ACE Module Routed design

Unanswered Question
Mar 24th, 2009

Hi all,

I have a requirement to install 2 ACE Modules into two 6509 chassis'

We want to run the ACE modules in a live/live scenario so we can utilise the two ACE modules

So we want to split the VIPS so we have some live on one ACE and others on the other.

Also the ACE modules will be setup in routed mode. We have a number of subnets we want to use on the client side - 3 to be exact, and there will be another 3 different subnets on the server side

A few points which are confusing me

For each subnet would i have to configure a SVI? And if so you can only have 1 SVI per contect so that would mean creating a context and a SVI for each subnet?

Are there any example configs which could help me out?

Any help would be appreciated

Thanks

James

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
huangedmc Wed, 03/25/2009 - 04:29

See the config example here:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml

Normally you only need one client-side subnet per context, but multiple ones work too.

You'd create an SVI on MSFC for the client-side subnets only, otherwise server traffic would bypass the ACE.

Also keep in mind when you do active/active, it's done on the context level.

That means you need to create at least two contexts in addition to the Admin context. (although you can technically run things in /Admin)

Go through the example above, and the config guides below and you'll be all set:

http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html

james_46 Wed, 03/25/2009 - 06:09

Hi

Thanks for the feedback - much appreciated

That confirms what i was thinking

So for each client-side subnet i would create a specific context and a corresponding SVI on the 6509?

Cheers

James

Syed Iftekhar Ahmed Wed, 03/25/2009 - 10:53

James

You are correct.

In a typical routed mode setup you have SVIs on the client side and HSRP IP on client side is configured as default gateway.

With respect to SVIs, just remember the golden rule " Return traffic from real servers should never bypass ACE ( for that matter any load balancer)".

SVIs on both Client & Server Side could make the return traffic bypass ACE.

Syed

james_46 Wed, 03/25/2009 - 13:54

Hi Syed

Thanks for your reply

One more quick question:

When using multiple context in routed mode - the servers on the server side, will they be able to communicate with servers in the other context?

I would assume not but just want to clarify..

Cheers

James

Actions

This Discussion