Add two servers with ACE 4710

Similar Messages

• SIP load balancing issue with ACE 4710

  SIP Load balancing Issue with ACE 4710
  I have a Cisco ace 4710 with vesion Version A4(2.2). i configued simple SIP load balancing first without stickiness. without stikeiness we are having a problem because bye packet at the was not going to the same server all the time that left our port in used even though user hang up the phone. its happen randmly. i have a total 20 licenced ports and its fill out very quickly. so i dicided to use the stickiness with call-ID but still same issue. below is the config
  rserver host CIN-VOX-31
    ip address 172.20.130.31
    inservice
  rserver host CIN-VOX-32
    ip address 172.20.130.32
    inservice
  serverfarm host CIN-VOX
    probe SIP-5060
    rserver CIN-VOX-31
      inservice
    rserver CIN-VOX-32
      inservice
  sticky sip-header Call-ID VOX_SIP_GROUP
    timeout 1
    timeout activeconns
    replicate sticky
    serverfarm CIN-VOX
  class-map match-all CIN_VOX_L4_CLASS
    2 match virtual-address 172.22.12.30 any
  class-map match-all CIN_VOX_SIP_L4_CLASS
    2 match virtual-address 172.22.12.30 udp eq sip
  policy-map type loadbalance sip first-match CIN_VOX_LB_SIP_POLICY
    class class-default
      sticky-serverfarm VOX_SIP_GROUP
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
    class CIN_VOX_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  interface vlan 20
    description VIP_DMZ_VLAN
    ip address 172.22.12.4 255.255.255.192
    alias 172.22.12.3 255.255.255.192
    peer ip address 172.22.12.5 255.255.255.192
    access-group input PERMIT-ANY-LB
    service-policy input GLOBAL_DMZ_POLICY
  could you please help me on this...
  thanks
  Rakesh Patel

  I mean there should be one more statement-
  class-map type sip loadbalance match-any CIN_VOX_LB_SIP_POLICY 
  match sip header Call_ID header-value sip:
  and that will be called under-
  policy-map multi-match GLOBAL_DMZ_POLICY
     class CIN_VOX_SIP_L4_CLASS
      loadbalance vip inservice
      loadbalance policy CIN_VOX_LB_SIP_POLICY
      loadbalance vip icmp-reply
  is that missing in your config ?

• Two servers with redundant connections for Sun StorEdge 3320 SCSI arrays

  Hello All,
  I read in the "Sun StorEdge 3000 Family Installation, Operation and Service Manual" that it's possible to setup "two servers with redundant connections" but I never see a detailed schema to do this. I read also the "Best Pratices Guide" but this case is not mentioned. Is it really possible ?
  My objective is to split a Sun StoreEdge 3320 SCSI array between two hosts with dual redundant scsi connection.
  Thanks in advance for your answers.
  Francois.

  At first this sounded easy, but looking at the parts listing for the 3320 seems to indicate otherwise. They're listing different part numbers for the chassis and midplane...
  371-0105 chassis & midplane for JBOD
  371-0106 chassis & midplane for RAID array
  There are also different part numbers for the I/O boards....
  370-7655 RAID SCSI I/O module
  370-7713 JBOD SCSI I/O module
  I can see what the difference is between the I/O modules, but am unsure of what differences if any are in the chassis and midplane. Seems like there's more involved here than what it would be worth to try and make it work. Perhaps the cost of a second HBA would be the lesser of two evils..........

• Monitoring two servers with same IIS configuration using SCOM

  Hello,
  We have two servers which has the same IIS configuration including sites names, how do we configure APM to monitor and get events captured on two different monitors on SCOM 2012 R2.
  Thank you, Anand
  Anand Franklin

  Hi Anand,
  There is no problem at all, if applications IIS paths (Web Site names + Web application name in IIS) absolutely match. Make sure both servers have SCOM Agent installed and connected to the same Management Group.
  In .NET Application Performance Monitoring template just keep Target Group field blank (it's blank by default) - that will mean the application will be monitored on each server within Management Group where it's discovered. The same configuration of
  APM monitoring will be used for all app instances.
  If you want to monitor the app only on two servers, and at the same time the app is hosted on more than these two boxes, you can create Windows Computer group populated with appropriate servers and specify this group as Target for APM monitoring.
  If you want to differentiate APM configuration for specific app instances, you should create several Windows Computer groups and bind each group with separate configuration - in this case you will have to run .NET Application Monitoring template several
  times, picking up the same app, but changing APM settings and setting new Target Group.
  Igor Savchenko, VIAcode Consulting LLC (http://www.viacode.com/)

• Installing oracle10g on two servers with same databae

  Dear DBAs
  I have two servers and one SCSI SATA box as storage device which i have configured in RAID5 format. Servers are connected to channel 0 and 1 of the SATA box respectively.My OS is RHEL ES-4
  I want to install Oracle10g on these two machines with SATA box as the Databse Storage medium. I donot want to use RAC as my clients donot have DBA. The servers has to be configured in a failsafe method.

  hi gert
  the SATA SCSI box is LSI Logic Megaraid sas 8408E. My aim is to have a backup server which needs to be switched on once the main server fails. I can afford for a little bit data loss. Only thing is the backup server should use the data files of the crashed server.

• Full URL re-direct with ACE 4710

  Is there anyway to perform a redirect on the ACE 4710 so that it will redirect a request sent to the domain mydomain.com be redirected to www.mydomain.com, this is so that an installed SSL certificate will match.
  Thanks

  Thank you for your response, but the redirect would occur before any encyption.. for example today this is what happens
  someone goes to
  http://www.mydomain.com
  and the ACE redirects the connection to
  https://www.mydomain.com
  What I want is for someone to go to
  http://mydomain.com (without the www) and for it to redirect to
  http://www.mydomain.com which will inturn redirect to https://www.mydomain.com
  or it can just redirect to https://www.mydomain.com
  So the encryption will not occur until it is redirected to teh correct websit

• Problem on connect to two servers with SSL

  Hey all!
  I've got a problem with connecting to two different servers via SSL in one Application. Every Connection works fine on its one via SSL.
  But if i try to initialize a new connection it fails every time.
  My thought is that the problem is the DriverManager. I'm not quite sure how this DriverManager works, but what i know is that it's a single-ton Class and with that maybe stores some parameters from the first connection which didn't get reloaded when trying to make a new connection.
  Here's the way i create the connection ..
      String host="best.host.ever";
      int port="3306";
      String MYSQL_URL="jdbc:mysql://"+this.host+":"+this.port+"/";
      DBName="db_foobar";
      sqlProps = new Properties();
      sqlProps.setProperty("user","foo");
      sqlProps.setProperty("password","bar");
      sqlProps.setProperty("zeroDateTimeBehavior","convertToNull");
      sqlProps.setProperty("useSSL","true");
      System.setProperty("javax.net.ssl.trustStore", trustStore);
      System.setProperty("javax.net.ssl.trustStorePassword", "trustpass");
      System.setProperty("javax.net.ssl.keyStore", keyStore);
      System.setProperty("javax.net.ssl.keyStorePassword", "keypass");
      System.setProperty("javax.net.debug","ssl");
      printDebug("[Konstruktor] : Connecting to "+MYSQL_URL);
      try {
           Class.forName("org.gjt.mm.mysql.Driver").newInstance();
           this.conn = DriverManager.getConnection(MYSQL_URL+DBName,sqlProps);     
          connectionCount++;
          initOK=true;
      //Catch stuff following...Is it possible that the System.properties i'm setting are only readed one time by the DriverManager (if it's readed by the DriverManager at all)?
  So when i initialize a new Object with different System.properties they may not get used again.
  Hopefully somebody has an explanation or a solution for this.
  Besides: If i launch the programm twice it's no problem to have to differen SSL connections at the same time.
  Thanks for reading and in advance for trying to help!

