cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
363
Views
0
Helpful
3
Replies

Comparing ACE to CSS

Sbutzek
Level 1
Level 1

I'm currently evaluating the ACE module for out enviroment.

May we will take out all our CSS11500 and convert to the ACE Module.

But i have a feq Questins about the Config.

1)

Sometimes i currently use groups for source-nat. I do nat the source-IP in the same VIP as the content rule.

How can i archive this also for the ACE?

I'm missing somthing line "nat client" how it is working on the CSM.

2)

Also i have a general Question about NAT on the ACE.

I have an enviroment where i have many VIPs pointing do my different servers.

If a client is accessing the VIP there is only a destination NAT done by the content rule loadbalancing.

For all Connections which are initiated from the servers i do a NAT/PAT into a group.

"clause 100 permit any nql servernet destination any sourcegroup nat-out"

Can the Ace handle this similar, so that only connections from inside are translated?

Sven

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

1/ with ACE, you define a natpool under the interface that will be used to reach the server.

Then, you assign the natpool to your policy map.

ie:

interface vlan 30

natpool 1 172.16.1.10 172.16.1.15 netmask 255.255.255.0

policy multimatch SLB1

class VIP122

nat dynamic 1 vlan 30

2/ you can use a different policy-map for your internal interface where you do nat. And on the external interface you have a policy with no nat.

Gilles.

Great, but now i have another question.

It is about Cookies and Stickyness, very complex:

On CSS i can have a cookie like this:

"Cookie: hrz-server1!sessionid=189545484f9u85"

"Cookie: hrz-server2!sessionid=289545484f9u85"

....

"Cookie: hrz-server6!sessionid=685u4895454u85"

and Search for the prefix "hrz-" searching the cookie String

"server1"

"server2"

...

"server3"

to determine the right server and end up with a eos Char of "!".

On The Ace, i have to tell, how the cookie is named, but the Name of the cookie itself differs more than tow times. I think the name of thee cookie is

"hrz-server1!sessionid"

"hrz-server2!sessionid"

...

"hrz-server3!sessionid"

Is this right, that the ACE searchs the name of the cookie, or does it work like the prefix on the css and is not correctly documented?

Any Idea how i can stick the client to the right Server using a cookie like here with the ACE Module?

Sven

Sven,

here is how you have to do it with ACE:

class-map type http loadbalance match-all hz-server1

2 match http header Cookie header-value ".*server1.*"

Do the same class-map for each of the server.

Then create a policy like this

policy-map type loadbalance first-match LB-L7

class hz-server1

serverfarm server1

class hz-server2

serverfarm server2

class class-default

serverfarm linux1

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: