ACE network design question

george_daly · ‎09-22-2009

Hi,

I am considering a network design that will have ACE and FWSM modules in end of row 6500 distribution switches. The server farms would have their gateways set to a vlan SVI on the 6500, with a PBR map on the SVI so that reply traffic to load-balanced rservers/protocols would get routed via the ACE so it doesn't need to sit inline.

The end of row distribution switches would be the L2 boundary, with L3 routing back to the core.

The problem I'm considering is that a server in any row must be able to be a member of a server farm on any of the end of row distribution switch ACEs.

Will this scenario work, where there is potentially no L2 adjacency from the ACE to the server farms? Can the ACE deal with having rservers in different L3 subnets which are potentially multiple IP hops away?

Any known caveats/problems with this approach?

Many thanks for any advice/comments,

George

caizijun678 · ‎09-22-2009

My china i studying student

george_daly · ‎09-24-2009

For anyone considering a similar design, I have labbed this up and all appears to work Ok, though you need to disable TCP normalization on the ACE (disclaimer: this affects/disables some security features) in order for it to route return traffic that doesn't match a load-balanced flow back to the supervisor (as opposed to dropping it).