Sunday, June 23, 2013


Hi Guys

I am not going to spend ages on ACE, nor am I going to study it that hard as hopefully it won't be part of the blueprint for much longer, I just want to get the basics so I can configure it in a jiffy

The navigation to get to the doco for this is:

Product -> Data Centre Application Services -> ACE 4700 Series

Let's quickly go over some of the concepts

The ACE Supports multiple Contexts, there is always a default context Admin

you can create contexts and assign interfaces to them, this is very similiar to contexts on an ASA

These contexts have interfaces allocated to them, and they can also have resources allocated to them such as a certain percentage of CPU etc

resource-class FIRST_RESOURCE
  limit-resource all minimum 10.00 maximum equal-to-min
resource-class SECOND_RESOURCE
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource conc-connections minimum 12.00 maximum equal-to-min
  limit-resource rate bandwidth minimum 0.30 maximum equal-to-min
  limit-resource rate connections minimum 9.00 maximum equal-to-min
  limit-resource sticky minimum 15.00 maximum equal-to-min
  limit-resource xlates minimum 25.00 maximum unlimited

Generating configuration....

probe icmp health
  interval 3

This is a probe that is used for health checking, there are several types of probes and each of them has slightly differing options, the ICMP one is obviously fairly basic

rserver host HOST1

  ip address
  probe health
  weight 100
rserver host HOST2
  ip address
  probe health
rserver host HOST3

  ip address
   probe health

Above is an example of some r-servers, you must be sure to specify the IP address and that they are in service, you can also associate a probe and a weight to individual hosts

serverfarm host WEB
  predictor leastconns
    weight 100

the server farm is where you group the realservers (rservers) together and also where the load balancing algorithm is specified

class-map match-all test
  2 match virtual-address tcp eq www

Next you must define your class-map that matches the virtual address and TCP Port that your virtual server will use:

After this, you specify a policy-map that matches for load-balancing and specifies your serverfarm:

policy-map type loadbalance http first-match MyPolicy
  class class-default
    serverfarm WEB

Now we tie it all together

policy-map multi-match mypolicy1
  class test
    loadbalance vip inservice
    loadbalance policy MyPolicy
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 100
  class class-default

The loadbalance vip inservice brings the VIP into service, you specify your policy, if your policy doesn't have a matching class, you won't be able to specify it, you can also tell the vip to reply via ICMP if it is up and working, finally you have some dynamic NAT you can use, the number you enter here correlates to the NAT pool under the VLAN interface:

interface vlan 100
  ip address

  nat-pool 1 netmask pat  service-policy input mypolicy1
  no shutdown

The PAT keyword is that dynamic PAT is used so you can overload the connection.

Quick, Dirty, because I don't want to spend too much time on ACE, sorry guys looking for a more definitive guide