Here is the scenario. We are an enterprise with various business units with varying
degrees of IT independence.
In a new Internet facing datacenter deployment we are looking to use ACE contexts to allow
resource allocation / control as well as delegated admin access, but want to keep our
public addressing flexible & simple.
Previous deployments have used all single context with the public addresses in a large
subnet with VIPs in that space configured directly on the ACE, but we are testing multiple
contexts for reasons above.
We want to have a single public segment that we can assign VIPs to whichever business
needs them, but have separate vlans for the rservers, and separate configuration spaces
for admins of the different business units.
We have configured contexts on ACE with a single, public vlan associated to all contexts,
but each context having it's own vlans for the rservers. This is all set up and working
except rservers in an rserver-subnet associated with context A can not communicate with
VIP associated with context B.
I understand that this may be by design, but can't find information if there is anyway to
change this behavior.
We have tried SNAT configuration
ation#Configuring_Dynamic_NAT_and_PAT) , SNATing rserver IP to an IP in the public
segment, and this allows communicates to VIPs in it's own context, but not other contexts.
Is there anyway to do this without carving up public space (or dramatically rearranging
our design in some other way)? Otherwise, I think we give up resource allocation, go back
to single context and use domains to control administration functions?
I have this problem too.