I have been asked to configure an ACE-4710, but I have not had any previous experience with these types of devices. I want to implement a fairly simply configuration, but the documentation seems a little confusing - I am hoping someone can please help me.
What I want to achieve is for the 4710 to load balance web connections to 2 real servers in a server farm. I want to use the least connections predictor/algorithm, with a 70/30 weight. The 4710 has only the one physical and one vlan connection to the network - I guess that eliminates any idea of different client and server side connections. Given this setup here are my questions;
- given that all web requests are to be treated the same, do I need to configure any class/policy maps to enable load-balancing, or will simply specifying the above parameters (predictor, weight, real and server farm details) be suffice.
- VIP address, what is is/what's it used for - is it the âaliasâ ip address of the 4710's in failover/redundant configuration, or is it an address on the web server side of things?
I am sure that I will have some other questions, but if anyone can help out with the above I would be most grateful. Please let me know if you need any further details to help explain my setup.
Thanks in advance,
The server response will indeed be sent to the client. It will however use the real server ip address as the source and the client expects a connection from the virtual ip. SO it will reject the response if it does not go through the Ace4710 first to be reverse-nated to the virtal ip.
The ACE appliance/blade will work as a router by default as long as you permit the traffic in an access-list.
It should therefore be no problem for your servers to be in a vlan behind the 4710.
The only concern would be if you add traffic consuming all your available BW.
In this case one-armed would be the solution, but as I said it requires some particular attention.
the vip address is the virtual address.
That's your website address for the rest of the world and your dns name should resolved to it.
This ip address will then be nated to one of the server ip address when the connection comes to the loadbalancer.
You will need a class-map to CATCH the traffic matching the virtual address.
You also need a policy-map to assign your serverfarm to the virtual-address.
This is done in 2 steps.
First create a type loadbalancing policy-map and under the class-default configure your serverfarm.
Then you create a multimatch policy and under the match-vip class-map you assign the first policy-map.
Finally, you need to put your multimatch policy on the vlan interface where the traffic will be coming in.
The design looks easy but you will soon discover it requires special config and attention.
It is actually easier to have a client vlan and a server vlan.
This is because the server response MUST go through the ACE and in one-armed mode the server response will by default go directly to the client bypassing the loadbalancer.
You then need to configure client nat or policy based routing on your gateway.
The vip address is the virtual address, that address is given to the clients that want to connect to the sfarm. So yes you must create policies because that's the way how we create a vip.
So clients send traffic to the vip address that is connected to a serverfarm (policies). A server is selected according the predictor, and at that time the destination address from the client (vip) is than translated to that one of the server.
Now the problem is that you are working with a one arm config or ace on a stick that's prop going to give problems for the return traffic. therefore you need to enable dynamic source nat.