What front end could I use in 6500 to loadbalance between several WAEs?

Unanswered Question
May 28th, 2009

I'm not familiar with the 6500 modules that loadbalance; ie. ACE, ACN etc. But, I may need to start looking into using a loadbalancer in our dual 6500 distribution layer switches to loadbalance WCCP redirected traffic to our 7341s in our data center. Right now I have a single 7341 head-end WAE and am using IP forwarding as the Egress method which sends redirected traffic to the 7341's default gateway, which is the active IP address in a GLBP pair between the two 6500s.

Soon I will be adding a second 7341 for redundancy and have been advised to change the egree method to generic-GRE, in order to send the traffic back to the 6500 that it was redirected in from.

However, as the number of WAEs increases at the data center, does it make sense to have a loadbalancer, instead of WCCP, do the loadbalacing between the multiple WAEs? If so, is there a white paper that discusses that and gives a sample configuration in a 6500 environment?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carenas123 Wed, 06/03/2009 - 13:15

SSL Offload

The Cisco ACE is capable of providing secure transport services to a Windows Server 2008 Terminal Services deployment. The Cisco ACE can offload Transport Layer Security (TLS)/SSL processing from the TS Web Access and TS Gateway roles thereby saving processor cycles. The Cisco ACE implements its own SSL stack and does not rely on any version of Open SSL. The Cisco ACE supports TLS 1.0, SSLv3, and SSLv2/3 hybrid protocols. There are three SSL relevant deployment models available to each Cisco ACE virtual context:

•SSL termination-Allows for the secure transport of data between the client and Cisco ACE virtual context. The Cisco ACE operates as an SSL proxy. As such, it negotiates and terminates secure connections with a client-and a non-secure or clear-text connection to an application server in the data center. The advantage of this design is the offloading of application server resource requirements from the CPU and memory demands associated with SSL processing-while continuing to provide intelligent load balancing.

•SSL initiation-Provides secure transport between the Cisco ACE and the application server. The client initiates an non-secure HTTP connection with the Cisco ACE virtual context, while the Cisco ACE acts as a client proxy that negotiates an SSL session to an SSL server.

•SSL end-to-end-Provides a secure transport path for all communications between a client and the SSL application server residing in the data center. The Cisco ACE uses SSL termination and SSL initiation techniques to support the encryption of data between client and server. Two completely separate SSL sessions are negotiated, one between the Cisco ACE context and the client, the other between the Cisco ACE context and the application server. In addition to the intelligent load balancing services the Cisco ACE provides in an end-to-end SSL model. The system administrator may choose to alter the intensity of data encryption in order to reduce the load on either the frontend client connection or backend application server connection (allowing for the reduction of SSL resource requirements on either entity).

jujouber Mon, 06/08/2009 - 22:29

I agree, ACE would be the way to go:

Network Interception

Cisco ACE Application Control Engine Module or Cisco Content Switching Module (CSM): Cisco WAAS appliances can be deployed in the data center using the Cisco ACE Module or Cisco CSM module for the Cisco Catalyst 6500 Series for tremendous scalability. Up to 4 million connections can be managed per Cisco ACE Module, with redirection to a farm of Cisco WAAS appliances and supporting data rates up to 16 Gbps. Up to four Cisco ACE Modules can be deployed in a Cisco Catalyst 6500 Series chassis, enabling scalability to up to 64 Gbps and 16 million TCP connections.

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd8053b3a5_ps2706_Products_White_Paper.html

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5680/ps6870/prod_white_paper0900aecd8051d5b2.html

Actions

This Discussion