  Yep, it's the standard authentication failure message. (The error code is 1045).
  The Exception which is thrown is a SQLException with the message:
  Access denied for user 'username'@'p54BB743D.dip.t-dialin.net' (using password: YES)
  errorcode: 1045
  The code i'm using runs well with one connection and even with multiple connections as long as not more than one connection are using SSL.
  To explain:
  The user has the possibility to run the application with a user defined data-source (the connection). You can add a new connection and the application will then add a tabbed pane with the same gui but uses the other data source then.
  This runs fine with multiple connections (I managed to work on 3 differen intranet servers and 2 different servers online, one of them using SSL)
  So all together 5 Connections. Now i wanted to add a 6th server with SSL two and thats the point where it crashes. (Both SSL Servers run perfect on their own with my application - only both together doesnt work).
  About that: Class.forName, yes i'm using it every time when i make a new Connection. This is wrong? Could you explain why?
  Anyway thanks for your answers so far!
  Message was edited by:
  Hotkey_ger

• Problems Balancing IIS servers with ACEs.

  Hi ...
  Pls your help in this case ...
  I just configured an ACE solution for Web Balancing.  The Web Servers are Microsoft Windows 2008 IIS.
  The ACE is configured with two contexts, one for Web Servers and other for Application Servers (both in Microsoft solution).
  The context were configured in "One Arm" for each subnet (web and apps).
  In attached files I'm sending the configuration of ACE. 
  Any sugestion ?
  The error we got in the browsing is:
  System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.
  Invalid viewstate.   Client IP: 10.11.60.26  Port: 1173.

  Hello,
  Have you checked if your application requires persistence? Even when both server may have the exact same content if the user gets rebalanced to a different server during the connection will fail and that error you're getting could be a probe of it.
  Just to confirm try doing a no inservice under the secondary server in the serverfarm in question, clear all the caches and re-test.
  If this indeed solves the issue then it can be easily solved using a sticky method such as source IP or cookie insertion.
  HTH
  Pablo

• FTPS with ACE 4710

  Hi,
  I need to configure ACE for load-balancing FTPS. And simply deploying L4 policies are not helping either. Configured the FTPS servers and both of them are working fine when accessed via physical IP, but do not work when accessed via the VIP.
  if it is possible, a reference URL would really be a great help.

  Hi Rajiv,
  Do you want to loadbalance SFTP ?
  Or just have it pass through ??
  Loadbalancing SFTP is difficult because it starts as regular FTP and switches over to SSL which ACE can't do and fails to understand.
  you don't need anything to have it passthrough.
  As long as you don't ask ACE to inspect the traffic, and assuming this traffic is permitted in your access-group, then there is nothing to do to have it go through.
  I think your goal is to distribute inbound file deposits evenly across SFTP servers.
  High-level Overview
  Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers
  I would like to tell you that SFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.
  So you are good.
  On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.
  FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.
  Kindly find these examples for FTP load balance method in cisco ACE:
  1. FTP serverfarm on Cisco ACE
  http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html
  2. FTP Load Balancing on ACE in Routed Mode Configuration Example
  http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_Routed_Mode_Configuration_Example
  3. FTP Load Balancing on ACE in One-Arm Mode Configuration Example
  http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_One-Arm_Mode_Configuration_Example
  Kindly refer the folowing URL for Layer4 policies:
  http://cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Layer_4_Load_Balancing
  http://snippets101.blogspot.com/2008/08/cisco-ace-and-private-vlans-in-switch.html
  http://snippets101.blogspot.com/2008/08/asymmetric-server-normalization-on.html
  http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Configuring_Server_Load_Balancing
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/tcpipnrm.html#wpmkr1116809
  Hope it will help you furhter in configuring the ACE load balancing L4 policies.
  Kindly rate
  Sachin Garg

• ACE 4710 SSL server LB with stickiness

  I will be replacing 11500 CSS which are not doing SSL termination, just load-balancing SSL sessions terminated on servers with ACE 4710.
  On their CSS config, they were doing SSL-sticky. I understand the 4710 doesn't support SSL sticky, but can perform the same function by parsing the HTTP header. Has anyone done this config before and know where/how to parse the header to look for the SSL session# and stick connections to same server?
  THANKS!

  In Ace 2.x code GPP (Generic protocol parsing) was introduced that enables ACE to look into the Layer 4 payload.Which is how this stickiness id achieved.
  details at
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/sticky.html#wp1133923
  I dont think its currently available on ACE appliance yet.
  Syed

• CSS ACTIVE/ACTIVE SCENARIO WITH JUST TWO SERVERS ??? POSSIBLE??

  Hi
  I'm gonna have a setup of TWO CSS11503 Content Switches with standard WEBNS feature set
  in an ACTIVE / ACTIVE VIP and Virtual interface redundancy scenario for load-balancing just
  two web servers initially.
  Can I hv this setup up & running if I configure the two servers with different default
  gateway addresses on the private side and two static routes in the private side Layer3
  for two different VIP addresses in the public side ??
  Any better suggestions for this scenario.
  Thanx

  Firstly - what Gilles said.
  Having said that, I'm using some content switches in active/active modes in a couple of places in a geographically distributed gateway. Active/Active lets us improve our redundancy characteristics and allow for device failures as well as link failures between the gateways.
  There are lots of complexities that arise if you take this path - you will need to do a lot of logical math and testing about traffic symmetry under all of the different failure conditions, because you introduce the possibility that response traffic could come back at L2/L3 through a different CSS than the request traffic.

• ACE 4710 Setup

  Dear All,
  I have task to add two servers to work with ACE 4710 , the client is coming from internal network and the end host (our servers).
  I don,t know how to connect it physically and do the configuration.
  Thanks a lot in advance .

  Hi,
  Below is basic configuration example with three real servers and Source NAT.
  Let's say you have three servers:
  rserver host SERVER_01
    ip address 192.168.1.11
    inservice
  rserver host SERVER_02
    ip address 192.168.1.12
    inservice
  rserver host SERVER_03
    ip address 192.168.1.13
    inservice
  You add them in serverfarm
  serverfarm host REAL_SERVERS
    rserver SERVER_01
      inservice
    rserver SERVER_02
      inservice
    rserver SERVER_03
      inservice
  After that you configure the VIP and condition. Here any means any protocol and port
  class-map match-all VIP-30
    2 match virtual-address 172.16.51.30 any
  YOu define the L7 policy map
  policy-map type loadbalance first-match SLB_LOGIC
    class class-default
      serverfarm REAL_SERVERS--------->Serverfarm to which traffic would be loadbalanced.
  policy-map multi-match CLIENT_VIPS---->L3 policy map.
    class VIP-30
      loadbalance vip inservice
      loadbalance policy SLB_LOGIC
      nat dynamic 1 vlan 451----------------->You need to apply the NAT when your client is in same subnet as server so that return traffic comes back to ACE and not to client directly or when your servers default GW is not ACE.
  interface vlan 251
    description Client vlan------------------->VIP is in this subnet
    ip address 172.16.51.11 255.255.255.0
    access-group input ANYONE
    service-policy input REMOTE_MGT
    service-policy input CLIENT_VIPS
    no shutdown
  interface vlan 451--------------->Server side subnet
    description Servers vlan
    ip address 192.168.1.1 255.255.255.0
    nat-pool 1 192.168.1.100 192.168.1.110 netmask 255.255.255.0 pat---->Nat pool defined. It should always be on server side vlan.
    no shutdown
  ip route 0.0.0.0 0.0.0.0 172.16.51.1
  I would also suggest going through the below for basic troubleshooting and understanding.
  http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_Overview_of_ACE_Troubleshooting
  Basic loadbalancing using routed mode:
  http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_Routed_Mode_on_the_Cisco_Application_Control_Engine_Configuration_Example
  And if you have any questions, please put them here and we will be glad to help.
  Regards,
  Kanwal
  Note: Please mark answers if they are helpful.

• Rservers initiated traffic not sourcing the traffic as VIP in Ace 4710

  One of the feature of our application is that our Application Server initiate text message to our devices sourcing from UDP 1120 and device need to see the message come from a specific pubic IP (2.2.2.2) with UDP port 1120 and reply back with the same Public IP (2.2.2.2) with UDP port 1120.The problem is we can make that happen if we have only one server in our ACE Serverfarm when we do a SNAT the real servers with the VIP address (10.1.246.32) but it does not work when we have more than one server in the Serverfarm. Since we have 2 servers, i cannot nat the real servers with the VIP address, if I do a PAT, obviously it is changing the source port of the request.
  Note: This setup is working fine with the Cisco Content Switch module running on chasis 6509. When I sniff the traffic initiated from the server coming the CSM load balancer, it is sourcing the traffic as the VIP and the source port remains the same by default but this is not the case with ACE 4710
  Traffic flow as follows
  ===============
  ACE 4710                                                       FWSM (Firewall static NAT)                    Device ( configured with 2.2.2.2:1120 (udp) to snd/rcv msg)
                                               VIP
  Rserver 1   - 10.1.104.80       10.1.246.32           10.1.246.32  < - > 2.2.2.2                              1.1.1.1
  Rserver 2   - 10.1.104.81c
  ---------------------------------------------------------->           ------------------------------->                      - traffic flow from server to the device when we send msg
  Configs:
  ======
  rserver host server1
    ip address 10.1.104.80
    inservice
  rserver host server2
    ip address 10.1.104.81
    inservice
  serverfarm host SFARM
    failaction purge
    probe ICMP
    rserver server1
      inservice
    rserver server2
      inservice
  access-list TEST-1120 line 8 extended permit udp host 10.1.104.80 eq 1120 any
  access-list TEST-1120 line 16 extended permit udp host 10.1.104.81 eq 1120 any
  parameter-map type connection UDP_TIMEOUT
    set timeout inactivity 3600
  sticky ip-netmask 255.255.255.255 address source STKY-SFARM
    serverfarm SFARM
    timeout 180
    replicate sticky
  class-map match-all CLS-SFARM
    2 match virtual-address 10.1.246.32 udp eq 1120
  class-map match-all SERVERNAT
    2 match access-list TEST-1120
  policy-map type loadbalance first-match POL-SFARM
    class class-default
      sticky-serverfarm STKY-SFARM
  policy-map multi-match POL-LB
  class CLS-SFARM
      loadbalance vip inservice
      loadbalance policy POL-SFARM
      loadbalance vip icmp-reply active
      connection advanced-options UDP_TIMEOUT
  class SERVERNAT
     nat dynamic 1 vlan 244
  int vlan 244
  ip address 10.1.246.2 255.255.255.0
  service-policy input POL-LB
  nat-pool 1 10.1.246.32 10.1.246.32 netmask 255.255.255.255
    mac-sticky enable
    no icmp-guard
  no shut
  interface vlan 2506
  ip address 10.1.104.2 255.255.255.0
  service-policy input POL-LB
    mac-sticky enable
    no icmp-guard
  no shut

  I see in CSS, they are able to nat the source ip address with VIP and port-mapping diabled. How do I implement
  portmap disable in ACE 4710
  Disabling Port Mapping
  By default, the CSS NATs source IP addresses and PATs source ports for a configured source group. If you configure the portmap disablecommand in a source group, the CSS performs NAT on the source IP addresses but does not perform PAT on the source ports of UDP traffic that matches on that source group.
  For UDP applications with high-numbered assigned ports (for example, SIP and WAP), we recommend that you preserve those port numbers by configuring destination services in source groups instead of using the portmap disable command. Destination services cause the CSS to NAT the client source ports, but not the destination ports. For information about configuring destination services,

• Can't install ACE 4710 license

  Hi,
  I've tried to installed the license, but is not successful, below are the steps which i've taken to installed the license, with error messages. pls. assist.
  CBJ6-LBDMZ2/Admin# copy tftp://10.2.18.66/ACE20090909090659371.lic disk0:
  Enter the destination filename[]? [ACE20090909090659371.lic]
  Trying to connect to tftp server......
  TFTP get operation was successful
  685 bytes copied
  CBJ6-LBDMZ2/Admin# license install disk0:ACE20090909090659371.lic
  Installing license... failed: Can't install this license with the current count

  CBJ6-LBDMZ2/Admin# show licen
  ACE20090727112500202.lic:
  SERVER this_host ANY
  VENDOR cisco
  INCREMENT ACE-AP-01-LIC cisco 1.0 permanent 1 \
          VENDOR_STRING=1 HOSTID=ANY \
          NOTICE="200907271125002021 \
          1211J5CB363" SIGN=F2E3AFA69526
  I think you have an HW appliance (code: ACE-4710-K9) with one a la carte license ( ACE-AP-01-LIC).
  You bought a Bundle upgrade license, and  this is not compatibly with you current license ( a la carte license).
  To use the  ACE-4710-BUN-UP2= ( 1G Bundle to 2G Bundle Upgrade License) you need to have a bundle product like the
  ACE-4710-1F-K9.
  Check this:
  Table 1     ACE Licensing Bundles
  License Model Description Upgrade Path
  ACE-4710-0.5F-K9
  This license bundle includes the following items:
  •ACE 4710 appliance
  •0.5-Gbps throughput license (ACE-AP-500M-LIC)
  •100-Mbps compression license (ACE-AP-C-100-LIC)
  •100 SSL transactions per second (TPS) license (ACE-AP-SSL-100-K9)
  •5 virtual contexts license (ACE-AP-VIRT-5)
  •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
  You have the option to upgrade to the 1-Gbps, 2-Gbps, or 4-Gbps bundle.
  Start the upgrade with ACE-4710-BUN-UP1=.
  ACE-4710-1F-K9
  This license bundle includes the following items:
  •ACE 4710 appliance
  •1-Gbps throughput license (ACE-AP-01-LIC)
  •500-Mbps compression license (ACE-AP-C-500-LIC)
  •5000 SSL TPS license (ACE-AP-SSL-05K-K9)
  •5 virtual contexts license (ACE-AP-VIRT-5)
  •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
  You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
  Start the upgrade with ACE-4710-BUN-UP2=.
  ACE-4710-BAS-2PAK
  This license bundle includes the following items:
  •Two ACE 4710 appliances
  •1-Gbps throughput license (ACE-AP-01-LIC)
  ACE-4710-BAS-2PAK also includes the following default options:
  •1000 SSL TPS
  •100-Mbps compression
  •5 virtual contexts
  •Application acceleration (50 connections)
  You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
  Start the upgrade with ACE-4710-BUN-UP2=. Two upgrade licenses are  required for upgrading two units of the ACE-4710-BAS-2PAK bundle.
  ACE-4710-2F-K9
  This license bundle includes the following items:
  •ACE 4710 appliance
  •2-Gbps throughput license (ACE-AP-02-LIC)
  •1-Gbps compression license (ACE-AP-C-1000-LIC)
  •7500 SSL TPS license (ACE-AP-SSL-07K-K9)
  •5 virtual contexts license (ACE-AP-VIRT-5)
  •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
  You have the option to upgrade to the 4-Gbps bundle.
  Start the upgrade with ACE-4710-BUN-UP3=.
  ACE-4710-4F-K9
  This license bundle includes the following items:
  •ACE 4710 appliance
  •4-Gbps throughput license (ACE-AP-04-LIC)
  •2-Gbps compression license (ACE-AP-C-2000-LIC)
  •7500 SSL TPS license (ACE-AP-SSL-07K-K9)
  •5 virtual contexts license (ACE-AP-VIRT-5)
  •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
  This is the highest value bundle.
  ACE-4710-BUN-UP1
  0.5 to 1-Gbps throughput bundle upgrade license
  See the Upgrade Path outlined above.
  ACE-4710-BUN-UP2
  1 to 2-Gbps throughput bundle upgrade license
  See the Upgrade Path outlined above.
  ACE-4710-BUN-UP3
  2 to 4-Gbps throughput bundle upgrade license
  See the Upgrade Path outlined above.
  Table 2     ACE Licensing Options
  Feature License Model Description
  Performance Throughput
  Default
  1-Gbps throughput.
  ACE-AP-500M-LIC
  0.5-Gbps throughput.
  ACE-AP-01-LIC
  1-Gbps throughput.
  ACE-AP-02-LIC
  2-Gbps throughput.
  ACE-AP-04-LIC
  4-Gbps throughput.
  ACE-AP-02-UP1
  Upgrade from 1-Gbps to 2-Gbps throughput.
  ACE-AP-04-UP1
  Upgrade from 1-Gbps to 4-Gbps throughput.
  ACE-AP-04-UP2
  Upgrade from 2-Gbps to 4-Gbps throughput.
  Virtualization
  Default
  1 admin/5 user contexts.
  ACE-AP-VIRT-020
  1 admin/20 user contexts.
  SSL
  Default
  100 TPS.
  ACE-AP-SSL-05K-K9
  5000 TPS.
  ACE-AP-SSL-07K-K9
  7500 TPS.
  ACE-AP-SSL-UP1-K9
  Upgrade from 5000 TPS to 7500 TPS.
  HTTP Compression
  Default
  100-Mbps.
  ACE-AP-C-500-LIC
  500-Mbps.
  ACE-AP-C-1000-LIC
  1-Gbps.
  ACE-AP-C-2000-LIC
  2-Gbps.
  ACE-AP-C-UP1
  Upgrade from 500-Mbps to 1 Gbps.
  ACE-AP-C-UP2
  Upgrade from 500-Mbps to 2 Gbps.
  ACE-AP-C-UP3
  Upgrade from 1 Gbps to 2 Gbps.
  Application Acceleration Feature Pack License
  ACE-AP-OPT-LIC-K9
  Application acceleration and optimization. By default, the ACE performs  up to 50 concurrent connections. With the application acceleration and  optimization software feature pack installed, the ACE can provide  greater than 50 concurrent connections.
  This license increases the operating capabilities of the following features:
  •Delta optimization
  •Adaptive dynamic caching
  •FlashForward
  •Dynamic Etag
  ACE-AP-02-LIC=
  Upgrade Performance License 2   Gbps Spare

• Upgrading ACE 4710 & Licensing

  Hello
  We have two pairs of ACE 4710s, one pair running A3(2.4) and the other pair A3(2.0). We plan to upgarde the second pair so that they are running the same image as the first pair (we know they are not the latest, but this is the first step in a larger rollout plan, and to aid some troublshooting for a major issue we are seeing.)
  I have details of the upgrade steps, but my question is with regards to the licenses which are now enforced after (2.0). We currently have the following on the first pair, but are these part of the default licenses for (2.4) or would we need to purchase these as well?
  ACE-AP-500M-LIC
  ACE-AP-C-100-LIC
  ACE-AP-OPT-50-K9
  ACE-AP-SSL-05k-K9
  Thanks in advance
  Shaun

  According to the release notes, the default with the ACE running A3 is :
  •Performance: 1 gigabit per second (Gbps) appliance throughput
  •Virtualization: 1 admin context and 5 user contexts
  •Secure Sockets Layer (SSL): 100 transactions per second (TPS)
  •Hypertext Transfer Protocol (HTTP) compression: 100 megabits per second (Mbps)
  so you don't have to purchase anything