07-13-2008 05:26 PM
I'm about to do my first ACE install. I'm familiar with the CSS but am having difficulty getting my arms around some ACE concepts. Your assistance is appreciated.
1) When using mutiple contexts, does the L2 configs such as trunking, channel groups, etc go into the "admin" context or do they go in the individual contexts? Is that true with the VLAN interfaces also?
2) I'm looking at the ACE quick config guide and have a questions with the example they show (see below). In particular, their use of the "default-class" and how it is listed first in the first-match policy map...
class-map match-all L4_VIP_ADDRESS_CLASS
10 match virtual-address 172.16.110.9 any
policy-map type loadbalance first-match L7_VIP_LB_ORDER_POLICY
class CLASS-DEFAULT
serverfarm SFARM1
policy-map type multi-match L4_LB_VIP_POLICY
class L4_VIP_ADDRESS_CLASS
loadbalance vip inservice
loadbalance L7_VIP_LB_ORDER_POLICY
3) Conceptually, the Policy Map appears to me to tie in a class-map that specifies the front-end (VIP) traffic and the class-map that ties in the back-end server farm. Is that fair?
4) Does NAT happen automatically or do I need to specify it like in the CSM?
THANKS!!!
Mike.
07-13-2008 07:28 PM
1) Ethernet Interface config (duplex, speed, ....), Trunking ,Portchannel and FT config is done in Admin context.
You assign vlans from Admin contexts to non-Admin contexts using "allocate-interface vlan" command in Admin Context. Then you create vlan interfaces in user (Or even in Admin context if needed) contexts.
2. Default-class is only used when all classes fail to match.In situations where there is no need to match any advance characteristics of the traffic, this is the only class that is used under a policy map. One such example is Layer 4 policy.
3. There are different tpe of class-maps and policy-maps on ACE. For a typical Layer 4 LB rule You need following
a. Class-map
To match traffic against Virtual address -- VIP)
b. Multi-match policy
It will create kind of "if-then-else" logic for different "Virtual address matching" class-maps.This policy matches the vip and then call the "loadbalance policy" for interesting traffic ( which selects appropriate server farm).
c. Load balance policy
It will match a different set of class maps and will select Serverfarm based on the matching criteris (default-class is used here as last resort class).
If you need to match Layer 7 stuff (url, cookies, haeaders...) then you need to create class-maps to map these conditions and these class-maps will be used in "Load balance policy-maps"
4. Source NAT doesnt happen automatically in most LB devices (same is the case here). Normally destination NAt (VIP -> Real Server) happens by default on all LB devices (Same is the case here).
HTH
Syed Iftekhar Ahmed
07-14-2008 04:50 AM
Syed,
Thanks for taking the time. Good stuff....this definitely helps.
Thanks,
Mike.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: