Cisco ACE - one armed load balancing with SNAT

cisco load-balancing cisco-ace
7,673

One slight modification to the stated goal is that the SNAT comes out of the pool 10.1.1.10 - 10.1.1.19 instead of the ACE's own IP address.

probe icmp ping
  interval 15
  passdetect interval 60

rserver host testserver
  ip address 10.2.1.1
  probe ping
  inservice
rserver host testserver2
  ip address 10.2.1.2
  probe ping
  inservice

serverfarm host onearm
  predictor leastconns
  rserver testserver
    inservice
  rserver testserver2
    inservice

class-map match-any vip
  2 match virtual-address 10.1.1.2 any

policy-map type loadbalance first-match farm-testfarm
  class class-default
policy-map type loadbalance first-match pmOneArm
  class class-default
    serverfarm onearm

policy-map multi-match vipOneArm
  class vip
    loadbalance vip inservice
    loadbalance policy pmOneArm
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    nat dynamic 10 vlan 15

interface vlan 15
  ip address 10.1.1.1 255.255.255.0
  fragment chain 112
  no icmp-guard
  access-group output ALL
  nat-pool 10 10.1.1.10 10.1.1.19 netmask 255.255.255.0 pat
  service-policy input vipOneArm
  no shutdown
Share:
7,673

Related videos on Youtube

dim
Author by

dim

Interested in cloud, networking & security. Hobbies: playing with my kids, Judo & Jujitsu.

Updated on September 17, 2022

Comments

  • dim
    dim over 1 year

    Does anyone have a simple example of a Cisco ACE (6500 blade or 4710) configuration for one-armed load balancing with SNAT? I have a load balancer in one data center that I want to LB for servers/services in another.

    I found the following article: Source NAT on Cisco ACE, but this is a little more complicated than my situation.

    Something like:

    • ACE: 10.1.1.1 & ACE VIP: 10.1.1.2
    • Server1: 10.2.1.1 & Server2: 10.2.1.2
    • Client: 10.3.1.1

    For example:
    Client goes to 10.1.1.2, gets SNAT'd as 10.1.1.1 and the request then load-balanced to Servers 1 & 2. The servers replies would then return to the ACE before being forwarded to the client.

    I realize this could result, at times, in inefficient routing so if there are better ways of doing this I would appreciate any suggestions.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Cisco Load Balancer (ACE 4710) can it do redirect to a different domain?
Cisco dual static default routes to WAN
Configuring a DHCP server with VLAN on a switch
What is the difference between exec_command and send with invoke_shell() on Paramiko?
Cisco VPN Client automatic login
"You must specify a valid --with-apxs path" when building mod_jk on ubuntu
aws load balancer with no health check? or make it work with non-200 response?
Adding header to response for specific URLs with HAproxy
How to setup Letsencrypt for Google Cloud Compute Engine load balancer?
Load balancer and session management