0

Does anyone have a simple example of a Cisco ACE (6500 blade or 4710) configuration for one-armed load balancing with SNAT? I have a load balancer in one data center that I want to LB for servers/services in another.

I found the following article: Source NAT on Cisco ACE, but this is a little more complicated than my situation.

Something like:

  • ACE: 10.1.1.1 & ACE VIP: 10.1.1.2
  • Server1: 10.2.1.1 & Server2: 10.2.1.2
  • Client: 10.3.1.1

For example:
Client goes to 10.1.1.2, gets SNAT'd as 10.1.1.1 and the request then load-balanced to Servers 1 & 2. The servers replies would then return to the ACE before being forwarded to the client.

I realize this could result, at times, in inefficient routing so if there are better ways of doing this I would appreciate any suggestions.

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
Peter
  • 5,403
  • 1
  • 25
  • 32

3 Answers3

1

One slight modification to the stated goal is that the SNAT comes out of the pool 10.1.1.10 - 10.1.1.19 instead of the ACE's own IP address.

probe icmp ping
  interval 15
  passdetect interval 60

rserver host testserver
  ip address 10.2.1.1
  probe ping
  inservice
rserver host testserver2
  ip address 10.2.1.2
  probe ping
  inservice

serverfarm host onearm
  predictor leastconns
  rserver testserver
    inservice
  rserver testserver2
    inservice

class-map match-any vip
  2 match virtual-address 10.1.1.2 any

policy-map type loadbalance first-match farm-testfarm
  class class-default
policy-map type loadbalance first-match pmOneArm
  class class-default
    serverfarm onearm

policy-map multi-match vipOneArm
  class vip
    loadbalance vip inservice
    loadbalance policy pmOneArm
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    nat dynamic 10 vlan 15

interface vlan 15
  ip address 10.1.1.1 255.255.255.0
  fragment chain 112
  no icmp-guard
  access-group output ALL
  nat-pool 10 10.1.1.10 10.1.1.19 netmask 255.255.255.0 pat
  service-policy input vipOneArm
  no shutdown
Peter
  • 5,403
  • 1
  • 25
  • 32
0

Check out this link, should be what you're looking for :

http://supportwiki.cisco.com/ViewWiki/index.php/ACE_Client_and_Servers_Hitting_the_Same_VIP_Cisco_Services_Modules

Good luck

0

Here is a link to a basic one-armed config on the ACE doc-wiki site:

http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_One_Arm_Mode_with_Source_NAT_on_the_Cisco_Application_Control_Engine_Configuration_Example

Aaron
  • 101