Friday, November 23, 2012

Cisco ACE Configuration Example

The Cisco Application Control Engine (ACE) is a device for doing server loadbalancing, distributing to load of a service to multiple hosts.
Here is a short example configuration for loadbalancing on two servers running a webserver.

First we configure the addresses to the realservers, this is the actual servers that will process the requests.

host1/Admin(config)# rserver SERVER1
host1/Admin(config-rserver-host)# ip address 192.168.12.1
host1/Admin(config-rserver-host)# inservice
host1/Admin(config)# rserver SERVER2
host1/Admin(config-rserver-host)# inservice
host1/Admin(config-rserver-host)# ip address 192.168.12.2

Second we will configure a probe that the loadbalancer will use to verify that the realservers are operational, we will make the loadbalancer probe port 80 to verify that the webpage is reachable.

host1/Admin(config)# probe http WEBPROBE
host1/Admin(config-probe-http)# expect status 200 200

Next we are creating a serverfarm with our two servers that will handle this service and make it use the probe we created.

host1/Admin(config)# serverfarm SERVERFARM-WEBSERVERS
host1/Admin(config-sfarm-host)# probe WEBPROBE
host1/Admin(config-sfarm-host)# rserver SERVER1
host1/Admin(config-sfarm-host-rs)# inservice
host1/Admin(config-sfarm-host)# rserver SERVER2
host1/Admin(config-sfarm-host-rs)# inservice

Now we create a class-map with the virtual IP that will front the webservers.
We tie it to the correct class and put it inservice and allow the VIP to reply to ping.

host1/Admin(config)# class-map match-all WEB-CLASS
host1/Admin(config-cmap)# match virtual-address 192.168.1.1 tcp eq www

host1/Admin(config)# policy-map type loadbalance first-match WEB-POLICY
host1/Admin(config-pmap-lb)# class class-default
host1/Admin(config-pmap-lb-c)# serverfarm SERVERFARM-WEBSERVERS

host1/Admin(config)# policy-map multi-match INCOMING-POLICY
host1/Admin(config-pmap)# class WEB-CLASS
host1/Admin(config-pmap-c)# loadbalance vip inservice
host1/Admin(config-pmap-c)# loadbalance policy WEB-POLICY
host1/Admin(config-pmap-c)# loadbalance vip icmp-reply active

Last thing to do is to apply the policy to the interface on the loadbalancer that recives the incoming traffic.

host1/Admin(config)# interface vlan 120
host1/Admin(config-if)# service-policy input INCOMING-POLICY

Thats all that you need.
We now have a probe trying to connect to port 80 on the two servers, as soon as the servers are starting to reply to the http requests with code 200 (OK) then the loadbalancer will put the VIP online and start relaying all incoming traffic on interface vlan 120 towards the VIP to the both realservers using round-robin.