Solved: Routing and Loadbalancing on ACE 4710 again

steve switzer · ‎05-23-2012

Hi All

Maurice Zehnder confirmed i can route and loadbalance in 'inline' configuration

on an ACE 4710, thanks maurice !

Below i have more or less one of the configs from my ACE course , its the first time i have

really configured the ACE so you will have to bear with me.

My question is -

the below should work for ln loadbalancing between the 2 servers in the serverfarm TESTFARM

but i have another server on the vlan xx.xx.122.0/24.

Will that server be routable to ? - just want to be able to reach it not loadbalance it in any way

So i want 2 loadbalanced servers and one just accessible on the same subnet.

I have configured the following on my ACE -

access-list EVERYONE line 10 extended permit tcp any any

rserver host TEST-1

ip address xx.xx.122.1

inservice

rserver host TEST-2

ip address xx.xx.122.2

inservice

serverfarm host TESTFARM

rserver TEST-1

inservice

rserver TEST-2

inservice

class-map match-all VIP-150

2 match virtual-address xxx.xx.121.150 any

class-map type management match-any REMOTE-ACCESS

2 match protocol icmp any

3 match protocol telnet any

4 match protocol ssh any

5 match protocol https any

6 match protocol http any

7 match protocol xml-https any

policy-map type management first-match MGMT_TEST

class REMOTE-ACCESS

permit

policy-map type loadbalance first-match lb-logic

class class-default

serverfarm TESTFARM

policy-map multi-match CLIENT-VIPS

class VIP-150

loadbalance vip inservice

loadbalance policy lb-logic.

int vlan 122

des servers

ip address xx.xx.122.172 255.255.255.0

no shut

int vlan 121

ip address xx.xx.121.1 255.255.255.0

access-group input EVERYONE

service-policy input remote-mgmt

service-policy input CLIENT-VIPS

no shut

ip route 0.0.0.0 0.0.0.0 xx.xx.121.1

service-policy input CLIENT-VIPS

Steve

Marcel Zehnder · ‎05-23-2012

Hi Steve

Yes this will work. As long you have a route on your upstream device (router or firewall) towards the ACE for your server subnet:

"Upstream Device" ----- (interface vlan121) ACE (interface vlan 122) ---- Server

-Your server will be configured with a default gateway of xx.xx.122.172.

-You have to change de default route on the ACE (ip route 0.0.0.0 0.0.0.0 xx.xx.121.1) - At the moment the route is pointing to the IP of the ACE. Change the next hop of the route with the IP of your "upstream device"

-On your upstream device configure a route via the ACE for the server subnet eq. "ip route x.x.122 255.255.255.0 x.x.121.1"

HTH

Marcel

View solution in original post

Marcel Zehnder · ‎05-23-2012

Hi Steve

Yes this will work. As long you have a route on your upstream device (router or firewall) towards the ACE for your server subnet:

"Upstream Device" ----- (interface vlan121) ACE (interface vlan 122) ---- Server

-Your server will be configured with a default gateway of xx.xx.122.172.

-You have to change de default route on the ACE (ip route 0.0.0.0 0.0.0.0 xx.xx.121.1) - At the moment the route is pointing to the IP of the ACE. Change the next hop of the route with the IP of your "upstream device"

-On your upstream device configure a route via the ACE for the server subnet eq. "ip route x.x.122 255.255.255.0 x.x.121.1"

HTH

Marcel

steve switzer · ‎05-23-2012

thanks again maurice !