Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE source IP based predictor


I know that if we use source IP based predictors, the ACE would use a hash of the source IP to load balance the traffic. Is there is capability to make this process deterministic. In other words, I have tthree client subnets accessing the web servers on the same VIP. I want the traffic from subnet 1 to go to server 1 and traffic from subnets 2 and 3 to be loadbalanced to the rest of the servers

any idea on how to get this done ?


Re: ACE source IP based predictor

HI Dinuka,

Session persistence (stickiness) based on client source IP address or HTTP cookies are recommended to be configured on the Cisco ACE for this flow.

IP Address Stickiness

You can use the source IP address, the destination IP address, or both to uniquely identify individual clients and their requests for stickiness purposes based on their IP netmask. However, if an enterprise or a service provider uses a megaproxy to establish client connections to the Internet, the source IP address no longer is a reliable indicator of the true source of the request. In this case, you can use cookies or one of the other sticky methods to ensure session persistence.

Here can be the sample configuration:

resource-class websrv

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 20.00 maximum equal-to-min

rserver host webserver1

ip address


rserver host webserver2

ip address


rserver host webserver3

ip address


serverfarm host werbsrv1only

probe websrv

rserver webserver1 1000


serverfarm host werbsrv123

probe websrv

rserver webserver1 1000


rserver webserver2 1000


rserver webserver3 1000


ACE receives requests to the VIP on port 80 and translates them to port 1000 using the server farm configuration shown above.

The link to the websrv home page is http://websrv:1000/index.html. A probe to this link is configured on ACE as follows:

probe http websrv

port 1000

interval 2

faildetect 2

passdetect interval 2

request method get url /index.html

expect status 200 200

Session persistence can be established by tying the session to an IP address, that uniquely identifies the client.

Create a sticky-group

sticky ip-netmask address source Client_subnet_1

timeout 10

serverfarm werbsrv1only

Change the server farm to the sticky-group:

policy-map type loadbalance first-match basic-slb

class class-default

sticky-serverfarm werbsrv1only

sticky ip-netmask address source Client_subnet_2

timeout 10

serverfarm werbsrv123

sticky ip-netmask address source Client_subnet_3

timeout 10

serverfarm werbsrv123

Here you can find the details in the below url :

I have also attached a jpeg for your reference.

Hope you will get the idea how to use the sticky based on IP address.

Here you can find sample config of similar type:

Thanks and regards,

Sachin Garg

Senior Specialist Security

HCL Comnet Ltd.

A-10, Sector 3, Noida- 201301


Mob: +91-9911757733


New Member

Re: ACE source IP based predictor

Hi Sachin

Thanks for the detailed response. Still a small detail is not clear to me. hope you wouldn't mind me asking another question.

I see that the server farms are defined with sticky configurations based on source ip and the netmask. But with this do i have specific control over to which serverfarm a specific clients request would go to.

For example, i need client subnet to go to rserver1 and client subnet to be load balanced to rserver2 and rserver3. clients in both subnets are sending packets to the same destination VIP

hope this is clear

Cisco Employee

Re: ACE source IP based predictor

you will need to create 2 serverfarms.

1 with rservers to be used by clients from subnet and the other serverfarm with rserver2 and rserver3 to be used by other clients.

You then need to create class-map to match on src ip ie:

class-map type http loadbalance match-all ClientX

2 match source-address

Finally, in your policy-match, you assign the src class-map with the appropriate serverfarm


policy type loadbalance first-match MyPolicy

class ClientX


class class-default


If you need stickyness, you can replace the serverfarm with a sticky-serverfarm.

You can also configure serverfarm2 as a backup-serverfarm for serverfarm1.


Re: ACE source IP based predictor

HI here is the syntax for :

Sticky IP configuration mode commands allow you to create a sticky group for IP address stickiness. To

create a sticky group and access sticky IP configuration mode, use the sticky ip-netmask command. The

prompt changes to (config-sticky-ip). Use the no form of this command to remove the sticky group from

the configuration.

sticky ip-netmask netmask address {source | destination | both} name

no sticky ip-netmask netmask address {source | destination | both} name