I have a situation where clients and server could be in the same subnet, AND/OR client and server could be in different subnets, kind of mixed mode environment. My question, can ACE be configured as both Routed and Bridge mode at the same time, if yes then how (may be for some servers as routed, and for some servers as bridge)? Dont want to go in multiple contexts, same servers...
Folks say that for ACE module the best method is routed mode? true? if yes then why?
And what is the best place for ACE, behing MSFC, or infront of MSFC.. which cases???
There is not a single answer for the routed vs bridged vs One arm mode selection for ACE deployment. It really depends on your environment.
If you need multicast for your servers then routed mode will not work.
If you run MST then bridge mode is not a preferred soltution.If you want to log the client IP addresses then you cannot implement One arm mode with source NAT.
If bulk of your data is non-balanced traffic (like direct server access/ SAN traffic)... then One Arm is recommended as it will not eat up ACE resources.
Performance vise you can expect same L4/L7 performance regardless of the LB mode (routed/bridge/one-arm).
Also from a load balancing perspective there is no difference in terms of functionality
So Its totally a matter of personal preference. There are few design constraints which in some cases dictate the routed/bridge mode selection. For example some client do not want to make any changes to the servers
(like default gateways pointing to any L3 device) In this case we cannot introduce Routed mode and bridge mode is the only logical option.
Personally if its a new deployment I (again personally) prefer Routed mode due to these reasons
1. I like the Layer 3 boundary between client request and server response. This seperation makes it easy to debug & trouble shoot.
2. There are no possibiliy of STP loops. (Remember that when you are running ACE in bridge mode you have to pass the STP BPDUs through the ACE such that the client side VLAN & Server side vlan has
a single STP domain.)
3. Bridge mode has some limitations in performing NAT for Non-Loadbalanced Traffic (No issue with load balanced traffic). (There are workarounds available to fix that). Routed mode has no such limitation.
Placing an ACE before/after MSFC is also dependent on the topology.Since Client traffic reaches ACE via switch, In most of the cases its placed after MSFC, HSRP IP address of MSFC is the default gateway defined on ACE.
Syed Iftekhar Ahmed