ACE-1/onearm #show service-policy client-vips



Similar documents
3 k t h R e m e A c c e s s b t t t V T T c h t h p V T. Cl ic e ot rad io ut on nex o PN unnel yp e and oose e ap rop riat e PN unnel Int erfac e. 4.

H ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct





1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ).









Campus Sustainability Assessment and Related Literature


Put the human back in Human Resources.

proxy cert request dn, cert, Pkey, VOMS cred. (short lifetime) certificate: dn, ca, Pkey mod_ssl pre-process: parameters->

PSTN. Gateway. Switch. Supervisor PC. Ethernet LAN. IPCC Express SERVER. CallManager. IP Phone. IP Phone. Cust- DB


Overview of Spellings on

AN EVALUATION OF SHORT TERM TREATMENT PROGRAM FOR PERSONS DRIVING UNDER THE INFLUENCE OF ALCOHOL P. A. V a le s, Ph.D.

Understanding, Modelling and Improving the Software Process. Ian Sommerville 1995 Software Engineering, 5th edition. Chapter 31 Slide 1



I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y

<?xml version="1.0" encoding="utf-8"?> <soapenv:envelope xmlns:soapenv="



(RH 7.3, gcc ,VDT 1.1.6, EDG 1.4.3, GLUE, RLS) Tokyo BNL TAIWAN RAL 20/03/ /03/2003 CERN 15/03/ /03/2003 FNAL 10/04/2003 CNAF

CUSTOMER INFORMATION SECURITY AWARENESS TRAINING

SCO TT G LEA SO N D EM O Z G EB R E-


III Bienal de Autismo Página 1 / 43


How To Manage A Large Amount Of Information From A Computer To A Computer

EM EA. D is trib u te d D e n ia l O f S e rv ic e



How To Be A Successful Thai





In English there are 26 letters which represent 44 phonemes. These phonemes are represented by approximately 140 different letter combinations.

Ma teria ls to fix p osters to the b oa rd s will b e p rovid ed b y the organization at the Conference site.

California Treasures Phonics Scope and Sequence K-6




1. Oblast rozvoj spolků a SU UK 1.1. Zvyšování kvalifikace Školení Zapojení do projektů Poradenství 1.2. Financování


Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage

Thuraya XT-LITE Simple. Reliable. Affordable.

Workload Management Services. Data Management Services. Networking. Information Service. Fabric Management




HR DEPARTMENTAL SUFFIX & ORGANIZATION CODES

Bewährte Six Sigma Tools in der Praxis

RELEASE OF LIABILITY, WAIVER OF CLAIMS, ASSUMPTION OF RISKS AND INDEMNITY AGREEMENT

Online Department Stores. What are we searching for?

Future Trends in Airline Pricing, Yield. March 13, 2013

R e t r o f i t o f t C i r u n i s g e C o n t r o l

bow bandage candle buildings bulb coins barn cap corn


STUDENT HEALTH INSURANCE



Middagserie Eschatologie Oosterparkkerk, Amsterdam, December 2007

Lockheed Martin s Move to Assurance: Software Safety and Security Certification Best Practices (BP)

T c k D E GR EN S. R a p p o r t M o d u le Aa n g e m a a k t o p 19 /09 /2007 o m 09 :29 u u r BJB M /V. ja a r.

d e f i n i c j i p o s t a w y, z w i z a n e j e s t t o m. i n. z t y m, i p o jі c i e t o


HB REFERENCE TI TLE: f i r e a r ms ; s t a t e pr e e mpt i on; pe na l t i e s

Q & A for the IEEE Comprehensive HealthCare Plan Transition


BLADE 12th Generation. Rafał Olszewski. Łukasz Matras

Phonics Scope and Sequence Struggling or At Risk Readers. Phonological Awareness and Letter Naming : Early Literacy Kindergarten or first grade 1


