ACE Module Routed design

Unanswered Question
Mar 24th, 2009
User Badges:

Hi all,


I have a requirement to install 2 ACE Modules into two 6509 chassis'


We want to run the ACE modules in a live/live scenario so we can utilise the two ACE modules


So we want to split the VIPS so we have some live on one ACE and others on the other.


Also the ACE modules will be setup in routed mode. We have a number of subnets we want to use on the client side - 3 to be exact, and there will be another 3 different subnets on the server side


A few points which are confusing me


For each subnet would i have to configure a SVI? And if so you can only have 1 SVI per contect so that would mean creating a context and a SVI for each subnet?


Are there any example configs which could help me out?


Any help would be appreciated


Thanks

James




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
huangedmc Wed, 03/25/2009 - 04:29
User Badges:

See the config example here:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml


Normally you only need one client-side subnet per context, but multiple ones work too.

You'd create an SVI on MSFC for the client-side subnets only, otherwise server traffic would bypass the ACE.


Also keep in mind when you do active/active, it's done on the context level.

That means you need to create at least two contexts in addition to the Admin context. (although you can technically run things in /Admin)


Go through the example above, and the config guides below and you'll be all set:

http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html


james_46 Wed, 03/25/2009 - 06:09
User Badges:

Hi


Thanks for the feedback - much appreciated


That confirms what i was thinking


So for each client-side subnet i would create a specific context and a corresponding SVI on the 6509?


Cheers

James

Syed Iftekhar Ahmed Wed, 03/25/2009 - 10:53
User Badges:
  • Blue, 1500 points or more

James


You are correct.

In a typical routed mode setup you have SVIs on the client side and HSRP IP on client side is configured as default gateway.


With respect to SVIs, just remember the golden rule " Return traffic from real servers should never bypass ACE ( for that matter any load balancer)".


SVIs on both Client & Server Side could make the return traffic bypass ACE.


Syed

james_46 Wed, 03/25/2009 - 13:54
User Badges:

Hi Syed


Thanks for your reply


One more quick question:


When using multiple context in routed mode - the servers on the server side, will they be able to communicate with servers in the other context?


I would assume not but just want to clarify..


Cheers

James

Actions

This Discussion