In the past when configuring an 11501 for use with http load balancing I was able to have the VIP and the Service IPs in the same subnet.
I now have an SSL module and would like to continue that form of usage, Ie. http and ssl VIPs are in the same subnet as the service servers. Is this possible?
I have not seen any docs to explicitly say it is not possible and http examples here on cisco.com repeatedly show http load balance setup this way, but all SSL examples show the VIP in a different subnet.
I am mainly trying to save myself work, because I already have a simple firewall design going...basically just inside and outside, and would like to avoid needing to add a DMZ to allow this as only a choice few servers in my farm will go through the CSS for service. I would like to keep all servers in the same subnet if possible. Thanks...
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...