Class-maps used for load balancing on ACE

opc.perera · ‎03-26-2007

I am from CCS background and am trying to understand how the VIPs could be configured on an ACE module (using class maps).

I am looking for specific information for the following :

1. Will each VIP have a corresponding Service-policy on the VLAN Interface or can we club many VIPs (through policy-maps) onto a single service-policy entry on teh interface?

2. I could not find any cisco doco with the configuration examples for more than one VIP address and would please like to know some examples, if possible or could some one direct me to a doco with many VIP entries ?

- Should each VIP have a seperate class-map or can list them together?

Syed Iftekhar Ahmed · ‎03-31-2007

You will have to configure L3/L4 class-maps for corresponding VIPs. You just need a single policy with n class-maps for n VIPS.

I am writing a sample that will hopefully help you on this

class-map match-all app1-vip

match virtual-address 10.1.1.1 tcp eq 80

class-map match-any app2-vip

match virtual-address 10.1.1.2 tcp eq 443

policy-map type loadbalance first-match L7app1

class class-default

server-farm App1-farm

policy-map type loadbalance first-match L7app2

class class-default

server-farm App2-farm

policy-map multi-match All-vips

class app1-vip

loadbalance vip inservice

loadbalance policy L7app1

loadbalance vip icmp-reply active

class app2-vip

loadbalance vip inservice

loadbalance policy L7app2

loadbalance vip icmp-reply active

int vlan 100

ip address 10.10.10.101 255.255.255.0

service-policy input All-vips

Syed Iftekhar Ahmed

opc.perera · ‎04-01-2007

Many Thanks Syed.

The sample configuration helped clear a number of doubts I had.

How about NAT-ting please?

1. On 11506es, we can NAT incoming source to VIP and address, How do we do that on ACE?

2. The server source IP address can be NAT-ted to the VIP IP address for outbound Server traffic.

Please, how could we do these on the ACE module?

Syed Iftekhar Ahmed · ‎04-01-2007

On ACE Vip addresses cannot be used with NAT. You need to use other available addresses. In Previous Cisco LB products, NAT was configured on server farm basis. In ACE you configure nat on VLAN basis.

1. On the ACE Source Nat is configured as part of a policy map, and the flexibility is only based on the L4 VIP and the output VLAN

class-map nat

match destination-address

policy-map multi-match nat

class nat

nat dynamic 111 vlan

int vlan

service-policy input nat

int vlan

nat-pool 111 192.168.1.12 192.168.1.12 netmask 255.255.255.0

2. For server initiated connection you can have similar configuration with nat pool defined on egress vlan interface (client side) & policy applied on ingress vlan interface (server side).

In ACE you dont necessarily need NAT for server initiated connection ,provided static routes on the upstream router are configured to guarantee that return traffic has a path back to the server subnets.

hope it helps

Syed Iftekhar Ahmed

opc.perera · ‎04-03-2007

Many Thanks Syed.

Your samples cleared a lot of doubt I had and Many Thanks again.