Heliophysics Integrated Observatory Coordinated Data Analysis Workshop

SEPTEMBER Unit 1 Page Learning Goals 1 Short a 2 b 3-5 blends 6-7 c as in cat 8-11 t p

Third Party Risks. Mick Atteberry Nebraska CERT Conference August August

Page 1 of 97. PADS System Management

Professional Indemnity Insurance Proposal Form

Scalix - The Future of Marketing

Connecticut Energy Efficiency Fund Commercial and Industrial Programs: Helping Connecticut Businesses Control and Reduce their Energy Costs


W h a t is m e tro e th e rn e t

Transcription:

M A C E E x a m Basic Load Balancing Using O ne A r m M ode w it h S ou r ce N A T on t h e C isco A p p licat ion C ont r ol E ngine Goal Configure b a s ic l oa d b a l a nc ing (L a y er 3 ) w h ere c l ient t ra ffic ent ers on one V L AN a nd N et w ork Ad d res s T ra ns l a t ion (N AT ) is us ed w h en s end ing t h e c l ient req ues t out t h e s a m e V L AN t o t h e s erv ers. T h e s erv ers w il l res p ond t o t h e Cis c o Ap p l ic a t ion Cont rol E ngine (ACE ), w h ere t h e s erv er s I P is rep l a c ed w it h t h e V I P a nd t h e res p ons e m m ul t il a y er s w it c h fea t ure c a rd (M S F C). De s i g n es s a ge is s ent t o t h e c l ient v ia t h e Cl ient s w il l s end a p p l ic a t ion req ues t s t h rough t h e M F S C, w h ic h rout es t h em t o a v irt ua l I P a d d res s (V I P) w it h in ACE. T h e V I P us ed in t h is ex a m p l e res id es in a n ACE c ont ex t, w h ic h is c onfigured w it h a s ingl e V L AN t o h a nd l e c l ient a nd s erv er c om m unic a t ion (F igure 1.). Cl ient req ues t s w il l a rriv e a t t h e V I P a nd t h e Cis c o ACE w il l p ic k t h e a p p rop ria t e s erv er t o h a nd l e t h e req ues t. ACE w il l rew rit e t h e d es t ina t ion I P t o t h a t of t h e rs erv er a nd rew rit e t h e s ourc e I P w it h one from a na t -p ool. O nc e t h e c l ient req ues t is ful l y N AT d it w il l b e s ent t o t h e s erv er ov er t h e s a m e V L AN w h ic h it w a s origina l l y rec eiv ed. T h e s erv er w il l res p ond t o t h e Cis c o ACE, b a s ed on t h e s ourc e I P of t h e req ues t. T h e Cis c o ACE w il l rec eiv e t h e res p ons e, c h a nge t h e s ourc e I P t o b e t h e V I P, a nd s end it t o t h e M S F C. T h e M S F C w il l forw a rd t h e res p ons e t o t h e c l ient. Figure 1. E x a m p l e o f a N e t w o r k T o p o l o g y U s i n g a C i s c o A p p l i c a t i o n C o n t r o l E n g i n e S erv ers C l ien t 209.165.203.10 Inte r ne t 172.16.5.1 V L A N 50 S FC 19 2.168.5.1 V L A N 51 19 2.168.5.11 19 2.168.5.13 19 2.168.5.12 Int: 172.16.5.5 V IP : 172.16.5.100 19 2.168.5.14 A C E 19 2.168.5.15 Con f i g u r at i on T h e Cis c o ACE need s t o b e c onfigured v ia a c c es s c ont rol l is t s (ACL s ) t o a l l ow t ra ffic int o t h e Cis c o ACE d a t a p l a ne. Aft er t h e ACL c h ec k s a re m a d e, a s erv ic e p ol ic y, w h ic h is a p p l ied t o t h e int erfa c e, is us ed t o c l a s s ify t ra ffic d es t ined for t h e V I P. T h e V I P is a s s oc ia t ed w it h a l oa d -b a l a nc ing a c t ion w it h in t h e m ul t im a t c h p ol ic y. T h e l oa d -b a l a nc ing a c t ion t el l s t h e Cis c o ACE h ow t o h a nd l e t ra ffic t h a t h a s b een d irec t ed t o a V I P. I n t h is ex a m p l e, a l l t ra ffic is s ent t o a s erv er fa rm, w h ere it is d is t rib ut ed in round -rob in fa s h ion t o one of fiv e rea l s erv ers. T h e Cis c o ACE c onfigura t ion oc c urs in All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 1 of 5

W A C E E x a m l a y s h t h a t b d s t h l I t a p p l y t h V I a c D t t h l a y s t t t a l t c t t h c t b y w b a c k w a t h w a y t h p s T h t b l s l d b a l a y t d t h l E b l s t a l l d a t a t t h t h c d a s d b y d t t h I t h s G t h l s t a s D t h v l I a d d s I D h t t b h a l a s t a p y m a p l d b a l a s t a V I t a h a l a c t t a m t a t c h p y m a p [ a s p y ] t c l a s c c p l y t h V I a p t c l c t t t h c p p l y a c c s a s p y t c ers, uc it uil from e rea Ps o ing e P on n int erfa e. ue o is ered ruc ure, it is op im o rea e e onfigura ion ork ing rd from e e fl ow is roc es ed. us, o ena e erv er oa nc ing ou need o o e fol ow ing: na e ACL o ow ra ffic rough e Cis o ACE ev ic e, it is enied efa ul. Configure e Ps of e erv ers (d efine rs erv ers ). roup e rea erv ers (c rea e erv er fa rm ). efine e irt ua P res (V P). efine ow ra ffic is o e nd ed it is rec eiv ed (c rea e ol ic for oa nc ing). As oc ia e P o nd ing ion (c rea e ul im ol ic erv ic e ol ic ) Crea e ient - nd erv er-fa ing int erfa es. Ap e P nd ACL erm it ing ient onnec ions o e int erfa e (a es group nd erv ic e ol ic o int erfa e). T o b egin t h e c onfigura t ion, c rea t e a n a c c es s l is t for p erm it t ing c l ient c onnec t ions. ACE-1 / o n e a r m (c o n f i g) # access-l i st ev er y o n e ex t en d ed p er m i t i p an y an y ACE-1 / o n e a r m (c o n f i g) # access-l i st ev er y o n e ex t en d ed p er m i t i cm p an y an y Note: Al t h ough t h is ex a m p l e s h ow s a p erm it a ny a ny, it is rec om m end ed t h a t ACL s b e us ed t o p erm it onl y t h e t ra ffic y ou w a nt a l l ow t h rough t h e Cis c o ACE. I n t h e p a s t, s erv er l oa d -b a l a nc ing (S L B ) d ev ic es h a v e us ed t h e V I P a nd p ort a l one t o p rot ec t s erv ers. it h in t h e Cis c o ACE, ACL s a re p roc es s ed firs t, a nd t h us d rop p ing t ra ffic us ing a n ACL req uires few er res ourc es t h a n d rop p ing it onc e it p a s s es t h e ACL s a nd rea c h es t h e V I P. T h e Cis c o ACE need s t o k now t h e I P a d d res s of t h e s erv ers a v a il a b l e t o h a nd l e c l ient c onnec t ions. T h e rs erv er c om m a nd is us ed t o d efine t h e I P a d d res s of t h e s erv ic e. I n a d d it ion, ea c h rs erv er m us t b e p l a c e in s erv ic e for it t o b e us ed. T h e b enefit of t h is d es ign is t h a t no m a t t er h ow m a ny a p p l ic a t ions or s erv ic es a n rs erv er h os t s, t h e ent ire rea l s erv er c a n b e c om p l et el y rem ov ed from t h e l oa d -b a l a nc ing rot a t ion b y is s uing a s ingl e no ins erv ic e or no ins erv ic e-s t a nd b y c om m a nd a t t h e rs erv er l ev el. T h is is v ery b enefic ia l for us ers need ing t o up gra d e or p a t c h a n rs erv er, b ec a us e t h ey no l onger h a v e t o go t o ea c h a p p l ic a t ion a nd rem ov e ea c h ins t a nc e of t h e rs erv er. ACE-1 / o n e a r m (c o n f i g) # r ser v er l n x 1 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # i p ad d 1 9 2. 1 6 8. 5. 1 1 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # r ser v er l n x 2 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # i p ad d 1 9 2. 1 6 8. 5. 1 2 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # r ser v er l n x 3 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # i p ad d 1 9 2. 1 6 8. 5. 1 3 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # r ser v er l n x 4 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # i p ad d 1 9 2. 1 6 8. 5. 1 4 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # r ser v er l n x 5 ACE-1 / o n e a r m (c o n f i g-r s e r v e r -h o s t ) # i p ad d 1 9 2. 1 6 8. 5. 1 5 N ow group t h e rs erv ers t o b e us ed t o h a nd l e c l ient c onnec t ions int o a s erv er fa rm. Aga in, t h e rs erv er m us t b e p l a c ed in s erv ic e. T h is a l l ow s a s ingl e ins t a nc e of a n rs erv er t o b e m a nua l l y rem ov ed from rot a t ion. ACE-1 / o n e a r m (c o n f i g-c m a p ) # ser v er f ar m w eb All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 2 of 5

