Data center design! What is ACE

Unanswered Question
May 14th, 2008

Hi Everyone,

We are planning to have a datacenter. decided to buy 2 core 6500 series switches. what exactly is ACE? i understand it does loadbalancing. but then why wd not one use CSS instead on ACE. if we use ACE , can we eliminate the need of FWSM module. i read ACE has lots of security features. also it does web caching.. i may be wrong here.

So if we only have ACE in 6500, do we still need FWSM and some web caching engine (WASS). please also let me know some important features of ACE-Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 05/15/2008 - 04:36

The ACE module is a loadbalancer that should eventually replace the CSS and CSM.

It comes with some firewall features but not all of them. Some users have enough FW features on the ACE module so they don't need the FWSM.

Others still need the FWSM.

Depends on what you need.

Finally, the ACE module does not come with caching option. Only the ACE Appliance - c4710 - has the caching and optimization features.

Gilles.

followurself Fri, 05/16/2008 - 01:49

Thanks for the response. I shall appreciate if you let me know what security are not there in ACE compared with FWSM. is there an link which can tell me that

Thanks

Gilles Dufour Fri, 05/16/2008 - 02:09

unfortunately there is no such document as far as I know.

As a rule, ACE has all the security features for the protocol it can loadbalance at L7 - ie: HTTP, FTP, RTSP,DNS,...plus the necessary TCP,ICMP security features.

Anything else ACE does not have it.

Gilles.

Syed Iftekhar Ahmed Fri, 05/16/2008 - 09:50

Following security features are not supported on ACE

time based ACLs

ACL to Syslog correlation

url filtering (Websense..)

ActiveX/Java filtering

OSPF/RIP support

Syed

followurself Tue, 05/20/2008 - 07:47

so ACE have features but similar to secure IOS on router. it cant replace FWSM where we need DMZ or virtual contexts and make it look like a firewall (ASA, PIX, FWSM). In a data center environment where need to isolate servers from users.

would you guys design 6500 with fwsm and ace or only ace ?

Thanks

Actions

This Discussion