05-12-2010 11:59 AM
ACE module (on C6509) is currently configured to support client/server connections to several application servers.
VIP#1 on ACE exists within a single client side subnet (int vlan111)
Real servers exist on a separate server side subnet (int vlan555)
ACE is configured with a single default route pointing to a router on the client side subnet (int vlan111)
Customer wants to add a new VIP#2 that will exist on a new client side subnet (int vlan222)
Customer wants this new VIP#2 to be load balanced to the same application servers, exactly the same as VIP#1.
The problem I suspect is that the ACE's existing default route (via int vlan111) will cause all VIP#2 server-to-client traffic flows to be forwarded via int vlan111 instead of int vlan222 and thereby break the VIP#2 server-to-client traffic flows.
Assuming I'm correct, is there an ACE based solution to this, or is this desired environment just not possbile.
NOTE: since both VIP#1 and VIP#2 clients will be any public IP addressed hosts, I cannot define multiple routes based on discrete destination network addresses; therefore a single default route is all that's possible to use.
Solved! Go to Solution.
05-12-2010 03:30 PM
Yep,
A static route and your problem is solved. Worked for me back when I had to redesign my public facing webportals. I basically had three different subnets, each containing 15-20 VIPS that had to be consolidated onto one ACE-context. And my challenge was the excact same.
05-12-2010 12:29 PM
You should be able to configure VIP#2 on the same client-interface (Vlan111), even if the new VIP doesn't belong to the address-range Vlan111 resides in. That way all client traffic is forwarded to the same interface and your routing issue should be erdicated.
Simply configure your VIP#2 class and apply the same lb-policies etc. in your multimatch-policy, which is already applied to Vlan111. Then, add a static route on your router, using the Vlan111-address (or alias-address) as next-hop. This should work, I've configured this myself.
hth
05-12-2010 12:42 PM
wow, that's pretty clever. but let me be sure I understand the step regarding the static route on the router.
are you referring to my upstream (client side) router, that it should have a static route to reach my VIP#2 via a next-hop equal to my int vlan111 IP address?
05-12-2010 03:30 PM
Yep,
A static route and your problem is solved. Worked for me back when I had to redesign my public facing webportals. I basically had three different subnets, each containing 15-20 VIPS that had to be consolidated onto one ACE-context. And my challenge was the excact same.
05-13-2010 03:24 AM
Thank you very much for your solution to this. I will give this a whirl within the next few days and let you know how it goes.
05-14-2010 11:48 AM
u da man uhansen.........I tested it out today and just as you said....it worked like a charm.....much, much thanks........jimmyc
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: