ACE Configuration Issue.

Unanswered Question
Apr 17th, 2009

We would like to configure on ace like below:

the virtual ip address and port like this

: 10.10.10.10:8000,this ip address will be use to outside user request servie

and we have to configure server farm like below

real server 10.10.10.1:8001, 10.10.10.1:8002, 10.10.10.1:8003 ...

the ip address is same on 10.10.10.10:8000's serverfarm, but real server service is different, and this port should be loadbalanced and healchecked.

Is it possible solution? F5 big ip , Nortal is possible, but I don't know on ACE above issue.

If you ok. could you give me a sample configuration?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 04/17/2009 - 06:33

rserver Server1

ip address 10.10.10.1

inservice

serverfarm Farm1

rserver Server1 8001

inservice

rserver Server1 8002

inservice

rserver Server1 8003

inservice

class-map MyVip

match virtual 10.10.10.10 tcp eq 8000

policy type loadbalance http first MyPolicy

class class-default

serverfarm Farm1

policy multimatch SLB

class MyVip

load policy MyPolicy

load vip inservice

interface vlan X

service in SLB

Gilles.

sachinga.hcl Fri, 04/17/2009 - 07:12

HI Dear

1. create probe

2. create rservers

3. create serverfarms

( inside serverfarm add as follows:

1. add rservers with port

inservice

2. add probe)

4. create class-maps(for the traffic of your interest on which you want to put some action like forward/drop/loadbalance or something else)

5. create policy-maps(for taking some action on class mapps)

(do inside following in policy maps:

1. add class maps

2. loadbalance vip

3. nat rules

etc)

6. create interface

7. create service-policy (so that you can apply these policy maps on particular interfaces for traafic of that class for filtering or the action specifiedd in the policy maps).

for healthcheck you need to create a proble something like this as follows:

probe http HTTP_Probe

port 8000

interval 2

passdetect interval 15

and then include this into serverfarm as follows:

serverfarm Farm1

probe HTTP_Probe

rserver Server1 8001

inservice

rserver Server1 8002

inservice

rserver Server1 8003

inservice

Kindly find some config sample on continued page..

continue to page 2.....

sachinga.hcl Fri, 04/17/2009 - 07:18

page 2....

Also i forget to tell you to

8.create resourse-class

9. create context othr then admin context if you need multiple contexts:

(inside context add resource class)

10 class map type management (for remote access)

as follows:

Kindly find some config sample as follows:

ACE/Admin# sh run

Generating configuration....