ACE-1 / o n e a r m (c o n f i g-s f a r m -h o s t ) # r ser v er l n x 1 ACE-1 / o n e a r m (c o n f i g-s f a r m -h o s t -r s ) # r ser v er l n x 2 ACE-1 / o n e a r m (c o n f i g-s f a r m -h o s t -r s ) # r ser v er l n x 3 ACE-1 / o n e a r m (c o n f i g-s f a r m -h o s t -r s ) # r ser v er l n x 4 ACE-1 / o n e a r m (c o n f i g-s f a r m -h o s t -r s ) # r ser v er l n x 5 U s e a c l a s s m a p t o d efine t h e V I P t o w h ic h c l ient s w il l s end t h eir req ues t s. I n t h is ex a m p l e, t h e V I P is c ons id ered L 3 (L a y er 3 ) b ec a us e t h ere is a m a t c h on a ny p ort. I f t h e V I P w ere t o m a t c h onl y H T T P t ra ffic, t h e m a t c h w oul d b e b ound t o p ort 8 0 a nd c ons id ered a n L 4 (L a y er 4 ) V I P. (F or ex a m p l e, m a t c h v irt ua l -a d d res s 1 7 2.1 6.1.1 0 0 t c p eq 8 0 ). ACE-1 / o n e a r m (c o n f i g) # cl ass-m ap sl b -v i p ACE-1 / o n e a r m (c o n f i g-c m a p ) # m at ch v i r t u al -ad d r ess 1 7 2. 1 6. 5. 1 00 an y N ex t d efine t h e a c t ion t o t a k e w h en a new c l ient req ues t a rriv es. I n t h is c a s e, a l l t ra ffic w il l b e s ent t o t h e w eb s erv erfa rm us ed.. T h is t y p e of l oa d b a l a nc ing is c ons id ered L 4 s inc e onl y c l a s s -d efa ul t is ACE-1 / o n e a r m (c o n f i g) # p o l i cy -m ap t y p e l o ad b al an ce h t t p f i r st -m at ch sl b ACE-1 / o n e a r m (c o n f i g-p m a p -l b ) # cl ass cl ass-d ef au l t ACE-1 / o n e a r m (c o n f i g-p m a p -l b -c ) # ser v er f ar m w eb S inc e t h e V I Ps a nd l oa d -b a l a nc ing a c t ions a re d efined ind ep end ent l y, t h ey m t h a t t h e Cis c o ACE k now s h ow t o h a nd l e t ra ffic d es t ined for a V I P. T h e a s s oc ia t ion is m us t b e a s s oc ia t ed s o a d e us ing a m ul t im a t c h p ol ic y m a p. K eep in m ind t h a t m ul t im a t c h p ol ic y m a p s a re a p p l ied t o int erfa c es a s s erv ic e p ol ic ies. na t d y na m ic is c onfigured t o m a k e t h e Cis c o ACE s ourc e N AT a l l c l ient req ues t s. T h e na t -p ool w il l b e d efined in a l a t er s t ep. ACE-1 / o n e a r m (c o n f i g) # p o l i cy -m ap m u l t i -m at ch cl i en t -v i p s ACE-1 / o n e a r m (c o n f i g-p m a p ) # cl ass sl b -v i p ACE-1 / o n e a r m (c o n f i g-p m a p -c ) # l o ad b al an ce p o l i cy sl b ACE-1 / o n e a r m (c o n f i g-p m a p -c ) # l o ad b al an ce v i p i n ser v i ce ACE-1 / o n e a r m (c o n f i g-p m a p -c ) # n at d y n am i c 5 v l an 50 At t h is p oint t h e int erfa c e V L AN c a n b e c rea t ed t o int erc onnec t t h e Cis c o ACE t o t h e net w ork. ACE-1 / o n e a r m (c o n f i g) # i n t er f ace v l an 50 ACE-1 / o n e a r m (c o n f i g-i f ) # d escr i p t i o n C l i en t -S ev er V L A N ACE-1 / o n e a r m (c o n f i g-i f ) # i p ad d r ess 1 7 2. 1 6. 5. 5 2 55. 2 55. 2 55. 0 ACE-1 / o n e a r m (c o n f i g-i f ) # n o sh u t d o w n T h e l a s t s t ep is t o a p p l y t h e ACL a nd s erv ic e p ol ic y (p ol ic y -m a p m ul t i-m a t c h ) t o t h e c l ient s id e int erfa c e. B ot h t h e a c c es s group a nd s erv ic e p ol ic y a re a p p l ied on t h e inp ut s id e of t h e int erfa c e. T h e na t -p ool is a l s o c rea t ed, for us e in t h e m ul t i-m a t c h p ol ic y. ACE-1 / o n e a r m (c o n f i g) # i n t er f ace v l an 50 ACE-1 / o n e a r m (c o n f i g-i f ) # access-g r o u p i n p u t ev er y o n e ACE-1 / o n e a r m (c o n f i g-i f ) # ser v i ce-p o l i cy i n p u t cl i en t -v i p s ACE-1 / o n e a r m (c o n f i g-i f ) # n at -p o o l 5 1 7 2. 1 6. 5. 2 00 1 7 2. 1 6. 5. 2 09 n et m ask 2 55. 2 55. 2 55. 0 p at Note: T h ere is no need t o a d d a n a c c es s group t o t h e s erv er s id e, a s t h e Cis c o ACE a ut om a t ic a l l y c rea t es p inh ol es t o a l l ow s erv er res p ons e t ra ffic t o p a s s b a c k t o t h e c l ient. All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 3 of 5

