diro Mon, 10/08/2007 - 22:34
User Badges:
  • Bronze, 100 points or more

Looks OK, but why the msfc on the server side since your using the ace as dg?

danger_mousie Wed, 10/10/2007 - 03:03
User Badges:

I'm not sure how I will set up the VLANs yet. And now they are going to add a FWSM into the 6509. Can you explain how the VIP, which appears to be nothing more than a class-map, can live on 2 ACEs? How is this advertised to the network?

danger_mousie Wed, 10/10/2007 - 05:06
User Badges:

Thanks, I have read that (well most of it). I believe my lack of understanding is in the relationship between the class map that defines the VIP and the VLANs/Routing Protocols that are on the ACE and 6500 Sup.

How is this address sitting in a class-map getting advertised out to the core, from 2 different sites, and the Active one being chosen? If this is explained in the above link, feel free to tell me to rtfm. :)

diro Wed, 10/10/2007 - 05:35
User Badges:
  • Bronze, 100 points or more

You have a vlan on the supervisor in between your msfc and ace. If the msfc does routing for that vlan interface then anyone can connect to that vlan. So everyone can connect to the ace. The ace uses hsrp/vrrp to make sure only one address is active on one context/box like on routers. A classmap vip you should compare with an interface but only virtual.

danger_mousie Fri, 10/12/2007 - 04:41
User Badges:

So, I must configure a vlan that goes between the MSFC and the ACE, and another between the ACE and the servers? If I create this second VLAN for use on the back end only, (ACE-servers, with an IP on the ACE) will the 6500 see it as directly connected? I ask because I don't think I want to advertise these reals out on OSPF for security reasons. So if i redistribute connected, I only want to pick up VIPs. But, how does a VIP get advertised when it is only in a class-map? Along the same lines...

I must configure HSRP on the ACEs? How can HSRP poll a virtual address that only exists in a class map?

diro Fri, 10/12/2007 - 04:57
User Badges:
  • Bronze, 100 points or more

all ip adresses you configure on the ace are not distributed in routing. So if you have an ip address on yhe ace on the server side then this is not distributed by ospf. BTW you do not distribute yhe vips but the network that connects inbetween the ace and the msfc.

HSRP does not poll the virtual address. What you do is setup a ft (fault-tollerant) vlan ont that vlan there is a hearbeat sent by the active box if something goes wrong then the active box stops sending heartbeats and shuts the virtual adresses, at that time the backup activates his virtual adresses and start sending out a heartbeat.

danger_mousie Sun, 10/14/2007 - 02:06
User Badges:

What if the ACE is fine, but has lost access to a serverfarm? I will have many serverfarms off 1 ace, with a duplicate set up on another site. What if one blade enclosure on the primary site fails and needs to go to the secondary. How would the ft group detect this?

danger_mousie Sun, 10/14/2007 - 02:12
User Badges:

I know that he ACE will take the server out of service when the health probes fail, but how does the network know to target the server on the other site?

diro Sun, 10/14/2007 - 02:53
User Badges:
  • Bronze, 100 points or more

no you will then need to use a redirect

danger_mousie Mon, 10/15/2007 - 01:44
User Badges:

I will read up on that, thanks. I think it's about time i gave you a point! If I have more questions I will start a new thread.

danger_mousie Mon, 10/15/2007 - 02:54
User Badges:

I'm sorry diro, i don't have the option to say you resolved this issue. :( The box is gone and there is no tech support for the forum that i can find.

Correct Answer
diro Mon, 10/15/2007 - 04:58
User Badges:
  • Bronze, 100 points or more

no prob

Actions

This Discussion