Sunday, June 23, 2013

CCIE DC: ACE

Hi Guys

I am not going to spend ages on ACE, nor am I going to study it that hard as hopefully it won't be part of the blueprint for much longer, I just want to get the basics so I can configure it in a jiffy

The navigation to get to the doco for this is:

Product -> Data Centre Application Services -> ACE 4700 Series



Let's quickly go over some of the concepts

The ACE Supports multiple Contexts, there is always a default context Admin

you can create contexts and assign interfaces to them, this is very similiar to contexts on an ASA




These contexts have interfaces allocated to them, and they can also have resources allocated to them such as a certain percentage of CPU etc

resource-class FIRST_RESOURCE
  limit-resource all minimum 10.00 maximum equal-to-min
resource-class SECOND_RESOURCE
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource conc-connections minimum 12.00 maximum equal-to-min
  limit-resource rate bandwidth minimum 0.30 maximum equal-to-min
  limit-resource rate connections minimum 9.00 maximum equal-to-min
  limit-resource sticky minimum 15.00 maximum equal-to-min
  limit-resource xlates minimum 25.00 maximum unlimited





ACE1/FIRST_CONTEXT# show run
Generating configuration....



probe icmp health
  interval 3




This is a probe that is used for health checking, there are several types of probes and each of them has slightly differing options, the ICMP one is obviously fairly basic


rserver host HOST1

  ip address 198.18.100.101
  probe health
  weight 100
rserver host HOST2
  ip address 198.18.100.102
  probe health
  inservice
rserver host HOST3

  ip address 198.18.100.103
   probe health
  inservice






Above is an example of some r-servers, you must be sure to specify the IP address and that they are in service, you can also associate a probe and a weight to individual hosts

serverfarm host WEB
  predictor leastconns
  rserver 198.18.100.101
    weight 100
    inservice
  rserver 198.18.100.102
    inservice
  rserver 198.18.100.103
    inservice



the server farm is where you group the realservers (rservers) together and also where the load balancing algorithm is specified


class-map match-all test
  2 match virtual-address 198.18.100.1 tcp eq www




Next you must define your class-map that matches the virtual address and TCP Port that your virtual server will use:






After this, you specify a policy-map that matches for load-balancing and specifies your serverfarm:


policy-map type loadbalance http first-match MyPolicy
  class class-default
    serverfarm WEB






Now we tie it all together


policy-map multi-match mypolicy1
  class test
    loadbalance vip inservice
    loadbalance policy MyPolicy
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 100
  class class-default









The loadbalance vip inservice brings the VIP into service, you specify your policy, if your policy doesn't have a matching class, you won't be able to specify it, you can also tell the vip to reply via ICMP if it is up and working, finally you have some dynamic NAT you can use, the number you enter here correlates to the NAT pool under the VLAN interface:


interface vlan 100
  ip address 198.18.100.254 255.255.255.0

  nat-pool 1 198.18.100.1 198.18.100.20 netmask 255.255.255.0 pat  service-policy input mypolicy1
  no shutdown


The PAT keyword is that dynamic PAT is used so you can overload the connection.

Quick, Dirty, because I don't want to spend too much time on ACE, sorry guys looking for a more definitive guide



2 comments: