
Total arp entries 27
ACE3-apptier# sh arp | inc 1b.02
172.20.200.10 00.0b.fc.fe.1b.02 vlan722 ALIAS LOCAL _ up
172.20.200.20 00.0b.fc.fe.1b.02 vlan722 NAT LOCAL _ up
172.20.200.31 00.0b.fc.fe.1b.02 vlan722 VSERVER LOCAL _ up
172.20.200.32 00.0b.fc.fe.1b.02 vlan722 VSERVER LOCAL _ up
172.20.200.33 00.0b.fc.fe.1b.02 vlan722 VSERVER LOCAL _ up
172.20.200.34 00.0b.fc.fe.1b.02 vlan722 VSERVER LOCAL _ up
172.20.200.35 00.0b.fc.fe.1b.02 vlan722 VSERVER LOCAL _ up
10.11.20.30 00.0b.fc.fe.1b.02 vlan120 NAT LOCAL _ up
172.20.222.1 00.0b.fc.fe.1b.02 vlan712 ALIAS LOCAL _ up
172.20.222.60 00.0b.fc.fe.1b.02 vlan712 NAT LOCAL _ up
02-09-2011 08:12 PM
Hi,
With your VIP in vlan 722, you will need to Route traffic upstream from Reals which are in vlan 712 to VIP. A simpler
solution will be to create a New VIP which belongs to Vlan 712 (172.20.222.x) and apply it to Interface Vlan 712
Example:
class-map match-all New-VIP-Vlan712
2 match virtual-address 172.20.222.x tcp eq www
Policy-map multi-match Real-Policy-VIP
class Real-Loadbalancing
loadbalance vip inservice
loadbalance policy Real-Loadbalancing-Policy
loadbalance vip icmp-reply active
nat dynamic 712 vlan 712
interface vlan 712
ip address 172.20.222.3 255.255.255.0
alias 172.20.222.1 255.255.255.0
peer ip address 172.20.222.2 255.255.255.0
no normalization
access-group input any
nat-pool 712 172.20.222.60 172.20.222.60 netmask 255.255.255.0 pat
service-policy input Real-Policy-VIP <--- Apply it on Interface Vlan 712
service-policy input ALLOW_ICMP_POLICY
no shutdown
Let me know if this helps,
Best Regards,
Rahul
02-11-2011 06:44 PM
yep.thxx!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide