Ace in Bridge Mode

flanzelotti · ‎04-08-2011

Hello Guys,

Next week I will implement ACE module and I would like undertanding some question when ACE is in:

1. Bridge mode.

Since default route from server mustn't be ACE, how will be proccess symetrical routing to VIP and routing to real Ip address of the server? Do I need use NAT on ACE?

2. Routed mode:

How can i handle traffic to VIP and Serverfarm real ip address keeping symmetrical routing for both cases?

Thanks for Help.

mwinnett · ‎04-14-2011

1: You just need to ensure that the servers are on the opposite side of the ace context to their default gateway such that the return traffic from the servers pass though the ace. eg: Ace bridges vlans 100 & 200, vlan 100 is on client side with server default gateway and and vlan 200 is where the servers are located. Check "show arp" output to be sure of correct location. Adding client nat is not required.

2: Same as above really. The ace will permit connections to non-vip servers. However, if the return traffic is not going through the ace, then I think that you will need to disable normalisation on the interfaces. However, I suspect that such a design will be fraught with issues. If you really wanted to do this, then you would need to put client nat for the vip traffic.

The bottom line is; servers in the inside with the only return path back through the ace to the default gateway on the outside.

Matthew

flanzelotti · ‎04-14-2011

Hi Matthew,

According that My choice will be "Bridge Mode". In my point of view this design is easier than "Routed Mode" and I don't need to use NAT.

Thanks for Help.

Fabiano