Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3067
Views
5
Helpful
16
Replies

Access to rservers behind ACE

Go to solution
AlexandrKry
Level 1
Level 1

‎07-19-2011 04:40 AM

I have ACE 20 in 6500 configured in routed mode, similar to configuration described here: http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_Routed_Mode_on_the_Cisco_Application_Control_Engine_Configuration_Example

There is a context that has the following VLANs assigned:

Vlan 100 - management interface: 10.0.100.1/24

Vlan 101 - client side interface: 10.0.101.1/24

Vlan 102 - server side interface: 10.0.102.1/24

I have VIP configured (10.0.101.10) and two rservers (10.0.102.11 and 10.0.102.12) in a single server farm.

Servers have 10.0.102.1 as their default gateway.

Load balancing works fine, client connection reaches the rservers via VIP.

My problem is that I cannot connect to real servers behind ACE (10.0.102.11 and 10.0.102.12) directly, without load balancing involved.

The ACE just blocks all the traffic not destined to VIP, although ifaces vlan101 and vlan102 have "permit ip any any" input ACLs.

What else do I need to configure to make this work?

It worked when interfaces 101 and 102 were in bvi, but I need to have multiple contexts with shared vlans.

Labels:
0 Helpful
16 Replies 16

Go to solution
AlexandrKry
Level 1
Level 1
In response to AlexandrKry

‎07-19-2011 10:54 PM

There is one thing I missed out again.

/32 routes on 6k are still necessary if you want to use a single Vlan across multiple contexts whether or not you use dedicated interfaces on servers for management.

0 Helpful

Go to solution
AlexandrKry
Level 1
Level 1
In response to AlexandrKry

‎07-19-2011 11:23 PM

I should clarify this again for someone who get stuck as I did

You can use the same server Vlan for multiple contexts without host routes. To do that you need to have different subnets for each one of them (even though I'm not sure it's a good design).

My solution is to split the server's /24 network into multiple /28 networks and add appropriate routes on 6k.

This way you won't need to add a static route every time you add a server to the context.

Customers Also Viewed These Support Documents