ACE-SLB Multiple VIPs to Same Rservers

Answered Question
May 12th, 2010
User Badges:

ACE module (on C6509) is currently configured to support client/server connections to several application servers.

VIP#1 on ACE exists within a single client side subnet (int vlan111)

Real servers exist on a separate server side subnet (int vlan555)

ACE is configured with a single default route pointing to a router on the client side subnet (int vlan111)

Customer wants to add a new VIP#2 that will exist on a new client side subnet (int vlan222)

Customer wants this new VIP#2 to be load balanced to the same application servers, exactly the same as VIP#1.

The problem I suspect is that the ACE's existing default route (via int vlan111) will cause all VIP#2 server-to-client traffic flows to be forwarded via int vlan111 instead of int vlan222 and thereby break the VIP#2 server-to-client traffic flows.

Assuming I'm correct, is there an ACE based solution to this, or is this desired environment just not possbile.

NOTE: since both VIP#1 and VIP#2 clients will be any public IP addressed hosts, I cannot define multiple routes based on discrete destination network addresses; therefore a single default route is all that's possible to use.

Correct Answer by UHansen1976 about 6 years 11 months ago

Yep,


A static route and your problem is solved. Worked for me back when I had to redesign my public facing webportals. I basically had three different subnets, each containing 15-20 VIPS that had to be consolidated onto one ACE-context. And my challenge was the excact same.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
UHansen1976 Wed, 05/12/2010 - 12:29
User Badges:
  • Bronze, 100 points or more

You should be able to configure VIP#2 on the same client-interface (Vlan111), even if the new VIP doesn't belong to the address-range Vlan111 resides in. That way all client traffic is forwarded to the same interface and your routing issue should be erdicated.


Simply configure your VIP#2 class and apply the same lb-policies etc. in your multimatch-policy, which is already applied to Vlan111. Then, add a static route on your router, using the Vlan111-address (or alias-address) as next-hop. This should work, I've configured this myself.


hth

jim.cunningham Wed, 05/12/2010 - 12:42
User Badges:

wow, that's pretty clever.  but let me be sure I understand the step regarding the static route on the router.

are you referring to my upstream (client side) router, that it should have a static route to reach my VIP#2 via a next-hop equal to my int vlan111 IP address?

Correct Answer
UHansen1976 Wed, 05/12/2010 - 15:30
User Badges:
  • Bronze, 100 points or more

Yep,


A static route and your problem is solved. Worked for me back when I had to redesign my public facing webportals. I basically had three different subnets, each containing 15-20 VIPS that had to be consolidated onto one ACE-context. And my challenge was the excact same.

jim.cunningham Thu, 05/13/2010 - 03:24
User Badges:

Thank you very much for your solution to this.  I will give this a whirl within the next few days and let you know how it goes.

jim.cunningham Fri, 05/14/2010 - 11:48
User Badges:

u da man uhansen.........I tested it out today and just as you said....it worked like a charm.....much, much thanks........jimmyc

Actions

This Discussion