Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Configure URL Load balancing on Cisco ACE

 

 

Introduction

Cisco ACE working as loadbalancer helps to decide which server should serve a client request. The job of the load balancer is to select the server that can successfully fulfill the client request and do so in the shortest amount of time without overloading either the server or the server farm as a whole.

 

Real Servers and Server Farms

To provide services to clients, you configure real servers (the actual physical servers) on the ACE. Real servers provide client services such as HTTP or XML content, hosting websites, FTP file uploads or downloads, redirection for web pages that have moved to another location, and so on. The ACE also allows you to configure backup servers in case a server is taken out of service for any reason.
Servers are organized into related groups called server farms. Servers within server farms often contain identical content (referred to as mirrored content) so that if one server becomes inoperative, another server can take its place immediately. Also, mirrored content allows several servers to share the load of increased demand..

 

There are three different ways to use ACE for URL load balancing:

a) Bridged Mode: The client traffic enters on one VLAN and is bridged to servers residing on a second VLAN. The VIP and server IPs reside in the same network.

b) One-arm Mode: The client traffic enters on one VLAN and Network Address Translation (NAT) is used when sending the client request out the same VLAN to the servers.

c) Routed Mode: The client traffic enters on one network and is directed to servers residing on a second network. The server farm for each request will be chosen based on the URL being requested.

 

Network Diagram

URL.png

Configure URL Load balancing

Follow the steps for configuring URL load balancing on ACE:

 

1) Create access-lists to permit client connections via ACE. Although this document shows "permit ip any any" command, in practice it is advisable to only allow networks that should access the servers behind.

 

ACE(config)# access-list everyone extended permit ip any any

 

2) Cisco ACE needs to know the IP address of the servers available to handle client connections. The rserver command is used to define the IP address of the service. In addition, each rserver must be place in service for it to be used.

 

ACE(config)# rserver web1

ACE(config-rserver-host)# ip add 192.168.1.11

ACE(config-rserver-host)# inservice

ACE(config-rserver-host)# rserver web2

ACE(config-rserver-host)# ip add 192.168.1.12

ACE(config-rserver-host)# inservice

ACE(config-rserver-host)# rserver web3

ACE(config-rserver-host)# ip add 192.168.1.13

ACE(config-rserver-host)# inservice

 

3) Group the rservers to be used to handle client connections into a server farm. Again, the rserver must be placed in service.

 

ACE(config)# serverfarm web

ACE(config-sfarm-host)# rserver web1

ACE(config-sfarm-host-rs)# inservice

ACE(config-sfarm-host-rs)# rserver web2

ACE(config-sfarm-host-rs)# inservice

ACE(config-sfarm-host-rs)# rserver web3

ACE(config-sfarm-host-rs)# inservice

 

4) Use a class-map to define the VIP where clients will be sending their requests. In this example, the VIP is considered L3 (Layer 3) because there is a match on any port. If the VIP were to match only HTTP traffic, the match would be bound to port 80 and considered an L4 (Layer 4) VIP.

 

ACE(config)# class-map slb-vip

ACE(config-cmap)# match virtual-address 172.16.1.101 any

 

5) Next define the action to take when a new client request arrives.

 

ACE(config)# policy-map type loadbalance http first-match slb-logic

ACE(config-pmap-lb)# class class-default

ACE/bridged(config-pmap-lb-c)# serverfarm webfarm

 

6) Since the VIPs and load-balancing actions are defined independently, they must be associated so that the Cisco ACE knows how to handle traffic destined for a VIP. The association is made using a multimatch policy map.

 

ACE(config)# policy-map multi-match client-vips

ACE(config-pmap)# class slb-vip

ACE(config-pmap-c)# loadbalance policy slb

ACE(config-pmap-c)# loadbalance vip inservice

 

7) At this point the configuration changes depending on what ACE mode you are using:

 

a) For Bridged mode:

Create the interface vlans and BVI to connect client and server side networks:

 

ACE(config)# interface vlan 20

ACE(config-if)# description “Client Side”

ACE(config-if)# bridge-group 5

ACE(config-if)# no shutdown

 

ACE(config-if)# interface vlan 40

ACE(config-if)# description “Server Side”

ACE(config-if)# bridge-group 5

ACE(config-if)# no shutdown

 

ACE(config-if)# interface bvi 5

ACE(config-if)# description “client – server bridge group”

ACE(config-if)# ip address 172.16.3.5 255.255.255.0

 

b) For One-arm mode:

In the step 6 policy-map config add the following line for natting. “nat dynamic” is configured to make the Cisco ACE source NAT all client requests. The nat-pool will be defined in a step 8.

 

ACE(config-pmap-c)# nat dynamic 2 vlan 20

 

Create interface vlan to connect ACE with the network.

 

ACE(config)# interface vlan 20

ACE(config-if)# description “Client-Sever VLAN”

ACE(config-if)# ip address 172.16.5.5 255.255.255.0

ACE(config-if)# no shutdown

 

c) For Routed mode:

Create interface vlans to connect ACE with client and server network.

 

ACE(config)# interface vlan 20

ACE(config-if)# description “Client Side”

ACE(config-if)# ip address 172.16.1.5 255.255.255.0

ACE(config-if)# no shutdown

 

ACE(config-if)# interface vlan 40

ACE(config-if)# description “Default gateway of real servers”

ACE(config-if)# ip address 192.168.1.1 255.255.255.0

ACE(config-if)# no shutdown

 

8) Apply the access-list and the service policy to client side interface.

 

ACE(config)# interface vlan 20

ACE(config-if)# access-group input everyone

ACE(config-if)# service-policy input client-vips

 

For One-arm config you will also need to add the nat-pool in this step under client side interface.

 

ACE(config-if)# nat-pool 2 172.16.5.200 172.16.5.209 netmask 255.255.255.0 pat

 

Note: If you have separate server farms set for specific purposes, the traffic will go to default serverfarm only when the client doesn't match any of the conditions set. You can also install live http or iehttp utility on the client itself to see what is the difference in HTTP header information that is not matching any of the conditions above and packet gets sent to the default serverfarm.

 

Related Information

Overview of Server Load Balancing

URL Load Balancing Using Routed Mode
URL Load Balancing Using Bridged Mode
URL Load Balancing Using One Arm Mode

Version history
Revision #:
2 of 2
Last update:
‎08-29-2017 05:36 AM
Updated by:
 
Labels (1)
Contributors
Everyone's tags (5)