new to ace just purchased a new blade, could somebody advise on deployment in routed and single arm mode. if a client connects to the vip can the traffic route back out the vip interface to the servers. we have a dmz were we want to deploy a vip, once the packet enters the dmz and hits the vip can the servers be located on the same subnet as the vip and also a backup server on another dmz or even the inside of the firewall.
I am also fairly new to the ACE modules, but I think I can answer your question. Yes the servers can be located on the same subnet as the VIP. As for the backup servers, as long as the ACE can reach the servers via IP you can load balance servers even if they are if different VLANs or DMZ's.
I have a context in one arm mode and would suggest against it unless you do not have a choice. Even though one arm mode is easy to set up, it can be a little hard to troubleshoot if you have source NAT enabled, if you do not have Source NAT enabled on the ACE, you will have to configure PBR on the MFSC of the 6500 and specify what you want to go to the ACE(what needs to be load balanced).
If you configure the ACE in routed mode, be sure that you configure it so that you do not run into an assymetrical routing issues.
Like I said; I am fairly new to these load balancers, but we have very talented folks on this site that can assist you with almost any ACE related question that you may have.
Hi John thanks for the reply, if the servers are in the same subnet do you have to use two Vlan with a bridge connection ? the issue i have is the entry point is from a checkpoint firewall, the data traffic comes into the Checkpoint and enters a dmz interface that i was going to put into the 6500 and onto the ACE module, only layer 2 on the 6500 as i dont want to compromise security. this would hit the VIP interface, after that does the traffic have to come out into a separate VLAN hence the bridge connection on the 6500 ? Sorry for the long question but a little confused on the flow of traffic ?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...