R e lat e d s h ow Com m an d s ACE-1/onearm #show arp ACE-1/onearm #show acl ACE-1/onearm #show service-policy client-vips ACE-1/onearm #show serverfarm ACE-1/onearm #show rserver ACE-1/onearm #show stats Com m e n t s O nc e y ou v e c om p l et ed t h e c onfigura t ion, v erify t h a t t h e Cis c o ACE h a s a n Ad d res s R es ol ut ion Prot oc ol (AR P) res p ons e for ea c h rs erv er a nd t h e d efa ul t rout e t o t h e c l ient. Ch ec k t h e ACL h it s t o ens ure t h a t c l ient c onnec t ions a re b eing a c c ep t ed. Ch ec k t h e s erv ic e p ol ic y out p ut t o s ee t h e c l ient c onnec t ion h it s, a nd v erify t h a t t h e s erv er is res p ond ing w it h res p ons e p a c k et s. T h e s h ow c om m a nd for s erv erfa rm a nd rs erv er c a n b e us ed t o d is p l a y t h e ex a c t rs erv er h a nd l ing t h e c onnec t ion a nd t h e a m ount of w ork t h e ent ire s erv er fa rm h a s h a nd l ed. T h e s h ow s t a t s c om m a nd p rov id es a h igh er l ev el of m im p ort a nt m et ric s. s h ow r u n n i n g -c on f i g ACE-1 / o n e a r m # s h o r u n G e n e r a t i n g c o n f i gu r a t i o n.... onit oring of ACE l oa d b a l a nc ing, ins p ec t ion, p rob es, a nd ot h er a c c e s s -l i s t e v e r y o n e l i n e 8 e x t e n d e d p e r m i t i p a n y a n y a c c e s s -l i s t e v e r y o n e l i n e 1 6 e x t e n d e d p e r m i t i c m p a n y a n y r s e r v e r h o s t l n x 1 i p a d d r e s s 1 9 2. 1 6 8. 5. 1 1 r s e r v e r h o s t l n x 2 i p a d d r e s s 1 9 2. 1 6 8. 5. 1 2 r s e r v e r h o s t l n x 3 i p a d d r e s s 1 9 2. 1 6 8. 5. 1 3 r s e r v e r h o s t l n x 4 i p a d d r e s s 1 9 2. 1 6 8. 5. 1 4 r s e r v e r h o s t l n x 5 i p a d d r e s s 1 9 2. 1 6 8. 5. 1 5 s e r v e r f a r m h o s t w eb r s e r v e r l n x 1 r s e r v e r l n x 2 r s e r v e r l n x 3 r s e r v e r l n x 4 r s e r v e r l n x 5 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 4 of 5

c l a s s -m a p m a t c h -a l l sl b -v i p 2 m a t c h v i r t u a l -a d d r e s s 1 7 2. 1 6. 5. 1 00 a n y p o l i c y -m a p t y p e m a n a ge m e n t f i r s t -m a t c h r e m o t e -a c c e s s c l a s s c l a s s -d e f a u l t p e r m i t p o l i c y -m a p t y p e l o a d b a l a n c e h t t p f i r s t -m a t c h sl b c l a s s c l a s s -d e f a u l t s e r v e r f a r m w eb p o l i c y -m a p m u l t i -m a t c h cl i en t -v i p s c l a s s sl b -v i p l o a d b a l a n c e v i p l o a d b a l a n c e p o l i c y sl b n a t d y n a m i c 5 v l a n 50 i n t e r f a c e v l a n 50 d e s c r i p t i o n "Cl i e n t -S e r v e r V L AN " i p a d d r e s s 1 7 2. 1 6. 5. 5 2 55. 2 55. 2 55. 0 a c c e s s -gr o u p i n p u t e v e r y o n e s e r v i c e -p o l i c y i n p u t cl i en t -v i p s s e r v i c e -p o l i c y i n p u t r e m o t e -a c c e s s n a t -p o o l 5 1 7 2. 1 6. 5. 2 00 1 7 2. 1 6. 5. 2 09 n e t m a s k 2 55. 2 55. 2 55. 0 p a t n o s h u t d o w n i p r o u t e 0. 0. 0. 0 0. 0. 0. 0 1 7 2. 1 6. 5. 1 P r i nte d i n U S A C78-331727-01 10/06 All contents are Copyright 1992 20 0 6 Cisco S ystem s, I nc. All rights reserv ed. T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information