Load Balancing VMware View with Cisco ACE: Part2

In continuation to my first post on this topic I wanted to take you through the exact configurations that you need to do on Cisco ACE device. Let’s look at some of the prerequisites which are required in order to complete the configuration.

All the IP and hostname details mentioned here are for references only and you will have to replace this with the real IP and hostname in your infrastructure.

Prerequisites

IP Details:

Primary Ace Management IP : 10.68.200.10

Secondary Ace Management IP: 10.68.200.11

Default Gateway IP: 10.68.200.1

Load Balancing Algorithm based on: Least Connections

VIP: 10.68.200.25 <This is the Virtual IP which maps to the View connection servers in the ACE farm>

VIP Service Port: 443 (https)

Source NAT IP: 10.68.200.24

Health Monitoring:

Service Port of the connection view server port 443

Keepalive Mechanism: HTTP GET /favicon.ico

Keepalive / Health Check: Every 2 seconds

Keepalive Timeout: 2 seconds

Real servers IP are defined in ACE:

View Connection server 1: 10.68.200.15

View Connection server 2:  10.68.200.16

View Connection server 3: 10.68.200.17

Host Names of the Real servers defined in the cisco Ace:

View Connection server 1: viewcs1.thinkingloudoncloud.com

View Connection server 2: viewcs2.thinkingloudoncloud.com

View Connection server 3: viewcs3.thinkingloudoncloud.com

Server farm Name defined in Cisco ACE:  THINKINGLOUDONCLOUD_VIEW_FARM

Configurations

You have to perform the following configuration steps on the CISCO ACE console in the Admin context:

Configure the Cisco ACE interfaces. The ACE can be configured with port channels (recommended) or on a per-interface basis:

interface port-channel 100

switchport trunk allowed vlan 15,5

port-channel load-balance src-dst-port

no shutdown

interface gigabitEthernet 1/1

channel-group 100

no shut

interface gigabitEthernet 1/2

channel-group 100

no shut

interface gigabitEthernet 1/3

channel-group 100

no shut

interface gigabitEthernet 1/4

channel-group 100

no shut

Configure IP addresses on the interface and configure Default route (management interface)

interface vlan 15

description Management Vlan

ip address 10.68.200.10 255.255.255.0

access-group input EVERYONE

service-policy input remote_mgmt_allow_policy

service-policy input MGMT

no shutdown

interface vlan 5

description client-server-vlan

ip address 10.68.200.2 255.255.255.240

nat-pool 1 10.68.200.3 10.68.200.3 netmask 255.255.255.240 pat

service-policy input VIEW-SLB-MULTI

no shutdown

ip route 0.0.0.0 0.0.0.0 10.68.200.1

Configure the Remote Management Access:

To access the Cisco ACE remotely using Telnet, SSH, SNMP, HTTP, or HTTPS; or to allow ICMP access to the Cisco ACE, a service policy must be defined and applied to the interface(s) through which access is to be permitted. The following configuration steps are required:

Configure a class-map of type management:

class-map type management match-any MGMT

2 match protocol xml-https any

4 match protocol icmp any

5 match protocol telnet any

6 match protocol ssh any

7 match protocol http any

8 match protocol https any

9 match protocol snmp any

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

Configuring the class-map for Virtual IP:

class-map match-all VIEW_SERVER_VIP

2 match virtual-address 10.68.200.25 tcp eq https

Configure a policy-map of type management:

policy-map type management first-match MGMT

class MGMT

permit

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

Configuring the policy-map for load balancing:

policy-map type loadbalance http first-match VIEW_SS

class class-default

serverfarm BLRKECCS_FARM

policy-map multi-match VIEW-SLB-MULTI

class VIEW_SERVER_VIP

loadbalance vip inservice

loadbalance policy VIEW_SS

loadbalance vip icmp-reply

nat dynamic 1 vlan 5

IP Access through the Cisco ACE:

Interface VLANs must be configured for Layer-3 connectivity through the Cisco ACE. Service policies for load balancing, security, and management access to Cisco ACE are also applied at the interface VLAN level.

access-list EVERYONE line 8 extended permit icmp any any

access-list EVERYONE line 16 extended permit ip any any

Health Monitor / Probe configuration for the server-farm:

probe http VIEW_SS_HTTP

interval 2

passdetect interval 2

request method get url /favicon.ico

expect status 200 200

Defining the Real Servers in the Cisco ACE:

rserver host viewcs1.thinkingloudoncloud.com

ip address 10.68.200.15

inservice

rserver host viewcs2.thinkingloudoncloud.com

ip address 10.68.200.16

inservice

rserver host viewcs3.thinkingloudoncloud.com

ip address 10.68.200.17

inservice

Configuring the Server-farm group:

serverfarm host THINKINGLOUDONCLOUD_VIEW_FARM

predictor leastconns slowstart 300

probe VIEW_SS_HTTPS

rserver viewcs1.thinkingloudoncloud.com 443

inservice

rserver viewcs2.thinkingloudoncloud.com 443

inservice

rserver viewcs3.thinkingloudoncloud.com 443

inservice

Redundancy/High Availability

To maximize application and infrastructure availability, the Cisco ACE 4710 appliance takes advantage of all four gigabit Ethernet interfaces. These interfaces can be port-channeled together to create one logical connection between the Cisco ACE 4710 appliance and connected to Cisco Catalyst Series Switches. Trunked VLANs can be used to carry client/server messaging, management traffic and fault tolerance (FT) communication.

The FT configuration consists of three pieces. This includes the FT interface VLAN, FT

Peer and FT group. The FT interface VLAN, is a designated VLAN between the two Cisco ACE 4710 appliances. All FT traffic is sent over this VLAN including:

  • ACE redundancy protocol packets
  • Heart Beats
  • Configuration sync packets
  • State replication packets

The Cisco ACE 4710 appliance will use the gigabit Ethernet interfaces in the event of a link failure. As a result of using port channeling, no FT state will change unless all four gigabit Ethernet interfaces go down.

To provide high availability and redundancy, the Cisco ACE appliance can be set up and configured in a redundant mode.

The following is a sample configuration which can be used:

Configure Fault Tolerance interface

!

ft interface vlan 43

ip address 10.5.43.1 255.255.255.0

peer ip address 10.5.43.2 255.255.255.0

no shutdown

!

Configure FT peer

!

ft peer 1

ft-interface vlan 43

heartbeat interval 200

heartbeat count 20

ft-interface vlan 43

!

Create a fault tolerant group

!

ft group 1

peer 1

priority 120

preempt

associate-context admin

inservice

!

ft group 2

peer 1

priority 120

associate-context VIEW

inservice


 

The config details in the article above is just the sample of what can be done from the configurations perspective on the CISCO ACE device and how to approach. However the Networking details, hostnames are all fictional. I strongly recommend for anybody attempting the CISCO ACE configuration to go through CISCO’s official documentation and discuss the overall design and configuration with the Customer’s network team. This concludes the series of Load balancing VMware View with Cisco ACE. Thanks for reading and hopefully this is of help.

One thought on “Load Balancing VMware View with Cisco ACE: Part2

Leave a Reply

Your email address will not be published. Required fields are marked *

*


three + = 4