ACE Configuration Issue.

Unanswered Question
Apr 17th, 2009
User Badges:

We would like to configure on ace like below:

the virtual ip address and port like this

: 10.10.10.10:8000,this ip address will be use to outside user request servie


and we have to configure server farm like below

real server 10.10.10.1:8001, 10.10.10.1:8002, 10.10.10.1:8003 ...


the ip address is same on 10.10.10.10:8000's serverfarm, but real server service is different, and this port should be loadbalanced and healchecked.


Is it possible solution? F5 big ip , Nortal is possible, but I don't know on ACE above issue.


If you ok. could you give me a sample configuration?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 04/17/2009 - 06:33
User Badges:
  • Cisco Employee,

rserver Server1

ip address 10.10.10.1

inservice


serverfarm Farm1

rserver Server1 8001

inservice

rserver Server1 8002

inservice

rserver Server1 8003

inservice


class-map MyVip

match virtual 10.10.10.10 tcp eq 8000


policy type loadbalance http first MyPolicy

class class-default

serverfarm Farm1


policy multimatch SLB

class MyVip

load policy MyPolicy

load vip inservice


interface vlan X

service in SLB


Gilles.

sachinga.hcl Fri, 04/17/2009 - 07:12
User Badges:
  • Silver, 250 points or more

HI Dear


1. create probe

2. create rservers


3. create serverfarms

( inside serverfarm add as follows:


1. add rservers with port

inservice


2. add probe)



4. create class-maps(for the traffic of your interest on which you want to put some action like forward/drop/loadbalance or something else)


5. create policy-maps(for taking some action on class mapps)


(do inside following in policy maps:


1. add class maps

2. loadbalance vip

3. nat rules

etc)




6. create interface


7. create service-policy (so that you can apply these policy maps on particular interfaces for traafic of that class for filtering or the action specifiedd in the policy maps).









for healthcheck you need to create a proble something like this as follows:


probe http HTTP_Probe

port 8000

interval 2

passdetect interval 15



and then include this into serverfarm as follows:


serverfarm Farm1

probe HTTP_Probe

rserver Server1 8001

inservice

rserver Server1 8002

inservice

rserver Server1 8003

inservice


Kindly find some config sample on continued page..



continue to page 2.....

sachinga.hcl Fri, 04/17/2009 - 07:18
User Badges:
  • Silver, 250 points or more

page 2....


Also i forget to tell you to


8.create resourse-class


9. create context othr then admin context if you need multiple contexts:


(inside context add resource class)


10 class map type management (for remote access)



as follows:




Kindly find some config sample as follows:

ACE/Admin# sh run


Generating configuration....




