Using the same vlan/subnet for Server and Client Side

moorepl · ‎10-12-2011

Hi All

I had configured a LB group on ACE-4710 with an outside VIP and inside real addresses in the server farm. This was all working fine but now client wants to connect in over MPLS using one of the real server IPs as the VIP on the client side.

I tried to set this up by applying a /32 mask to to client side, but I keep getting a mismatch when I try to configure the vlan, saying it is overlapping with my server side vlan.

Is there an easy way around this ? I was looking at the options and thought BVI instance would work, but can't go playing around with this as it's live.

Any ideas ?... As I said, I want to use an address on the client side, that is already configured on the server side.

Thanks in advance for any help guys.

Mooey

Surya ARBY · ‎10-12-2011

No easy solution, I guess your problems come from the fact that the requests don't come physically into the VLAN interface where the service policy is applied, but instead is being routed by the forwarding engine to a VIP which is seen as local from the control plane.

You'll have to use another address on the internal side, one easy way to do this can be using DNS views to reply with the internal IP address in the DNS instead of the external one.

Valeriu Filipescu · ‎10-20-2011

Try this:

http://etherealmind.com/cisco-ace-load-balance-stick-source-nat-part-2/

Works for me (attention to nat - is mandatory - I use also free addres from the same subnet for dynamic nat to force packet to come back through ACE)