Cisco ACE modules support virtualized architecture to increase datacenter scalability. You can create upto 250 virtualized contexts on an ACE module. Each context behaves like an independent ACE appliance with its own policies, interfaces, domains, server farms, real servers, and administrators. You can divide each context into multiple partitions called domains, which allow you to manage user access to the objects within a context. ACE modules are usually put in failover configuration to increase reliability.
Failover is not working properly. ACE modules in failover pair may end up both in active state for some context. L2 connectivity, like arp resolution, works but L3 connectivity is an issue.
Each peer appliance in a redundant group can contain one or more fault-tolerant (FT) groups. Each FT group consists of two members: one active context and one standby context. When a switchover occurs, the active member in the FT group becomes the standby member and the original standby member becomes the active member. The ACE uses the heartbeat to probe the peer ACE, rather than probe each context. Cisco ACE replicates flows on the active FT group member to the standby group member per connection for each context. Note that the ACE does not replicate SSL and other terminated (proxied) connections from the active context to the standby context.
Surge in normal user traffic may cause the resource manager to drop the Admin traffic if no reservation is configured for the Admin context. When Admin traffic gets dropped the secondary assumes that primary failed and becomes active; although the primary is still active and has not failed. The drops can be seen in the following output
Check the resource allotted to the admin context. The problem happens when there is very little or no resources allotted to the admin context, which causes issues when there is heavy load. When all resources are reserved on the ACE by the members of the resource group, this leaves the Admin context, which is not configured in a resource group, without resources. Allocating resources to Admin context will resolve the issue.
We have the following topology [attached]
1. Do we must use switch profile in order the N9Ks will sync between each other ?
2. Is switch profile supported in N9K-93180 ? because all of the white papers I can see are very old and tal...
I’m new to ACI. So where I’m at, I have connected up 2 Leafs in VPC to my 2960 switch. By that I am able to see is CDP traffic on the 2960 to the leafs. What I’m not getting is how do I get the VLAN on the 2960 to the ACI environment? I’ve looked up tons ...
Hi sorry disturb here, this is my first time post here. i am learning ACI, but now we dont have a good simulator which can be ran on EVENG or VM or GNS3, APIC simulator just for us practice the function of button, and there is no traffic pa...
Hello,We're using a Network Centric ACI Fabric VLANs = BD-EPG (1:1)Most EPGs are members of the Preferred GroupsWe're single Tenant and Single VRF fabric. Policy Enforcement is set to enabled. Policy enforcement direction is set to Ingress. The default. W...
Hi,I have the below setup Here vpc running between leaves also ( vpc 200) switches also . I am not sure this is ideal design The problem is s1 is down srv1 will not send the traffic Please help ...