ACE4710 - load-balance with one-arm, one-subnet configuration?

Unanswered Question
Mar 25th, 2010

Hey guys,

I've been struggling with this for a few hours without finding the ideal solution... I have something up and running using NAT, but I was wondering if there was any other solution.

I want to use the ACE 4710 to load balance requests on an existing infrastructure, so I therefore cannot change anything to the rservers IPs, and I need the VIP to be on the same subnet/vlan as the rservers.

My current solution uses NAT, which I do not really like. Even if I don't really see how this would be possible, I will ask the question anyway: Is there any other way to configure load balancing? I was unable to find anything in the documentation.

If NAT is the only solution, what is the maximum number of sessions a NAT IP can hold (with PAT enabled)?

Thanks in advance for your help !



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dario.didio Thu, 03/25/2010 - 02:57


A valid solution for you would be bridge mode.

This means that the IP Subnet in front of the ACE (Client-side) and the IP Subnet behind (Server-side) are the same, but with two different VLAN IDs.

The ACE bridges traffice from one VLAN to the other.

The servers behind the ACE have the upstream router as default gateway.

This means that

- your servers can maintain their IP Addresses

- The VIP is in the same subnet as the servers

- no NAT is required.

Only thing that needs to be done is change the VLAN on the switchport where your servers are connected on.

Note that the big difference here between one-arm mode and bridge mode is that in one-arm mode the ACE is not in the datapath. Everything that needs to be load-balanced is send to the ACE, all direct server traffic is send to the server bypassing the ACE.

In bridge mode, the ACE sits in the datapath. All traffic to your servers (load-balanced or not) goes through the ACE.

Take a look at following example:



loic.etienne Thu, 03/25/2010 - 03:03

Thank you for your reply !

Yes, I saw that possibility, however I read somewhere in the documentation that a VLAN can only be bridged in one context.

I forgot to mention that I would need multiple contexts to access my general purpose VLAN. Isn't there any other way?


This Discussion