11-07-2010 11:47 PM
Hi,
I am designing a data centre with VSS, FWSM & ACE. I am using the design guide below as a start point, using the red service chain.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/ACE_FWSM.html
my topology will be routed access with transparent contexts, so;
client -> MSFC -> Trans FWSM -> Trans ACE -> VRF - > Rservers subnets A & B.
I will be using RHI to advertise the VIPs to the MSFC. The VRF and MSFC will use OSPF to propagate reach-ability.
my questions are:
1) can I use any IP address range for the VIP, or does it have to be part of the subnet that the ACE BVI is in?
2) what IP address does the MSFC see as the next hop for the RHI advertised VIP?
3) how does the ACE know where to send the Rserver probes, do I need static routes in ACE to Rserver subnets A & B?
4) likewise for LB traffic that hits the VIP, how is it forwarded?
5) can I provide SLB between Rserver subnet A and B, by using a new VIP in the ACE BVI range and source NAT, eg is this a supported config?
Thanks in advance!
Lee.
Solved! Go to Solution.
11-08-2010 02:49 AM
Hi Lee,
Let me reply you in line:
1) can I use any IP address range for the VIP, or does it have to be part of the subnet that the ACE BVI is in?
Yes, you can use any subnet, of course you must have a route to reach the rservers.
2) what IP address does the MSFC see as the next hop for the RHI advertised VIP?
It will be either the alias IP defined in the interface VLAN of the ACE if it exists, or its IP address if no alias is available.
3) how does the ACE know where to send the Rserver probes, do I need static routes in ACE to Rserver subnets A & B?
either static routes or a gateway.
4) likewise for LB traffic that hits the VIP, how is it forwarded?
normally it uses the client IP as source and the destination IP of the rserver if you are not natting. Not sure if this answers your question.
5) can I provide SLB between Rserver subnet A and B, by using a new VIP in the ACE BVI range and source NAT, eg is this a supported config?
yes it is.
Hope this helps,
/dom
11-08-2010 02:49 AM
Hi Lee,
Let me reply you in line:
1) can I use any IP address range for the VIP, or does it have to be part of the subnet that the ACE BVI is in?
Yes, you can use any subnet, of course you must have a route to reach the rservers.
2) what IP address does the MSFC see as the next hop for the RHI advertised VIP?
It will be either the alias IP defined in the interface VLAN of the ACE if it exists, or its IP address if no alias is available.
3) how does the ACE know where to send the Rserver probes, do I need static routes in ACE to Rserver subnets A & B?
either static routes or a gateway.
4) likewise for LB traffic that hits the VIP, how is it forwarded?
normally it uses the client IP as source and the destination IP of the rserver if you are not natting. Not sure if this answers your question.
5) can I provide SLB between Rserver subnet A and B, by using a new VIP in the ACE BVI range and source NAT, eg is this a supported config?
yes it is.
Hope this helps,
/dom
11-08-2010 03:49 AM
Hi Dom,
Thanks for the response. All good answers, which help this design!
I will clarify question 4 a little for you - I am confused as to how ACE knows how to reach the Rserver subnets as they are not adjacent, as all the literature suggests that no static routes are needed in bridged ACE (apart from mgmt traffic routes).
I assume that with a VRF routed backend between ACE and the Rservers then ACE will need static routes to reach those subnets via the VRF next hop? I just want to clarify that is the case, as this means although the ACE is bridging, it is also making routing decisions?
is that about right?
Cheers,
Lee.
11-08-2010 12:40 PM
You are right Lee,
If you need the Rserver to be in a different subnet, then the ACE must know the gateway to reach them.
Possibly you may put the SVI configured in the catalyst as gateway.
However when the rserver will reply back, you might need a PBR on the catalyst to forward back to the ACE.
Have a look at this doc here if you wish, I find it very interesting:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/ACE_FWSM.html
Hope this helps,
/dom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide