08-08-2011 09:48 PM - edited 08-28-2017 02:15 AM
In one-arm mode, you configure the ACE with a single VLAN that handles both client requests and server responses. For one-arm mode, you must configure the ACE with client-source network address translation (NAT) or policy-based routing (PBR) to send requests through the same VLAN to the server. For the remainder of this document, NAT is used for the traffic flows through the ACE.
One-arm mode on the ACE has the following configuration guidelines and limitations:
• Layer 2 rewrite is not supported.
•One-arm mode requires policy-based routing or source NAT.
ACE One-arm deployment (VLAN 903). Two servers for testing r1,r2 both of them are L2 connected to VLAN 903, the ACE VLAN 903 IP address is the default gateway for both servers. r2 is acting as the client and r1 is the servers.
Version:
The configuration shown in this document is created on ACE-20 module running A2(3.4) version software.
Common ACE Configuration:
rserver host r1
ip address 172.16.4.4
inservice
rserver host r2
ip address 172.16.4.5
inservice
serverfarm host sfarm1
rserver r1
inservice
rserver r2
inservice
class-map match-all ABMJ
2 match virtual-address 0.0.0.0 0.0.0.0 any
policy-map multi-match ABMJ-service
class ABMJ
loadbalance vip inservice
loadbalance policy ABMJ-policy
loadbalance vip icmp-reply
nat dynamic 20 vlan 903
interface vlan 903
ip address 172.16.4.2 255.255.255.240
alias 172.16.4.1 255.255.255.240
peer ip address 172.16.4.3 255.255.255.240
access-group input everyones
access-group output everyones
nat-pool 20 172.16.4.8 172.16.4.8 netmask 255.255.255.255
service-policy input remote-mgmt
service-policy input ABMJ-service
no shutdown
ARP Table:
================================================================================
IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status
================================================================================
172.16.4.1 00.0b.fc.fe.1b.03 vlan903 ALIAS LOCAL _ up
172.16.4.2 00.30.f2.75.f3.d9 vlan903 INTERFACE LOCAL _ up
172.16.4.3 00.30.f2.75.f4.01 vlan903 LEARNED 21 12504 sec up
172.16.4.4 00.50.56.80.16.c8 vlan903 RSERVER 18 286 sec up
172.16.4.5 00.50.56.80.3f.80 vlan903 RSERVER 17 286 sec up
172.16.4.6 00.50.56.80.31.e3 vlan903 GATEWAY 22 138 sec up
172.16.4.7 00.00.00.00.00.00 vlan903 LEARNED - * 1 req dn
172.16.4.8 00.0b.fc.fe.1b.03 vlan903 NAT LOCAL _ up
================================================================================
Test Configuration:
policy-map type loadbalance first-match ABMJ-policy
class class-default
forward
The routing table:
Destination Gateway Interface Flags
------------------------------------------------------------------------
0.0.0.0 10.66.85.1 vlan800 S [0xc]
55.55.55.55/32 172.16.4.6 vlan903 S [0xc]
ACE capture for client HTTP request toward 55.55.55.55:
0:50:56:80:3f:80 0:b:fc:fe:1b:3 0800 74: 172.16.4.5.38681 > 55.55.55.55.80: S 286227032:286227032(0)
0:b:fc:fe:1b:3 0:50:56:80:31:e3 0800 74: 172.16.4.8.38681 > 55.55.55.55.80: S 1067368602:1067368602(0)
0:50:56:80:3f:80 0:b:fc:fe:1b:3 0800 74: 172.16.4.5.38681 > 55.55.55.55.80: S 286227032:286227032(0)
0:b:fc:fe:1b:3 0:50:56:80:31:e3 0800 74: 172.16.4.8.38681 > 55.55.55.55.80: S 1067368602:1067368602(0)
0:b:fc:fe:1b:3 0:50:56:80:3f:80 0800 54: 55.55.55.55.80 > 172.16.4.5.38681: R 0:0(0) ack 286227033
0:b:fc:fe:1b:3 0:50:56:80:31:e3 0800 54: 172.16.4.8.38681 > 55.55.55.55.80: R 1067368603:1067368603(0)
Conclusion:
The ACE will use the routing table to forward the traffic and will keep the original destination IP address.
Test Configuration:
policy-map type loadbalance first-match ABMJ-policy
class class-default
serverfarm sfarm1
serverfarm host sfarm1
rserver r1
inservice
Show conn output:
ACE20-Rack3-Primary/Routed-c1-STATIC# show conn
total current connections : 2
conn-id np dir proto vlan source destination state
----------+--+---+-----+----+---------------------+---------------------+------+
13007 1 in TCP 903 172.16.4.5:60496 55.55.55.55:80 ESTAB
13008 1 out TCP 903 172.16.4.4:80 172.16.4.8:60496 ESTAB
ACE capture for client HTTP request toward 55.55.55.55:
0:50:56:80:3f:80 0:b:fc:fe:1b:3 0800 74: 172.16.4.5.60496 > 55.55.55.55.80: S 847445964:847445964(0)
0:b:fc:fe:1b:3 0:50:56:80:16:c8 0800 74: 172.16.4.8.60496 > 172.16.4.4.80: S 2018948849:2018948849(0)
0:50:56:80:16:c8 0:b:fc:fe:1b:3 0800 60: 172.16.4.4.80 > 172.16.4.8.60496: S 1281515174:1281515174(0) ack 2018948850
0:b:fc:fe:1b:3 0:50:56:80:3f:80 0800 60: 55.55.55.55.80 > 172.16.4.5.60496: S 110012289:110012289(0) ack 847445965
0:50:56:80:3f:80 0:b:fc:fe:1b:3 0800 60: 172.16.4.5.60496 > 55.55.55.55.80: . ack 1 win 5840 (DF) (ttl 64, id 54434, len 40)
0:b:fc:fe:1b:3 0:50:56:80:16:c8 0800 60: 172.16.4.8.60496 > 172.16.4.4.80: . ack 1 win 5840 (DF) (ttl 64, id 54434, len 40,
0:50:56:80:3f:80 0:b:fc:fe:1b:3 0800 60: 172.16.4.5.60496 > 55.55.55.55.80: P 1:6(5) ack 1 win 5840 (DF) (ttl 64, id 54435, len 45)
0:b:fc:fe:1b:3 0:50:56:80:16:c8 0800 60: 172.16.4.8.60496 > 172.16.4.4.80: P 1:6(5) ack 1 win 5840 (DF) (ttl 64, id 54435, len 45,
0:50:56:80:16:c8 0:b:fc:fe:1b:3 0800 60: 172.16.4.4.80 > 172.16.4.8.60496: . ack 6 win 5840 (DF) (ttl 64, id 47547, len 40)
0:b:fc:fe:1b:3 0:50:56:80:3f:80 0800 60: 55.55.55.55.80 > 172.16.4.5.60496: . ack 6 win 5840 (DF) (ttl 64, id 47547, len 40,
Conclusion:
The ACE will perform load balancing, then will forward the traffic to the server MAC address which has been selected and will translate the destination IP address to rserver's IP.
Catch-All with out-of-service non-transparent serverfarm:
Test Configuration:
policy-map type loadbalance first-match ABMJ-policy
class class-default
serverfarm sfarm1
serverfarm host sfarm1
rserver r1
Show serverfarm output:
ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm sfarm1
serverfarm : sfarm1, type: HOST
total rservers : 1
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: r1
172.16.4.4:0 8 OUTOFSERVICE 0 11 0
Show service-policy ABMJ-Service detail:
ACE20-Rack3-Primary/Routed-c1-STATIC# show service-policy ABMJ-service detail
Status : ACTIVE
Description: -----------------------------------------
Interface: vlan 903
service-policy: ABMJ-service
class: ABMJ
nat:
nat dynamic 10 vlan 800
curr conns : 0 , hit count : 155
dropped conns : 0
client pkt count : 17 , client byte count: 1292
server pkt count : 5 , server byte count: 380
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
nat dynamic 20 vlan 903
curr conns : 0 , hit count : 3
dropped conns : 1
client pkt count : 6 , client byte count: 305
server pkt count : 4 , server byte count: 164
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
VIP Address: Protocol: Port:
0.0.0.0 any
loadbalance:
L7 loadbalance policy: ABMJ-policy
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP state: OUTOFSERVICE
curr conns : 0 , hit count : 5
dropped conns : 4
client pkt count : 8 , client byte count: 425
server pkt count : 4 , server byte count: 164
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : ABMJ-policy
class/match : class-default
LB action: :
primary serverfarm: sfarm1
state: DOWN
backup serverfarm : -
hit count : 1
dropped conns : 0
ACE capture for client HTTP request toward 55.55.55.55:
0:b:fc:fe:1b:3 0:50:56:80:3f:80 0800 54: 55.55.55.55.80 > 172.16.4.5.60497: R 0:0(0) ack 1050506268 win 5840
Conclusion:
The ACE RST the connection as expected.
Test Configuration:
serverfarm host sfarm1
transparent
rserver r1
inservice
policy-map type loadbalance first-match ABMJ-policy
class class-default
serverfarm sfarm1
ACE capture for client HTTP request toward 55.55.55.55:
0:50:56:80:3f:80 0:b:fc:fe:1b:3 0800 74: 172.16.4.5.40474 > 55.55.55.55.80: S 1460790854:1460790854(0)
0:b:fc:fe:1b:3 0:50:56:80:16:c8 0800 74: 172.16.4.8.40474 > 55.55.55.55.80: S 0:0(0)
0:50:56:80:3f:80 0:b:fc:fe:1b:3 0800 74: 172.16.4.5.40474 > 55.55.55.55.80: S 1460790854:1460790854(0)
0:b:fc:fe:1b:3 0:50:56:80:16:c8 0800 74: 172.16.4.8.40474 > 55.55.55.55.80: S 0:0(0)
0:b:fc:fe:1b:3 0:50:56:80:3f:80 0800 54: 55.55.55.55.80 > 172.16.4.5.40474: R 0:0(0) ack 1460790855
0:b:fc:fe:1b:3 0:50:56:80:16:c8 0800 54: 172.16.4.8.40474 > 55.55.55.55.80: R 1:1(0)
Conclusion:
The ACE will perform load balancing, then will forward the traffic to the server MAC address which has been selected and will keep the original destination IP address the same.
Test Configuration:
serverfarm host sfarm1
transparent
rserver r1
policy-map type loadbalance first-match ABMJ-policy
class class-default
serverfarm sfarm1
Show serverfarm output:
ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm sfarm1
serverfarm : sfarm1, type: HOST
total rservers : 1
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: r1
172.16.4.4:0 8 OUTOFSERVICE 0 11 4
ACE capture for client HTTP request toward 55.55.55.55:
0:b:fc:fe:1b:3 0:50:56:80:3f:80 0800 54: 55.55.55.55.80 > 172.16.4.5.40475: R 0:0(0) ack 1740604511
Conclusion:
The ACE RST the connection as expected.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: