Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE - POC

Please can you advise me of any flaws in this concept. They are 6500s with ACE modules.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: ACE - POC

no prob

13 REPLIES
Bronze

Re: ACE - POC

Looks OK, but why the msfc on the server side since your using the ace as dg?

Community Member

Re: ACE - POC

I'm not sure how I will set up the VLANs yet. And now they are going to add a FWSM into the 6509. Can you explain how the VIP, which appears to be nothing more than a class-map, can live on 2 ACEs? How is this advertised to the network?

Bronze
Community Member

Re: ACE - POC

Thanks, I have read that (well most of it). I believe my lack of understanding is in the relationship between the class map that defines the VIP and the VLANs/Routing Protocols that are on the ACE and 6500 Sup.

How is this address sitting in a class-map getting advertised out to the core, from 2 different sites, and the Active one being chosen? If this is explained in the above link, feel free to tell me to rtfm. :)

Bronze

Re: ACE - POC

You have a vlan on the supervisor in between your msfc and ace. If the msfc does routing for that vlan interface then anyone can connect to that vlan. So everyone can connect to the ace. The ace uses hsrp/vrrp to make sure only one address is active on one context/box like on routers. A classmap vip you should compare with an interface but only virtual.

Community Member

Re: ACE - POC

So, I must configure a vlan that goes between the MSFC and the ACE, and another between the ACE and the servers? If I create this second VLAN for use on the back end only, (ACE-servers, with an IP on the ACE) will the 6500 see it as directly connected? I ask because I don't think I want to advertise these reals out on OSPF for security reasons. So if i redistribute connected, I only want to pick up VIPs. But, how does a VIP get advertised when it is only in a class-map? Along the same lines...

I must configure HSRP on the ACEs? How can HSRP poll a virtual address that only exists in a class map?

Bronze

Re: ACE - POC

all ip adresses you configure on the ace are not distributed in routing. So if you have an ip address on yhe ace on the server side then this is not distributed by ospf. BTW you do not distribute yhe vips but the network that connects inbetween the ace and the msfc.

HSRP does not poll the virtual address. What you do is setup a ft (fault-tollerant) vlan ont that vlan there is a hearbeat sent by the active box if something goes wrong then the active box stops sending heartbeats and shuts the virtual adresses, at that time the backup activates his virtual adresses and start sending out a heartbeat.

Community Member

Re: ACE - POC

What if the ACE is fine, but has lost access to a serverfarm? I will have many serverfarms off 1 ace, with a duplicate set up on another site. What if one blade enclosure on the primary site fails and needs to go to the secondary. How would the ft group detect this?

Community Member

Re: ACE - POC

I know that he ACE will take the server out of service when the health probes fail, but how does the network know to target the server on the other site?

Bronze

Re: ACE - POC

no you will then need to use a redirect

Community Member

Re: ACE - POC

I will read up on that, thanks. I think it's about time i gave you a point! If I have more questions I will start a new thread.

Community Member

Re: ACE - POC

I'm sorry diro, i don't have the option to say you resolved this issue. :( The box is gone and there is no tech support for the forum that i can find.

Bronze

Re: ACE - POC

no prob

227
Views
23
Helpful
13
Replies
CreatePlease to create content