Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1504
Views
0
Helpful
7
Replies

Need help with initial ACE 4710 config

Go to solution
dclee
Level 1
Level 1

‎10-20-2010 11:25 AM

Hoping someone can point me in right direction to config guide etc..

Essentially I have 2 Exchange servers on vlan 10.

I want to use the 4710 to sit in front of them and load balance between the 2 servers.

The 4710 and the 2 servers are on the same vlan.

I have configured a VIP, the 2 real servers and the the server farm. Everything appears to be inservice.

Any help would be appreciated.

Cheers


Dave

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pablo
Cisco Employee
Cisco Employee

‎10-20-2010 12:57 PM

Hi Dave,

If you have a one-armed design then you require Source NAT to get things working

policy-map type loadbalance http first-match Exchange-PM
  class class-default
    serverfarm Exchange

policy-map multi-match LB
  class Exchange-VIP
    loadbalance vip inservice
    loadbalance policy Exchange-PM
    loadbalance vip icmp-reply active
   nat dynamic 1 vlan 10

interface vlan 10
  ip address 10.10.10.2 255.255.255.0
  access-group input Any
nat-pool 1 10.10.10.10 10.10.10.10 netmask 255.255.255.0 pat
  service-policy input MGMT
  service-policy input LB

  no shutdown

You can use the VIP address or any other available IP address no NAT the request.

HTH

__ __

Pablo

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Pablo
Cisco Employee
Cisco Employee

‎10-20-2010 12:57 PM

Hi Dave,

If you have a one-armed design then you require Source NAT to get things working

policy-map type loadbalance http first-match Exchange-PM
  class class-default
    serverfarm Exchange

policy-map multi-match LB
  class Exchange-VIP
    loadbalance vip inservice
    loadbalance policy Exchange-PM
    loadbalance vip icmp-reply active
   nat dynamic 1 vlan 10

interface vlan 10
  ip address 10.10.10.2 255.255.255.0
  access-group input Any
nat-pool 1 10.10.10.10 10.10.10.10 netmask 255.255.255.0 pat
  service-policy input MGMT
  service-policy input LB

  no shutdown

You can use the VIP address or any other available IP address no NAT the request.

HTH

__ __

Pablo

0 Helpful

Go to solution
dclee
Level 1
Level 1
In response to Pablo

‎10-21-2010 06:38 AM

Thanks for the reply and I understand the need for source nating...but was hoping someone could provide me a sample

walk thru of a 1 armed scenario ?

Cheers

Dave

0 Helpful

Go to solution
Pablo
Cisco Employee
Cisco Employee
In response to dclee

‎10-21-2010 06:44 AM

Morning Dave,

Gotcha, you're looking for something like this

http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example

I've attached a configuration chapter that walks you through the one-arm mode configuration and all its requirements.

HTH

__ __


Pablo

Preview file
177 KB
0 Helpful

Go to solution
dclee
Level 1
Level 1
In response to Pablo

‎10-21-2010 07:15 AM

Thanks Pablo

I noticed its for the ACE module, does this config also work for the stand alone 4710 appliance ?

From a best practice perspective, is it best to put the ACE VIP on a seperate routed VLAN ?

I notice the network diagram has the ACE on VLAN 50 and the servers on VLAN 51 with the MSFC routing between the 2.

Or can I have both the ACE physical and VIP on the same subnet as my server farm ?

Cheers


Dave

0 Helpful

Go to solution
Pablo
Cisco Employee
Cisco Employee
In response to dclee

‎10-21-2010 08:24 AM

Dave,

Yup the configuration lines on the module and the appliance are indentical, I think more of the docs are module oriented because of the sell numbers


From a best practice perspective, is it best to put the ACE VIP on a seperate routed VLAN ?

Not really the design that you want to implement depends on what's already setup on your environment, regardless of the mode that you want to go with Bridged/One-Armed/Routed you can expect same load balancing performance, for example clients would not go with One-Armed mode if they need to avoid client NAT for auditing purposes or something.

I notice the network diagram has the ACE on VLAN 50 and the servers on VLAN 51 with the MSFC routing between the 2./Or can I have both the ACE physical and VIP on the same subnet as my server farm ?

That's a Cisco's different (weird) sketch for a one-armed design, the diagram that commonly you see is like this

http://img526.imageshack.us/i/onearmed.jpg/

Absolutely you can have ACE/VIP/Servers on the same VLAN as long as source NAT is in place LB should work flawlessly =)

HTH

__ __

Pablo

0 Helpful

Go to solution
dclee
Level 1
Level 1
In response to Pablo

‎10-21-2010 12:11 PM

Thanks Pablo, your help is much appreciated

So far I have gotten the load balancer working with 2 servers

in a server farm.

Cheers

Dave

0 Helpful

Go to solution
Pablo
Cisco Employee
Cisco Employee
In response to dclee

‎10-21-2010 06:49 PM

Sweeeet! Great to hear the info was useful to get things on the right track

Have a nice one!

__ __

Pablo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents