cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
645
Views
0
Helpful
5
Replies

ACE-SLB Multiple VIPs to Same Rservers

jim.cunningham
Level 1
Level 1

ACE module (on C6509) is currently configured to support client/server connections to several application servers.

VIP#1 on ACE exists within a single client side subnet (int vlan111)

Real servers exist on a separate server side subnet (int vlan555)

ACE is configured with a single default route pointing to a router on the client side subnet (int vlan111)

Customer wants to add a new VIP#2 that will exist on a new client side subnet (int vlan222)

Customer wants this new VIP#2 to be load balanced to the same application servers, exactly the same as VIP#1.

The problem I suspect is that the ACE's existing default route (via int vlan111) will cause all VIP#2 server-to-client traffic flows to be forwarded via int vlan111 instead of int vlan222 and thereby break the VIP#2 server-to-client traffic flows.

Assuming I'm correct, is there an ACE based solution to this, or is this desired environment just not possbile.

NOTE: since both VIP#1 and VIP#2 clients will be any public IP addressed hosts, I cannot define multiple routes based on discrete destination network addresses; therefore a single default route is all that's possible to use.

1 Accepted Solution

Accepted Solutions

Yep,

A static route and your problem is solved. Worked for me back when I had to redesign my public facing webportals. I basically had three different subnets, each containing 15-20 VIPS that had to be consolidated onto one ACE-context. And my challenge was the excact same.

View solution in original post

5 Replies 5

UHansen1976
Level 1
Level 1

You should be able to configure VIP#2 on the same client-interface (Vlan111), even if the new VIP doesn't belong to the address-range Vlan111 resides in. That way all client traffic is forwarded to the same interface and your routing issue should be erdicated.

Simply configure your VIP#2 class and apply the same lb-policies etc. in your multimatch-policy, which is already applied to Vlan111. Then, add a static route on your router, using the Vlan111-address (or alias-address) as next-hop. This should work, I've configured this myself.

hth

wow, that's pretty clever.  but let me be sure I understand the step regarding the static route on the router.

are you referring to my upstream (client side) router, that it should have a static route to reach my VIP#2 via a next-hop equal to my int vlan111 IP address?

Yep,

A static route and your problem is solved. Worked for me back when I had to redesign my public facing webportals. I basically had three different subnets, each containing 15-20 VIPS that had to be consolidated onto one ACE-context. And my challenge was the excact same.

Thank you very much for your solution to this.  I will give this a whirl within the next few days and let you know how it goes.

u da man uhansen.........I tested it out today and just as you said....it worked like a charm.....much, much thanks........jimmyc

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: