- Purple, 4500 points or more
Hopefully I can explain this intelligently. I have 10 racks of servers, each rack has stack of 2- 3750s. Each rack is it's on IP subnet. e.g. rack 1 is 10.100.1.0/24 rack 2 is 10.100.2.0/24. The 3750 is the DG and has a pair of layer 3 links that go back to a pair of 6500's (in VSS). The 6500s act as the server distribution point (physically not logically) that then connects to the core. It also has an ACE module. The way I see it I have two options; make 1 rack of servers dedicated to load balancing and use the ACE as the DG. Not a problem, but not optimal for the placement of servers (which I don't control). I believe my other option is to let the servers live in any rack and use routed mode and SNAT the servers (I don't care about losing the original source IP). I think I then have to use PBR on the 3750's for return traffic to the ACE. Is the PBR to point back to the ACE since the destination from the client request was the VIP? Would it be better to have the ACE as the DG for the servers and force the servers that need to be load-balanced into specific racks? Thanks for your consideration.
refer to the first picture on following page.
That is how your L3 setup would look like, with the addition of a router(s) in front of your servers.
The VLAN that interconnects the MSFC of the C6500s and the ACE is the VLAN that needs to be added.
In this VLAN - IP Subnet, your VIP addresses are configured.
When an external client connects to the VIP Address, he is routed to the ACE in VLAN 50 on the drawing.
The ACE does what it does and sends the client request to one of its servers, performing SNAT using or the VIP address, or another IP Address in VLAN 50.
Via the C6500s, it is routed to the routed access switch, which delivers the request. Your server treats the request and answers to the SNATed address, which is located on the ACE.
It forwards the response to its default GW, which does the same via a static or default route in its routing table. Tha packet arrives on the MSFC of the C6500, which has the subnet directly connected via VLAN 50, and forwards the packet to the ACE.
There, the SNAT is undone, and the packet is send, via the default route on the ACE on VLAN 50, to the MSFC of the C6500s, where it is routed back to the client.
Note that all traffic directly send to the server does not pass the ACE. Only the traffic send to the VIPs passes the ACE.
Hope this clearifies things :-)