Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ACE network design question


I am considering a network design that will have ACE and FWSM modules in end of row 6500 distribution switches. The server farms would have their gateways set to a vlan SVI on the 6500, with a PBR map on the SVI so that reply traffic to load-balanced rservers/protocols would get routed via the ACE so it doesn't need to sit inline.

The end of row distribution switches would be the L2 boundary, with L3 routing back to the core.

The problem I'm considering is that a server in any row must be able to be a member of a server farm on any of the end of row distribution switch ACEs.

Will this scenario work, where there is potentially no L2 adjacency from the ACE to the server farms? Can the ACE deal with having rservers in different L3 subnets which are potentially multiple IP hops away?

Any known caveats/problems with this approach?

Many thanks for any advice/comments,


New Member

Re: ACE network design question

My china i studying student

New Member

Re: ACE network design question

For anyone considering a similar design, I have labbed this up and all appears to work Ok, though you need to disable TCP normalization on the ACE (disclaimer: this affects/disables some security features) in order for it to route return traffic that doesn't match a load-balanced flow back to the supervisor (as opposed to dropping it).

CreatePlease to create content