resource-class ABCD_Resource

limit-resource all minimum 5.00 maximum unlimited

limit-resource sticky minimum 5.00 maximum unlimited

boot system image:c4710ace-mz.A3_2_1.bin

hostname ACE

context Admin

member ABCD_Resource

access-list everyone line 10 extended permit icmp any any

access-list everyone line 20 extended permit ip any any

access-list for-cap line 8 extended permit ip any any

probe http HTTP-Probe

port 8000

interval 2

faildetect 2

passdetect interval 15

request method head

probe icmp ICMP-Probe

interval 2

faildetect 2

passdetect interval 60

probe tcp TCP-8000

port 8000

interval 2

faildetect 2

passdetect interval 15

passdetect count 2

open 1

rserver host A

ip address 10.10.10.1

inservice

rserver host B

ip address 10.10.10.2

inservice

rserver host C

ip address 10.10.10.3

inservice

rserver host D

ip address 10.10.10.4

inservice

serverfarm host SF-8000-1

probe ICMP-Probe

probe TCP-8000

rserver A 8000

inservice

rserver B 8000

inservice

serverfarm host SF-8000-2

probe HTTP-Probe

probe ICMP-Probe

probe TCP-8000

rserver C 8000

inservice

rserver D 8000

inservice

class-map match-all L4-CLASS-REDIRECT-1

2 match virtual-address 10.10.60.10 tcp eq www

class-map match-all VIP-PORT-8000-1

2 match virtual-address 10.10.60.10 tcp eq https

class-map match-all VIP-PORT-8000-2

2 match virtual-address 10.10.60.12 tcp eq https

class-map type management match-any remote-mgmt

10 match protocol ssh any

20 match protocol telnet any

30 match protocol icmp any

40 match protocol http any

50 match protocol https any

class-map match-any server-initiated

3 match source-address 10.10.10.4 255.255.255.255

4 match source-address 10.10.10.3 255.255.255.255

policy-map type management first-match remote-access

class remote-mgmt

permit

policy-map type loadbalance first-match VIP-POLICY-8000-1

class class-default

-----

policy-map multi-match Service-Policy-8000-1

class VIP-PORT-8000-1

loadbalance vip inservice

loadbalance policy VIP-POLICY-8000-1

loadbalance vip icmp-reply

nat dynamic 1 vlan 60

class L4-CLASS-REDIRECT-1

loadbalance vip inservice

loadbalance policy VIP-POLICY-8000-1

policy-map multi-match Service-Policy-8000-2

class VIP-PORT-8000-2

loadbalance vip inservice

loadbalance policy VIP-POLICY-8000-2

loadbalance vip icmp-reply

nat dynamic 1 vlan 60

ssl-proxy server SSL-Offload-Proxy-2

policy-map multi-match server-side

class server-initiated

nat dynamic 1 vlan 60

interface vlan 10

description APPPROD-Client-Vlan

bridge-group 10

mtu 1500

access-group input everyone

access-group output everyone

service-policy input remote-access

no shutdown

interface vlan 30

description management-vlan-interface

ip address 10.10.30.22 255.255.255.0

access-group input everyone

access-group output everyone

service-policy input remote-access

no shutdown

continued page 3......

sachinga.hcl Fri, 04/17/2009 - 07:35

page 3........

interface vlan 60

description One-arm VLAN

ip address 10.10.60.1 255.255.255.0

access-group input everyone

access-group output everyone

nat-pool 1 10.10.60.3 10.10.60.3 netmask 255.255.255.0 pat

service-policy input remote-access

service-policy input Service-Policy-8000-1

service-policy input Service-Policy-8000-2

service-policy input server-side

no shutdown

interface vlan 100

description APPPROD-Server-Vlan

bridge-group 10

access-group input everyone

access-group output everyone

service-policy input remote-access

no shutdown

kindly rate if you find it any useful to you else no issue.

kind regards

sachin

some sample config examples and guides find on below links which are like jewel pages to any one:

continued page 4.....

sachinga.hcl Fri, 04/17/2009 - 07:36

page 4....

just for you dear:

1.ACE Client and Servers Hitting the Same VIP

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6ef5.shtml

2. Configure ACE in Routed Mode with L7 Policies

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml

3. Configure ACE Module for End to End SSL Termination

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

4. Configure ACE with Source NAT and Client IP Header Insert

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml

5. Configure ACE with SSL Termination and URL Rewrite

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3045.shtml

6. Integrate Cisco Service Modules with Cisco Catalyst 6500 Virtual Switching System 1440

http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c72b.shtml

7. Product support page for ace module 47xx

http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html

8. Cisco ACE 4700 Series Appliance Device Manager GUI Configuration Guide

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/device_manager/guide/dmguigd.html

9. Cisco ACE appliance product home page

http://www.cisco.com/en/US/products/ps7027/tsd_products_support_series_home.html

10. Cisco ace config ssample :

http://snippets101.blogspot.com/search/label/ace

1. FTP serverfarm on Cisco ACE

http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html

11. CISCO ACE with SAP

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_white_paper0900aecd80653362.pdf

12. CISCO ACE white papaers with tons of code and design examples

http://www.cisco.com/en/US/products/ps6906/

Please rate if you find it any useful for you.

Kind regards

keep in touch.

sachin garg

Actions

This Discussion