Cisco ACE 4. 71. 0 Application Control Engine Appliance Deployment Guide V1.Release Table of Contents Introduction Preface.This document describes how to deploy the Cisco.ACE 4. 71. 0 Application Control Engine appliance.This document is intended for use by anyone deploying a pair of Cisco ACE 4.Z3uUwu0AwBI/hqdefault.jpg' alt='Failed To Load An Application Resource Adobe Reader' title='Failed To Load An Application Resource Adobe Reader' />Crossdomain loading may allow a remote SWF to have unintended access to the loaders domain and data.If the loading SWF imports the remote SWF file into its.Assumptions Cisco ACE is deployed in a routed mode design, but it should be relatively simple to use in bridged or one arm mode.Automatic failover is not desirable, so fault tolerant preemption is disabled.Cisco ACE 4. 71. 0 appliances are connected to Cisco Catalyst 6.Series Switches running Cisco IOS Software.Related Documents Cisco ACE 4.Design Guide Cisco ACE 4.High Availability Guide References.Failed To Load An Application Resource Adobe Reader' title='Failed To Load An Application Resource Adobe Reader' />Cisco ACE 4. Best Internet Security Freeware Software there. Online Reference Guides.Deployment Physical Topology.To increase application and infrastructure availability, the Cisco ACE 4.Gigabit Ethernet interfaces and Cisco ACE virtualization.These interfaces can be configured in a Port.Channel to create a single logical link between the Cisco ACE 4.Cisco Catalyst 6.Series Switches. Trunked VLANs can be used to carry all client and server messaging, management traffic, and fault tolerant communication.Connecting the Cisco ACE 4.Cisco Catalyst 6.Series Switch in this manner has several obvious advantages.It allows the creation of a single very high bandwidth logical link, helping ensure the highest level 4 Gbps of throughput possible on the Cisco ACE 4.It gracefully handles asymmetric traffic profiles typical of web architectures.It simplifies the interface configuration since the single Port.Channel and IEEE 8.Future upgrades, for example from 1 Gbps to 4 Gbps, can be accomplished in real time by installing a license for increased throughput without the need to physically recable the appliance interfaces.Individual Cisco ACE contexts are not limited by the throughput of a single 1 Gbps interface.Traffic can be shaped according to the available throughput at the context, virtual IP, or real server level rather than at the interface level.It allows the Cisco ACE to reach throughput license limits, including throughput limits additionally reserved for management traffic.By default, the entry level Cisco ACE appliance has a 1 Gbps through traffic bandwidth limit and an additional 1 Gbps management traffic bandwidth limit, resulting in a maximum bandwidth of 2 Gbps.Similarly, with the 2 Gbps license, the Cisco ACE has a 2 Gbps through traffic bandwidth limit and a 1 Gbps management traffic bandwidth limit, for a total maximum bandwidth of 3 Gbps.The Port. Channel provides redundancy should any of the four physical interfaces fail.The single logical link can support all the common deployment modes, including routed, bridged, one arm, and asymmetric server return, while also addressing high availability and stateful connection replication without problems.As shown in Figure 1, in this deployment each Cisco ACE 4.Cisco Catalyst 6.Series switch. These interfaces will be configured as a Port.Channel, as shown in Figure 2.Figure 1. Physical Deployment Figure 2.Interfaces Between Cisco ACE and Switch.The connections between the Cisco Catalyst 6.Series Switches are also important.Between each Cisco Catalyst 6.Series Switch, interface gigabit 44.Cisco ACE fault tolerant traffic only, and interfaces gigabit 44.VLANS. This configuration is shown in Figure 3.Figure 3. Interfaces Between Switches Caution This topology uses a single link for fault tolerant traffic, but it is generally a best practice to use a distributed Port.Channel multiple links spanning multiple blades to guard against physical failure.Management Topology.As shown in Figure 4, the management VLAN 9.Admin context as well as the LB0.Since this VLAN is actively shared by each Cisco ACE 4.Admin context to avoid any MAC address duplication errors between the Cisco ACE 4.Note See the Cisco ACE 4.Command Reference for more information about the shared vlan hostid command Figure 4.Management Network Topology.Fault tolerant VLAN 1.Cisco Catalyst 6.Series Switch to carry the Cisco ACE heartbeat and connection state information.This VLAN is also trunked on the Port.Channel that connects each Cisco Catalyst 6.Series Switch to the Cisco ACE 4.Logical Topology Note This Cisco ACE deployment is considered a routed deployment as opposed to a bridged or one armed deployment.As shown in Figure 5, the upstream gateway of the Cisco ACE resides in VLAN 6.The Hot Standby Router Protocol HSRP standby address is.Cisco Catalyst 6.Series Switch and.Cisco Catalyst 6.Series Switch. On the Cisco ACE 4.Cisco ACE 4. 71. 0, and.Cisco ACE 4. 71. 0.One of the server side VLANs is VLAN 6.On the Cisco ACE 4.Cisco ACE 4. 71. 0, and.Cisco ACE 4. 71. 0.This VLAN also has two web servers.Figure 5. Logical Topology Routed High Availability and Fault Tolerance Quality of Service.By default, quality of service Qo.S is disabled for each physical Ethernet port on the Cisco ACE Figure 6.You can enable Qo.S for a configured physical Ethernet port that is based on Layer 2 VLAN class of service Co.S bits priority bits that segment the traffic into eight different classes of service.If a VLAN header is present, the Cisco ACE uses the Co.S bits to map frames into class queues for ingress only.If the frame is untagged, it falls back to a default port Qo.S level for mapping.You can enable Qo.S for an Ethernet port configured to trunk the fault tolerant VLAN.In this case, heartbeat packets are always tagged with Co.S bits set to 7 a weight of High.You should enable Qo.S on all ports trunking the fault tolerant VLAN to provide a higher priority for incoming fault tolerant heartbeats Figure 7.Figure 6. Fault Tolerant Co.S Values Without Qo.S Figure 7. Fault Tolerant Co.S Values with Qo.S. The fault tolerant VLAN must be designated using the command.Port. Channel interface for Qo.S to be enabled for that VLAN Figure 8.Figure 8. Port. Channel Qo.S Configuration. interface port channel 1.Each physical interface on the Cisco ACE 4.Qo. S to be enabled Figures 9 and 1.Figure 9. Interface Qo.S Configuration. interface gigabit.Ethernet 11. speed 1.M. duplex full. carrier delay 3.Figure 1. 0. Qo. S Verification.Gigabit. Ethernet Port 11 is UP, line protocol is UP.Hardware is ACE Appliance 1.Mb 8. 02. 3, address is 0.MTU 9. 21. 6 bytes.Full duplex, 1. 00.Mbs. COS bits based Qo.S is enabled. input flow control is off, output flow control is off.Received 4. 82. 2 broadcasts 8.FCSAlign errors, 0 runt FCS, 0 giant FCS.Excessive Deferral and dropped.Caution Do not configure the fault tolerant VLAN as the native VLAN on the Port.Channel. Since the native VLAN is not tagged with Layer 2 information, the Qo.S Co. S values will not be set, which could lead to loss of heartbeat packets and an undesired active active outage.Recommendation Please see the Cisco ACE 4.Redundancy Guide for more information.Carrier Delay. The carrier delay command was introduced in the Cisco ACE 4.This command was added to handle a very specific scenario involving fault tolerant configurations and preemption.In this scenario, two Cisco ACE 4.LAN switch such as a Cisco Catalyst 6.Series Switch. Cisco ACE A is active, and Cisco ACE B is standby.Suppose Cisco ACE B takes over because of a failure of the Port.Channel that connects to Cisco ACE A.Moments later, the Port.Channel is restored, and Cisco ACE A comes back and wants to reclaim its active role preempt is configured by default.When Cisco ACE A comes back up, it assumes that the switch is ready to accept and process traffic.This may not be the case, however, due to timing differences.For example, the spanning tree process may still be determining whether the port can safely be put in the forwarding state on the switch side.In the meantime, the Cisco ACE 4.Address Resolution Protocol ARP information to refresh the switch fabrics MAC addresses.To prevent this timing discrepancy, you should configure a carrier delay of 3.Cisco ACE 4. 71. 0 that is configured to preempt.Note The carrier delay command is only required for deployments that use preemption.The purpose of this document is to avoid preemptive behavior.This is why the configuration references do not include the carrier delay command.This command is required on all physical interfaces Figure 1.Figure 1. 1. Carrier Delay Interface Configuration.Ethernet 11. speed 1.M. duplex full. carrier delay 3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |