ACE loadbalancing design dilemma

Unanswered Question
Oct 29th, 2008


We have an ACE in 6509 connected to a FW(TRUNK). FW connected to 3560 switch(DMZ) rservers connected to 3560 need to be loadbalanced by the ACE(Layer 3 LB)

Is this possible and is this the best way to do it how do the rest of you tackle the DMZ LB dilemma if the LB is on the inside network?

Security issues I need to be thinking of?

Appreciate your time.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Tue, 11/04/2008 - 14:18

You can operate your ACE strictly as an LB device. If you want to use LB only, you must configure certain parameters and disable some of the ACE security features as described in the below URL. By default, the ACE performs TCP/IP normalization checks and ICMP security checks on traffic entering the ACE interfaces. Using the following configuration will also allow asymmetric routing as required by your network application.


This Discussion