Basic ACE Design Question

nyr.hakeem-habeeb · ‎12-11-2007

Hi All,

In the network layout below, does the ACE need to be setup in a routed mode to work? can it be also be setup in a bridged mode in this scenario?

Network Cloud <--> Firewall <--> ACE <--> Router <--> Server Farm.

Any refences would also be greatly appreciated.

Thanks in advance.

HH

Gilles Dufour · ‎12-13-2007

you can always chose between routed or bridged mode. This is also true for your case.

Gilles.

nyr.hakeem-habeeb · ‎12-27-2007

Hi Giles,

Thank you for your response.

I was under the impression that if redirection is being done at layer-2 (aka bridged mode) then server's need to be layer-2 adjacent with the Load-Balancer. Is this not applicable to the ACE?

I would greatly appreciate more clarity on this.

Thank you in advance.

Nayyar

Gilles Dufour · ‎12-29-2007

you only need the server adjacent if you do transparent loadbalancing. Which means you do not nat the virtual ip to the server ip.

Instead the servers are configured with a loopback ip address the same as the vip on the loadbalancer.

You can always bridge between 2 vlans and this is possible in your case.

However, I don't see the need to insert a router between the ace module and the servers.

Can't you have the ace module inserted between the router and the servers ?

Or get it rid of the router and have the servers directly connected to the ACE vlan and using the firewall as gateway ?

Gilles.