ACE 4710 transparent LB with two Caches and two routers.

Hello,
I have ACE 4710 that load balance two cach flows (bluecoat), i am doing pbr on the routers to send the traffic destined to port 80 to ACE then Cach farm. After that the Cach flow will get the page from the internet via two routers. The return traffic will match another pbr on the routers with source port 80 that will send it to the ACE then CachFlow again .....then to the users.
I am not using ip-spoofing on the CachFlow for now. In the figure attached i created a VIP 0.0.0.0 0.0.0.0 port 80 on the interface on the ACE facing the routers, but the question is do i have to create another VIP 0.0.0.0 0.0.0.0 port 80 on the interface on ACE facing the Cach Flow? or just forward the traffic on the default route? What might be the default route since i have to use two routers and i cannot use hsrp?
Kindly I need some assistance
Thank you and regards,
George
access-list PERMIT_ALL line 8 extended permit ip any any
access-list CFLOW line 8 extended permit ip any any
ip name-server 8.8.8.8
ip name-server 4.2.2.2
##################################Config for Cache Cache Servers###################
probe http CISCO_WWW_PROBE
  ip address 72.163.4.161
  interval 2
  faildetect 2
  passdetect interval 2
  passdetect count 5
  request method head url /index.html
  expect status 200 200
  exit
probe http YAHOO_WWW_PROBE
  ip address 87.248.112.181
  interval 2
  faildetect 2
  passdetect interval 2
  passdetect count 5
  request method head url /index.html
  expect status 200 200
  exit
serverfarm host TRANSPARENT_PROXY_SF
  description Transparent Proxy Farm
  transparent
  predictor hash url
  probe CISCO_WWW_PROBE
  probe YAHOO_WWW_PROBE
  rserver CFLOW01
    inservice
  rserver CFLOW02
    inservice
  exit
  exit
############################################# Router Cache Farm ############################
probe icmp ICMP_PROBE
  description *** Probe for icmp health monitoring ***
  interval 5
  faildetect 2
  passdetect interval 60
  passdetect count 2
  exit
rserver host Router01
  description Connection to Sodetel Router
  ip address 192.168.14.4
  probe ICMP_PROBE
  inservice
rserver host Router02
  description Connection to IDM Router
  ip address 192.168.14.5
  probe ICMP_PROBE
  inservice
serverfarm host Routers
  description Transparent Proxy Farm
  transparent
  predictor hash url
  probe ICMP_PROBE
  rserver Router01
    inservice
  rserver Router02
    inservice
  exit
  exit
################################# Management################################
class-map type management match-any REMOTE_MGMT
  description Allow Remote management for below protocols
  8 match protocol icmp any
  9 match protocol ssh source-address 172.31.13.31 255.255.255.255
  10 match protocol ssh source-address 172.31.31.21 255.255.255.255
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_MGMT
    permit
class-map match-all CFLO2Internet
  2 match virtual-address 0.0.0.0 0.0.0.0 any
class-map match-all TRANSPARENT_VIP_CM
  2 match virtual-address 0.0.0.0 0.0.0.0 tcp eq www
policy-map type loadbalance first-match TRANSPARENT_LB_PM
  class class-default
    serverfarm TRANSPARENT_PROXY_SF backup Routers
policy-map type loadbalance first-match CFLO2Internet_LB
  class class-default
    serverfarm Routers
policy-map multi-match CFLO2Internet_PM
  class CFLO2Internet
    loadbalance vip inservice
    loadbalance policy CFLO2Internet_LB
    loadbalance vip icmp-reply active
    connection advanced-options TCP
policy-map multi-match L3L4_PM
  class TRANSPARENT_VIP_CM
    loadbalance vip inservice
    loadbalance policy TRANSPARENT_LB_PM
    loadbalance vip icmp-reply active
    connection advanced-options TCP
====Interfaces======
interface vlan 11
  description Interface between Routers and ACE
  ip address 192.168.14.2 255.255.255.224
  alias 192.168.14.1 255.255.255.224
  peer ip address 192.168.14.3 255.255.255.224
  no icmp-guard
  access-group input PERMIT_ALL
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  service-policy input L3L4_PM
  no shutdown
interface vlan 21
  description Connection to CFlow ServerFarm
  ip address 192.168.12.2 255.255.255.224
  alias 192.168.12.1 255.255.255.224
  peer ip address 192.168.12.3 255.255.255.224
  no icmp-guard
  access-group input CFLOW
  service-policy input CFLO2Internet_PM ------>>>> Is this necessary???
  no shutdown

Hi George,
In the topology you described, only the service-policy in the interface towards the routers is necessary. For the traffic from the caches, the ACE will just forward to the default gateway.
The only problem is, as you mentioned, that you cannot use HSRP. In that case, you can still configure two default gateways, but there is no way to predict which one the ACE will use at a given time (the way it does to select the one it will use is sending an ARP request to both gateways and using the one that replies first until the ARP entry expires)
If you need to load-balance the traffic between both routers, then yes, you would need to configure a new VIP on the cache side and load-balanced to a transparent serverfarm composed of both routers.
Regards
Daniel

Similar Messages

  • Dialog box says-"Bridge encountered a problem and is unable to read the cache. ... purge central cache" For one, I can't find the central cache and two, I've purged the cache in bridge. Shouldn't that help.

    Our Bridge has been acting very strange. It keeps giving a dialog box of "Bridge encountered a problem and is unable to read the cache. ... purge central cache" For one, I can't find the central cache and two, I've purged the cache in bridge. Shouldn't that help? There's just all kinds of weird stuff going on. I suppose it does have something to do with the central cache, so maybe someone can tell me where to find it.
    When I use the burn/dodge tool sometimes it drags and staggers and takes forever to complete whatever I'm burning/dodging. When I try to delete an image from the dock, it won't disappear but it won't display either.
    Any help would be appreciated.

    The Central Cache is the Bridge Cache.
    It's referred as the Central Cache to differentiate it from the individual folder's cache or even the individual image cache.

  • I have two apple ids somehow, probably from two mobile and two computers - how do I merge them into one account so they all work with iCloud?

    Somewhere, somehow, between two mobile and two macs, I ended up with two apple ids. I figured that this was the root of my problem to syncing. So, I am syncing Mail, Contacts, etc through the one account that I bought storage on this year in iCloud. I want to merge the two accounts, since many of my apps were purchased with my other id. Apparently, Keynote will not merge files since the app was bought with the second id, not the id I am using for icloud.
    What to do??? I read, in the forums, that I am definitely not alone. I always had the id I used for the Apple Store to buy iTunes items, and then apps. The other id, that I am using for iCloud was based on my iDisk id, and apparently I set up as a separate account. The much failed iDisk account appears to be the one that I wish I never got involved with. Should I feel the same way about iCloud. If I cannot merge the two APPLE accounts from the same person (ME!!!), then many dropbox really is the answer for my file sharing needs.
    Please help me decide.

    To begin with, I would like to try to explain Apple's confusing nomenclature in regard to iCloud.
    Apple have called the whole cloud thing iCloud, there are a number of features under the iCloud umbrella, some of which require their own login. iTunes is one of these, another is what Apple have unfortunately also called iCloud too.
    You can use the same Apple ID (account) to login to both iCloud and iTunes, but you don't need to and often users will login to each service using a different ID.
    The part that you need to remember is that the services available when you log into iCloud are completely different and unrelated to those when you log in to iTunes. Your iCloud login enables mail, contacts, calendars, find my phone, Back to My Mac, Documents & Data sharing and photostream, it does not affect any of your iTunes services.
    To avoid confusion when discussing your problem, when I mention iCloud, I am referring to the services under the iCloud login, Whereas I will refer to the whole cloud thing as The Cloud.
    To go back to your question; you cannot merge accounts, but perhaps using one account for iCloud and the other for iTunes will resolve the majority of the reasons you needed to merge to begin with.

