O   R o u r k e s . u s
   h o m e   |   n e w s   |   p h o t o s   |   w e b m a i l   |   r e s u m e s   |   b l o g   |   T w i t t e r

Computer/Network tips, tricks and other stuff I always forget

One Arm Load Balancing on the ACE

September 23rd, 2009 Posted in Cisco, Networking

Below is a sample configuration which will use the ACE module to provide load balancing of real servers through the network.  In this example, the ACE NAT’s all calls from a client to get traffic back to the ACE so that the ACE sees the whole flow of traffic.  A quick diagram is also attached.

ACE-1/onearm# sho run
Generating configuration….

access-list ALLOW line 8 extended permit ip any any
access-list ALLOW line 16 extended permit icmp any any

rserver host one
ip address 2.2.2.2
inservice
rserver host two
ip address 2.2.2.3
inservice

serverfarm host web
rserver one
inservice
rserver two
inservice

class-map match-all slb-vip
2 match virtual-address 1.1.1.254 any

policy-map type management first-match remote-access
class class-default
permit

policy-map type loadbalance first-match slb
class class-default
serverfarm web

policy-map multi-match client-vips
class slb-vip
loadbalance vip inservice
loadbalance policy slb
nat dynamic 1 vlan 100

interface vlan 100
description “Client-Server VLAN”
ip address 1.1.1.2 255.255.255.0
access-group input ALLOW
service-policy input client-vips
service-policy input remote-access
nat-pool 1 1.1.1.20 1.1.1.21 netmask 255.255.255.0 pat
no shutdown

ip route 0.0.0.0 0.0.0.0 1.1.1.1

One Arm Load Balancing

  1. 4 Responses to “One Arm Load Balancing on the ACE”

  2. By Abhijit on Dec 12, 2009

    HI, wanted to know the traffic flow from Client to the Server and back to the Client [in Source-Dest IP notation] without using the SNAT.

  3. By keith on Dec 13, 2009

    In the Cisco documentation, it calls out the need for SNAT or policy-based routing in order to get traffic from the client to the ACE for load balancing and continue on to the real server. I could not find the reference in the documentation, but I am fairly sure I have read about using one-arm mode without SNAT but it was dependent on the application on whether or not it works.

    In one-arm mode, you configure the ACE with a single VLAN that handles both client requests and server responses. For one-arm mode, you must configure the ACE with client-source network address translation (NAT) or policy-based routing (PBR) to send requests through the same VLAN to the server.

    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/getting/started/guide/one_arm.html#wpxref37375

  4. By Umesh on Jul 2, 2010

    Hi All ,

    what if i have servers in different VLAN IP range , In this case can i have to configure different VLAN for each servers as currently servers are on different VLAN IP on CSS ?
    We are planning for CSS – ACE migration and just confuse with the design .

  5. By keith on Jul 3, 2010

    If you are running the ACE in one-arm mode, then it does not matter what VLAN the servers are in since the servers can be one or more layer 3 hops away from the ACE. Below is a link to the Cisco site which has a CSS to ACE conversion tool. Look for another post very soon which will illustrate the other deployment methods for the ACE i.e. running the ACE in a layer 2 or a layer 3 mode inline with the servers.

    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/css_to_ace/user/guide/cssaceug.html

Post a Comment