resource-class ABCD_Resource

limit-resource all minimum 5.00 maximum unlimited

limit-resource sticky minimum 5.00 maximum unlimited


boot system image:c4710ace-mz.A3_2_1.bin


hostname ACE


context Admin

member ABCD_Resource


access-list everyone line 10 extended permit icmp any any

access-list everyone line 20 extended permit ip any any

access-list for-cap line 8 extended permit ip any any




probe http HTTP-Probe

port 8000

interval 2

faildetect 2

passdetect interval 15

request method head


probe icmp ICMP-Probe

interval 2

faildetect 2

passdetect interval 60


probe tcp TCP-8000

port 8000

interval 2

faildetect 2

passdetect interval 15

passdetect count 2

open 1


rserver host A

ip address 10.10.10.1

inservice

rserver host B

ip address 10.10.10.2

inservice

rserver host C

ip address 10.10.10.3

inservice

rserver host D

ip address 10.10.10.4

inservice



serverfarm host SF-8000-1

probe ICMP-Probe

probe TCP-8000

rserver A 8000

inservice

rserver B 8000

inservice


serverfarm host SF-8000-2

probe HTTP-Probe

probe ICMP-Probe

probe TCP-8000

rserver C 8000

inservice

rserver D 8000

inservice


class-map match-all L4-CLASS-REDIRECT-1

2 match virtual-address 10.10.60.10 tcp eq www


class-map match-all VIP-PORT-8000-1

2 match virtual-address 10.10.60.10 tcp eq https


class-map match-all VIP-PORT-8000-2

2 match virtual-address 10.10.60.12 tcp eq https


class-map type management match-any remote-mgmt

10 match protocol ssh any

20 match protocol telnet any

30 match protocol icmp any

40 match protocol http any

50 match protocol https any


class-map match-any server-initiated

3 match source-address 10.10.10.4 255.255.255.255

4 match source-address 10.10.10.3 255.255.255.255


policy-map type management first-match remote-access

class remote-mgmt

permit


policy-map type loadbalance first-match VIP-POLICY-8000-1

class class-default

-----

policy-map multi-match Service-Policy-8000-1

class VIP-PORT-8000-1

loadbalance vip inservice

loadbalance policy VIP-POLICY-8000-1

loadbalance vip icmp-reply

nat dynamic 1 vlan 60

class L4-CLASS-REDIRECT-1

loadbalance vip inservice

loadbalance policy VIP-POLICY-8000-1



policy-map multi-match Service-Policy-8000-2

class VIP-PORT-8000-2

loadbalance vip inservice

loadbalance policy VIP-POLICY-8000-2

loadbalance vip icmp-reply

nat dynamic 1 vlan 60

ssl-proxy server SSL-Offload-Proxy-2


policy-map multi-match server-side

class server-initiated

nat dynamic 1 vlan 60


interface vlan 10

description APPPROD-Client-Vlan

bridge-group 10

mtu 1500

access-group input everyone

access-group output everyone

service-policy input remote-access

no shutdown


interface vlan 30

description management-vlan-interface

ip address 10.10.30.22 255.255.255.0

access-group input everyone

access-group output everyone

service-policy input remote-access

no shutdown


continued page 3......


sachinga.hcl Fri, 04/17/2009 - 07:35
User Badges:
  • Silver, 250 points or more

page 3........


interface vlan 60

description One-arm VLAN

ip address 10.10.60.1 255.255.255.0

access-group input everyone

access-group output everyone

nat-pool 1 10.10.60.3 10.10.60.3 netmask 255.255.255.0 pat

service-policy input remote-access

service-policy input Service-Policy-8000-1

service-policy input Service-Policy-8000-2

service-policy input server-side

no shutdown


interface vlan 100

description APPPROD-Server-Vlan

bridge-group 10

access-group input everyone

access-group output everyone

service-policy input remote-access

no shutdown


kindly rate if you find it any useful to you else no issue.


kind regards

sachin




some sample config examples and guides find on below links which are like jewel pages to any one:




continued page 4.....

sachinga.hcl Fri, 04/17/2009 - 07:36
User Badges:
  • Silver, 250 points or more

page 4....


just for you dear:



1.ACE Client and Servers Hitting the Same VIP


http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6ef5.shtml




2. Configure ACE in Routed Mode with L7 Policies


http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml


3. Configure ACE Module for End to End SSL Termination


http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml


4. Configure ACE with Source NAT and Client IP Header Insert


http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml


5. Configure ACE with SSL Termination and URL Rewrite

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3045.shtml


6. Integrate Cisco Service Modules with Cisco Catalyst 6500 Virtual Switching System 1440


http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c72b.shtml




7. Product support page for ace module 47xx

http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html



8. Cisco ACE 4700 Series Appliance Device Manager GUI Configuration Guide

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/device_manager/guide/dmguigd.html



9. Cisco ACE appliance product home page


http://www.cisco.com/en/US/products/ps7027/tsd_products_support_series_home.html



10. Cisco ace config ssample :

http://snippets101.blogspot.com/search/label/ace




1. FTP serverfarm on Cisco ACE

http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html



11. CISCO ACE with SAP


http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_white_paper0900aecd80653362.pdf



12. CISCO ACE white papaers with tons of code and design examples


http://www.cisco.com/en/US/products/ps6906/




Please rate if you find it any useful for you.


Kind regards

keep in touch.


sachin garg




Actions

This Discussion