  • Transparent Partion with three sources and one target- Need quick response

    I am creating transparent partion with three sources and one target.What will be the impact of this on retrieval and how can I improve retrieval.
    Thanks,

    transparent partion
    1:network load will be heavy
    2:transparent partion allows user to manipulate or edit or delete at will ,from the user to target
    and also from target u can update it back to respective databases
    3: disk usage will be high
    [email protected]

  • I have an 21.5 Mid 2011 iMac and i want to upgrade my RAM.  Currently I have two 2GB and two free slots.  Do I have to put in two 2GB in the free slots or can I use two 4GB or 8GB?

    I have an 21.5 Mid 2011 iMac and I want to upgrade my RAM.  Currently I have two 2GB and two free slots.  Do I have to put in two 2GB in the free slots or can I use two 4GB or 8GB?

    You can leave the existing RAM in their current slots and add compatible modules in the empty slots. For best performance, add two of teh same size. Our 2010 iMac 21" shipped with 4GB RAM---two 2GB modules in two of the four slots. I added two 2GB modules to the empty slots and now have 8 GB RAM.
    Be sure to order RAM from a trusted Mac-savvy RAM vendor. Some vendors thing a Mac is a hamburger. For over a decade I've bought all our Mac RAM (and we have 18 Macs in teh family!) from one vendor:
    http://eshop.macsales.com/shop/memory/iMac/2011/DDR3_21.5_27
    The link is to the proper RAM for your Mac.
    Crucial.com is also a trusted vendor.

  • HT1420 I use two MacBook pro, two iPads and two iPhones. Upon connection and attempt to synchronize photos I receive a message that my authorization limit is exceeded. I read that iOS devices do not count against the authorization limit.

    I use two MacBook pro, two iPads and two iPhones. Upon connection and attempt to synchronize photos I receive a message that my authorization limit is exceeded. I read that iOS devices do not count against the authorization limit. One iPhone and one iPad show in the authorization list. iTunes wants to delete my purchased programs and books from the iPad to continue synchronization. What can I do?

    Ok, now I do wish I could edit....
    I forgot to APPLY the network settings for the USB cable to work. Connected thru USB I can tether.
    So, I kept playing, and playing some more...
    I had previously unpaired everything, and gone as far as removing network devices HOWEVER...
    I didn't remove the Ethernet, Firewire or Airport Network devices.
    Now, I have done so. I REMOVED EVERYTHING
    No pairing, no network devices.
    Bluetooth was already turned off, and I rebooted.
    I turned off tethering and rebooted the iphone.
    I turned on bluetooth (on the MBP), I turned on tethering. I browsed for the iphone. It said I was already paired???? Ok, repair AGAIN, and THE IPHONE SHOWED MY BLUETOOTH TETHERING BLUE BAR at the top of the screen!
    I opened a web page, no go... d4mn, I was close...
    Opened network preferences and the created a new bluetooth PAN and voila! Internet back on the MBP. I am about to reinstall the ethernet and airport (I can live without firewire for now) and see what happens.
    Basically, the link I posted two posts ago, I had already done that, but I NEEDED to remove ethernet, firewire and airport as well...
    So MAYBE it's fixed, we'll see for how long. I'm not going to mark this as answered for now, because basically, it has failed for no reason, and I want to know why...
    Hopefully someone can come up with something, but having to delete and reinstall all pairings and network devices (to me) is not really a solution, it's a workaround (at best).

  • We have two ipads and two different itunes accounts, can I sync my wife's apps and she mine?

    we have two ipads and two different itunes accounts. can I sync my wife's apps and she mine?

    Yes, you can use the apps from both accounts on the same iPad. You will both need to authorize each others iTunes account for use in each others computer account. You may authorize up to five Macs/PCs to use stuff from your account and that computer can then transfer the stuff to up to 10 iOS devices.
    Open iTunes in your account and have your wife sign into her iTunes account in the iTunes app. First authorize your computer account to use her iTunes stuff from the iTunes Store menu. Then have your wife download all of the iOS apps that you want to use into iTunes. Now you do the same in her computer account.
    Remember that only you can update apps acquired with your iTunes account and vice versa. So you will need to either sign into iTunes on the computer or directly on each others iPad to update any apps that need it. It is a little confusing at first, but you get the hang of it quickly.

  • How can I synchronize two iphones and two ipods on one MAC

    How can I synchronize two iphones and two ipods on one MAC. My wife and i each have our own iPods and iPhones but share one MAC.

    What do you mean by synchronize; music, apps, calendars, email, etc? Do you two share the same Apple ID on all devices? An Apple ID can support up to 5 computers and many iDevices.
    I hope this helps.

  • I have two ipads and two iphones.  when i try to connect from my ipad to my wifes ipad, both phones ring.  i am low tech.  how do i fix this. thanks,

    i have two ipads and two iphones.  when i try to contact my wife from ipad to ipad, both phones ring and connect.  how do i fix this.
    thanks,
    gk

    very helpful
    still not sure im savvy enough to do it but will try
    thanks,
    gk

  • Get number of hours between two dates and two hours using factory calendar

    Hello all,
    I have the following requirement: I need to calculate the number of hours between two dates and two hours (start date- finish date and start hour-finish hour) or timestamps using a factory calendar. I must program it on CRM environment.
    Does anybody know a function module that makes it?
    Thanks in advance.
    Carmen

    Please check function module DURATION_DETERMINE.
    - April King

  • How to create a contract with one supplier and two dealers?

    Hi Gurus,
    I have a contract with a supplier (eg. Apple), but the products and services are supplied by two dealers.
    The supplier is the manufacturer and with whom the negotiation of prices is made.
    The dealers are those who make the delivery of the products and services and who the payment is done.
    How can I create a contract with these characteristics in SRM 7.0?
    I don't want to create two contracts with same products and services for two suppliers (Dealer_1 and Dealer_2).
    How can this be handled through business partner type "Vendor"?
    In "Partner" section in "Header" --> "Basic data", I can only add 1 vendor.
    The system is:
    Component software: SRM_SERVER
    Release: 700
    Level: 0008
    Support package: SAPKIBKV08
    Thanks in advance and best regards,
    Alonso Valenzuela

    Hi Wadim,
    I have a similar requirement to create order lines in an existing contract with reference using  BAPI_CUSTOMERCONTRACT_CHANGE.  The order lines get created in the contract. However, the condition types from the order line which i'm referencing are not getting referenced and are not getting added in the Contract's line after referencing.
    Did you come across any such issue ? If yes , could you suggest the solution ?
    Regards,
    Venkat.

  • Can you help with D-link and two airport express stations

    I currently run a Dlink 604 wireless and 1 Airport express for iTunes in my front room.
    A Express is also linked to the Dlink via a cable.
    All works fine - G4 dual running OS x 10.3.9
    I would like help with a couple of things please:-
    1. I have no current security on my Express, so anybody can use the net connection through it. How do I change this and still be able to use my tower and laptop?
    2. I have a second Express from work that I would like to use upstairs. It does work but requires me to swap the network to use it for iTunes and then I have no internet.
    It was formatted at work so has different ip numbers etc.
    Can I make this station join my exisitng network?
    As my lap top is wireless will I be able to surf through it upstairs?
    Thanks
    JohnO

    1. You need to open the Express's configuration in Airport Admin Utility and change the Wireless Security settings to WEP or, preferably, WPA or WPA2. When you attempt to connect to the network from your computers, you will be prompted for the password.
    2. The easiest thing to do is to hard reset the second Express and then use the Airport Setup Assistant to configure the second Express to join and extend the first Express's network. To do a hard reset, hold down the reset button until the LED starts flashing rapidly.
    BTW, I know it can work because I have the exact same setup (D-Link DI-604 and two Expresses in an extended wireless network).

  • Problem with Preview Cache and LR5 keeps shutting down

    I keep trying to open LR5 and it gives me an error message that says it encountered a problem with the preview cache and needs to shut down, and it will attempt to fix the problem next time I open LR 5.  It keeps happening and won't allow me to open LR5 at all.  What should I do?

    Delete .lrdata folder (the whole thing) - it's in with your catalog.
    Do NOT delete your catalog (.lrcat file) or anything else.
    If you have 2 .lrdata folders, delete the one that does NOT have "Smart Previews" in the name.
    Rob

  • I want a JClient Form with one mater and two details

    Hi,
    In my JClient Form, I want to have one master view and TWO detail views. The two detail views are linked to the master view simultaniously. Can Jdeveloper do that?
    and How?
    Stephen

    Sure. Just define the VO's and the relations between them and afterwards develop some independant panels which describe the VO's. You can then place each panel on a single panel and organize them the way you want.
    However, there isn't a way to simply generate the entire deal with a single wizard. You will have to run the wizard multiple times for each of the panels you wish to create and then manually put them together.
    Hope This Helps

  • EBS with two accounts and two seperate routing

    I have 2 different Accounts with same bank with two different routing. How do I config the EBS in terms of masking and posting rules? Do I need to config two separate transactions Type?
    Thanks,

    Hi
    You can follow the below,
    1)     Create Account Symbols - Can be common for both
    2)     Assign Account Symbols to G/L accounts - Can be common for both
    3)     Create and define Posting rules - Can be common for both
    4)     Create Transaction type and assign it to external transaction type - One transaction type.
    5)     Assign Bank accounts to transaction type - One transaction type assigned to both the Bank accounts.
    In case of masking, say you have bank accounts with GLs 0011911000 and 0011911001
    For step 2, you can define the followin in for AP clearing account (0011911500 & 0011911501
    Acct Symbol                          G/L acount        
    AP clearing                            00++++5+
    When you are doing ENS for Bank account with GL 0011911000 , that time AP clr acc will be 0011911500.
    In other case it will be 0011911501.
    Summary : Define one transaction type and assign it to both the accounts. Rest all the customization can be common.
    In case of more query on EBS, pls go to the following link.
    http://help.sap.com/erp2005_ehp_05/helpdata/EN/43/0bd87b43de11d1896f0000e8322d00/frameset.htm
    Thanks
    Nikhil

Maybe you are looking for

  • Doubt in Tutorial 6 Webdynpro for ABAP

    Dear folks,                I have been following tutorial 6 in WD4A  given in the link, https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/webcontent/uuid/28113de9-0601-0010-71a3-c87806865f26?rid=/webcontent/uuid/fed073e5-0901-0010-4eb4-c9882aac7

  • Keep Local Machine Locked While Working Remotely

    I originated from the PC-way of doing things, so this feature kinda seems like a no-brainer, but not sure how to go about it... I access my iMac remotely all the time, but I want to keep my screen locked so everyone can't view it while I'm working. H

  • Convert Column from Varchar to NVarchar

    Hi Guys, i know we cannot alter a columns datatype when there is a data. but the problem is that i would like to alter a datatype with the data in database. as there is no downtime to our server. im not sure this can be achieved, but i feel someone m

  • Looking for Techno-functional freelancer in peoplesoft 9.2

    Hello Guys, My company is looking for a freelance who can help us to integrate Resume Parser with our existing PeopleSoft Insatallation with HCM/TAM 9.2. Please contact me asap. Thanks.

  • I can't reset BlackBerry ID

    I've tried several times now, each time resetting my password and trying a new one. There is no way I could have incorrectly typed my password each time. What should I try next? Solved! Go to Solution.