ACE bridge mode and L3 switch

Unanswered Question
Oct 23rd, 2008


I am evaluating the ACE 4710 bridge mode for loadbalancing several services (http,ldap,smtp,pop3 and dns). The current configuration uses 2 L3 switches as the servers default gateway (using HSRP). I assume that in the bridge mode i need 1 vlan for ACE-Servers (e.g vlan 10) and 1 for ACE-Gateway (e.g vlan 20) and then bridge them. So if i get this right i need to change the current SVI on the L3 switch from int vlan 10 to int vlan 20. Is that correct? Is there a other alternative? I have heard about DSR but it does not do L7 and is not commonly used.

Also, does ACE support different ft-port for each context? The issue i have is that for each of the 2 context that i need the servers reside on 2 different switch pairs. So if one context switch fails then i will need to failover for the other context as well.

Another thing, i read that ACE supports etherchannel. Is this only for redundancy or can we use it to get 2 Gbps full bandwidth from a context?

That's all for now :)


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Martin Kyrc Tue, 10/28/2008 - 11:25


your configuration will be:


for L3 sw will be default gw gw_L3, not ace.

What is DSR?

You don't need different port for different FT vlan. It's possible to do with one FT vlan. Each context can have different 'checks' and priority settings. With this configuration you can have active-standby, or active-active configuration (first content active on first ace, second context on second ace.

etherchannel - yes, you can use 2Gbps for 2x1G links. bandwidth restriction is licence policy.


ropethic Wed, 11/05/2008 - 16:44

There are 3 modes you can deploy ACE

1. Bridge Mode - user / servers / ACE on separate VLAN but on same Ip subnet

router <-> ace <-> servers

Servers use router ip as default gateway

2. Routed mode - user / servers separate VLANs

with ACE on server vlan and different subnets

servers use ACE as default gateway

3. One arm Mode - separate vlans for ace / users / servers

need to use SNAT or PBR

i would use option 2 - svi for both vlans with IP address and switchport access for selected ace interface. Only problem is everthing passes through ACE.

Option 3 removes the ace from position directly in path. You will need to use PBR on router and ace as next hop based on configured policy.

for rest of your questions, here is an extensive guide for FT and PortChannels.

Ace supports port-channels and FT for the port channel. Not sure about the context.


This Discussion