cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1436
Views
0
Helpful
3
Replies

ACE - UDP loadbalancing without NAT

aeliu
Level 1
Level 1

HI, I want to get source port of client from Real server, but it is changed by ACE

matched port of VIP set to 8070 same as RIP, it is fine.

I want to know is it posible to keep souce port unchanged when port translation is configured

any help will be appreciated

below is the config

------------------------------------------------


probe udp udp-8070
  port 8070
  interval 5

rserver server01
ip address 192.168.1.15
inservice

rserver server02
ip address 192.168.1.16
inservice

serverfarm host sf-UDP-8070
  failaction purge
  probe udp-8070
  rserver server01 8070
    inservice
  rserver server02 8070
    inservice


policy-map type loadbalance  first-match pL7-UDP-8070
  class class-default
    serverfarm sf-UDP-8070

class-map match-any c4-UDP-1270
match virtual-address 192.168.2.100 udp eq 1270

policy-map multi-match pL4-UDP
  class c4-UDP-1270
    loadbalance vip inservice
    loadbalance policy pL7-UDP-8070
    loadbalance vip icmp-reply

interface vlan 211
service-policy input pL4-UDP

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

This is called implicit pat.  It is happening to guarantee that the response from the server is handled by the same IXP.

The ACE module contains 2 x IXP  and each one of them perform the loadbalancing functions indepently.

So, it is required that the 2 flows of a connection are handled by the same IXP.  The function that select the IXP does it base on the destination and source port.  Therefore it is sometimes required to change the source port.

There is no way to prevent this.

The appliance does not have this problem because there is only a single processor.

Gilles.

View solution in original post

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

This is called implicit pat.  It is happening to guarantee that the response from the server is handled by the same IXP.

The ACE module contains 2 x IXP  and each one of them perform the loadbalancing functions indepently.

So, it is required that the 2 flows of a connection are handled by the same IXP.  The function that select the IXP does it base on the destination and source port.  Therefore it is sometimes required to change the source port.

There is no way to prevent this.

The appliance does not have this problem because there is only a single processor.

Gilles.

Hello

I have the same problem.

I found that it is possible to disable implicit-PAT for UDP/TCP traffic with the Admin context command "hw-module cde-same-port-hash". There is not information in the documentation about the performance impact of such change. Do you know what I could expect when configuring this option ?

Thank you in advance for your answer.

Regards

Lukas

Dears,

I had this issue with SIP traffic

to solve the Impicit PAT issue you may try the following,

1) Direct Server Return on ACE Configure servers with VIP address as a secondary IP address on interfaces
directly connected to the ACE (that is, interfaces which have an ARP entry
for the ACE.) Then configure the ACE to forward to that VIP address as a
transparent serverfarm.


or 2) Configure the "hw-module cde-same-port-hash" on the Admin context, this will disable Hashing based on Src. and Dst. port the ACE will use a new Hash method

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: