ACE4710 - load-balance with one-arm, one-subnet configuration?
I've been struggling with this for a few hours without finding the ideal solution... I have something up and running using NAT, but I was wondering if there was any other solution.
I want to use the ACE 4710 to load balance requests on an existing infrastructure, so I therefore cannot change anything to the rservers IPs, and I need the VIP to be on the same subnet/vlan as the rservers.
My current solution uses NAT, which I do not really like. Even if I don't really see how this would be possible, I will ask the question anyway: Is there any other way to configure load balancing? I was unable to find anything in the documentation.
If NAT is the only solution, what is the maximum number of sessions a NAT IP can hold (with PAT enabled)?
Re: ACE4710 - load-balance with one-arm, one-subnet configuratio
A valid solution for you would be bridge mode.
This means that the IP Subnet in front of the ACE (Client-side) and the IP Subnet behind (Server-side) are the same, but with two different VLAN IDs.
The ACE bridges traffice from one VLAN to the other.
The servers behind the ACE have the upstream router as default gateway.
This means that
- your servers can maintain their IP Addresses
- The VIP is in the same subnet as the servers
- no NAT is required.
Only thing that needs to be done is change the VLAN on the switchport where your servers are connected on.
Note that the big difference here between one-arm mode and bridge mode is that in one-arm mode the ACE is not in the datapath. Everything that needs to be load-balanced is send to the ACE, all direct server traffic is send to the server bypassing the ACE.
In bridge mode, the ACE sits in the datapath. All traffic to your servers (load-balanced or not) goes through the ACE.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...