I'm not sure how I will set up the VLANs yet. And now they are going to add a FWSM into the 6509. Can you explain how the VIP, which appears to be nothing more than a class-map, can live on 2 ACEs? How is this advertised to the network?
Thanks, I have read that (well most of it). I believe my lack of understanding is in the relationship between the class map that defines the VIP and the VLANs/Routing Protocols that are on the ACE and 6500 Sup.
How is this address sitting in a class-map getting advertised out to the core, from 2 different sites, and the Active one being chosen? If this is explained in the above link, feel free to tell me to rtfm. :)
You have a vlan on the supervisor in between your msfc and ace. If the msfc does routing for that vlan interface then anyone can connect to that vlan. So everyone can connect to the ace. The ace uses hsrp/vrrp to make sure only one address is active on one context/box like on routers. A classmap vip you should compare with an interface but only virtual.
So, I must configure a vlan that goes between the MSFC and the ACE, and another between the ACE and the servers? If I create this second VLAN for use on the back end only, (ACE-servers, with an IP on the ACE) will the 6500 see it as directly connected? I ask because I don't think I want to advertise these reals out on OSPF for security reasons. So if i redistribute connected, I only want to pick up VIPs. But, how does a VIP get advertised when it is only in a class-map? Along the same lines...
I must configure HSRP on the ACEs? How can HSRP poll a virtual address that only exists in a class map?
all ip adresses you configure on the ace are not distributed in routing. So if you have an ip address on yhe ace on the server side then this is not distributed by ospf. BTW you do not distribute yhe vips but the network that connects inbetween the ace and the msfc.
HSRP does not poll the virtual address. What you do is setup a ft (fault-tollerant) vlan ont that vlan there is a hearbeat sent by the active box if something goes wrong then the active box stops sending heartbeats and shuts the virtual adresses, at that time the backup activates his virtual adresses and start sending out a heartbeat.
What if the ACE is fine, but has lost access to a serverfarm? I will have many serverfarms off 1 ace, with a duplicate set up on another site. What if one blade enclosure on the primary site fails and needs to go to the secondary. How would the ft group detect this?
I know that he ACE will take the server out of service when the health probes fail, but how does the network know to target the server on the other site?
I'm sorry diro, i don't have the option to say you resolved this issue. :( The box is gone and there is no tech support for the forum that i can find.