I'm trying to design a CSS configuration that allows servers in the same vlan to be the source and destination of load-balanced traffic. My thought is to add two new vlans, one for the VIPs and one for the servers, then NAT the source IPs going from the LB to the servers.
Is this the right way to do it?
I've never NATted using CSSs, so I wanted to verify what I'm thinking.
The config looks in good shape, the only thing is that since you'll be doing LB from/to a server that is already defined as a service within the CSS your source group should use "add service" instead of add destination service,. also depending on your servers' default gateway it would be better if you use a NAT IP address from the 772 VLAN so that both hosts will think they're L2 adjacent to it and L3 routed won't be required.
source group mysourcegroup vip address add service vlan772-server1 add service vlan772-server2
Rather than applying source nat to the server-initated connections when they come out of the server vlan and into the VIPs one (which I'm not sure even if it would work), you should just go for a one-arm design, with the VIPs in the same vlan as the servers and with source NAT applied to the connections.
I would recommend you to have a look at the link below. It shows a configuration example for the same topology you are trying to use.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...