CSS to ACE migration
I am in the process of Migration all servers from our Content switch to CIsco ACE4710.
one content has this line item
advanced-balance sticky-srcip
What would be similar option in ACE.?
Thanks for any help on this.
Mehdi
Hello,
Here you have a sample about it:
rserver host SLB-1
ip address 10.198.16.100
inservice
serverfarm host SLB
rserver SLB-1
inservice
sticky ip-netmask 255.255.255.255 address both ACE-SLB
timeout 10
timeout activeconns
serverfarm SLB
policy-map type loadbalance first-match SLB-Policy
class class-default
sticky-serverfarm ACE-SLB
Here you have a document about it:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/sticky.html
Some of feature under the sticky group may vary based on your requirements but besides that, the sample above is what you could be looking for.
Jorge
Similar Messages
-
CSS to ACE migration Tool in A4(2.0)
Hi,
I'm currently working on migration from CSS to ACE. The ACE appliance is running A4(2.0) code. And i couldn't find the CSS to ACE conversion tool in the Web gui. Anybody faced the same issue?
merci,
arunHi Arun,
As we discussed over the phone for the TAC case , the conversion tool is avialable over HTTP access only.
The tool is not avialable over HTTPS to ACE.
Sincerely,
Viral -
Hi,
We are planning to upgrade from the existing CSS 11500 series to ACE (6506 bundle with 720 Sup engine). To facilitate a smooth migration, do we have any tool/procedure set?
Thanks,
RG.Currently there is no such tool to migrate CSS configs to ACE module. I heard that such a tool will be available with the release of ACE appliance (ACE box).
Syed -
Hello all,
We will change the CSS's to ACE's plataform's.
Do u know any aplication wich can convert the basic CSS configuration into ACE configuration?
Plataform's:
CSS11501S-C-K9
ACE 4710
The certificates installed in the CSS could be migratted to the ACE ?Hello,
The 4710 with the ACE software has a built-in CSS-to-ACE conversion tool accessible through the web interface. See http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/css_to_ace/user/guide/cssaceug.html for example.
The tool may not convert 100% but it may provide a good starting point.
I don't see any reason why you can't export the certificates from the CSS (assuming you remember the password) and import them into the ACE.
HTH
Cathy -
Could you please help us in answering the below query from the customer,
Kotak Mahindra Bank currently has one Primary and one Secondary CVP Server on Version 7.X
Now since they are expanding, we are proposing an additional server MCS-7845-I2-CCE2
Now for load balancing, do i propose CSS or ACE?
If CSS, then which model is being currently sold by Cisco?
If ACE, then how do i select which model of ACE suits best...There is 0.5Gbps, 1Gbps, 2Gbps and 10Gbps..Which one is more appropriate for this CC Size?
The CVP BOM guide suggests an ACE Appliance on CVP 8.0, but for CVP 7.X it suggest CSS 11500 series with WebNS 7.5X...
Can i chose ACE for CVP 7.X, will it be supported?ACE is the direction going forward.
I have used the CSS pair in the past, but at Cisco Live I spoke to the ACE team in the World of Solutions and ACE pricing was quite similar to CSS (say the ACE 4710 1U model) and it looked to be an effective solution. ACE is also soon available on a Network Module (ACE30 - could be out now) and that looked great.
Be aware of the similar restrictions that apply to CSS if you have the pair geographically separated. With ACE, you would need a GSS above.
Regards,
Geoff -
Hi ,
Is their any CSS to ACE configuration conversion toolCurrently, there isn't one available yet, the conversion tool is embedded into the software image of the ACE. Not sure if there are plans to make it standalone, I have been looking for those answers as well.
-
Hi,
Im ready to kick start Cisco CSS and ACE load balancers. I found that 642-972 DCASD and 642-975 DCASI are the relevant exams for that. But, they are expired now. And, I couldn't even find the old materials for those. Could you please anyone assist me in getting started with this?Hi Kanwal,
Thanks for your reply. BTW, wasn't there any specific study guides for 642-972 DCASD and 642-975 DCASI from Cisco? The reason behind this question is, I want to go step by step starting from how load balancing works, the basics and terminologies of load balancing and its various options and operations etc. I have been working with Network Security and just stepping in to DC operations. -
Hi,
Can someone explain how are SSL Transactions per second calculated on CSS and ACE?
We need to select appropriate SSL license needed for future ACE appliance, wich is defined in terms of TPS.
We also currently have CSS device with SSL module. Is there any way to find current SSL TPS info on a CSS device?
Thank you and regards,
JasminaWhat is the method used to calculate SSL TPS requirement.
example,
Current: Peak SSL Transactions 6,000
If I expect a peak concurrent connection of 200,000 what would be the methodology for calculating SSL TPS needs. (Some sample calculation steps would be appreciated.)
Can I interpret the licensing as follows,
SSL TPS: SSL Transactions per second: Number of NEW transactions that can be setup by ACE per second. (Does this mean established SSL transactions are not counted by the license, though each of the packets in established transactions require SSL termination!)
Thanks
Sri -
I'm trying to find documentation on moving from a CSS to the ACE but have not been able to find much on the ACE in general (no books at all). Does anyone have any info on this? We are currently using the CSS for multiple Web and Server farms, and are looking to add SSL in the mix. Trying to decide if we should just offload the SSL to the ACE for now (eventually migrating completely to the ACE) or if we should convert everything over at the same time.
Any links or book suggestions would be appreciated!Hi,
Here is the official link to ACE documentaton (but you probably have already found this...):
http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html
I don't believe that there is a book, as this is relatively new product. Also don't hope too much to find migration guide :)
You may use some design guides for CSM module and try to apply a part of it to ACE (Topology will be simmilar for ACE and CSM, but with ACE you additionaly have possibility of virtualization/contexts).
But, pay attention, becouse ACE and CSM have completely different config command syntax and configuration philosophy!
I did not quite understand your dilemma regarding migration?
Personally, I have not yet had a chance to implement SSL offload on ACE, but it sounds logical to move the server farm that will use SSL offload behind ACE, and do SSL termination and load-balancing for that server farm on ACE. Then, gradually you can move other servers behind ACE...
You will have to decide based on conditions and requirements in your network, and after reading thousands of pages of documentation... ;)
Good luck!
Best regards,
Jasmina -
CSS v ACE 4710 Performance Comparison
Am trying to verify performance figures for a CSS 11503 EOL replacement using ACE 4710
Trying to comapre apples with apples (is a CSS SSL TPS the same as a ACE 4710 TPS etc...)
Pulling figures from data sheets, release notes etc I have only come up with the following
Is there any further figures available for the ACE 4710 to fill in the blanks in table?
Am sure that ACE 4710 smokes the CSS but have to do the due diligence
<TR style="HEIGHT: 30pt" mcestyle="height: 30pt;">
<TD style="WIDTH: 170pt; HEIGHT: 30pt" height=40 width=226 mcestyle="width: 170pt; height: 30pt;"> Metric</TD>
<TD style="BORDER-LEFT: medium none; WIDTH: 83pt" width=110 mcestyle="border-left: medium none; width: 83pt;"> CSS 11503
(1xSSL Module)
<TD style="BORDER-LEFT: medium none; WIDTH: 83pt" width=110 mcestyle="border-left: medium none; width: 83pt;"> ACE 4710</TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> SSL - Transactions per second</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 1,400/sec</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;">7,500/sec</TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> SSL - RSA operations per second</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 4,000/sec</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> SSL - Bulk encryption (ARC4)</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 256 Mbps</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> Maximum concurrent connections</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 40,000</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> Compression </TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 500 Mbps</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;">2 Gbps</TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> Sticky Table</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 128K entries</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> L4 connections/sec</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 22,500</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
<TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
<TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> L7 connections/sec</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 10,000</TD>
<TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;">
thanks,
SezHave reposted this msg, as table format garbled by forum
Sez -
Hi,
We would like to load blance Sharepoint app on two servers in two datacentres.I would like to know which applince is better for this purposes.
CSS 11501/11503 series or ACE 4710
Regards.Ace is the future.
It is IPv6 ready and new features are being added every day.
The CSS is still supported but there is no more development of new features and IPv6 will never be available on that machine.
Personally, I will go for the appliance.
Gilles -
CSS to CSM migration and http health checking
Hi All,
I hope someone can help me here.
We are migrating number of web services to new DC and I have some issue migrating load balancing from CSS 11501 to CSM module in 6509 within new environment.
Here is config from CSS:
content WS1
vip address 192.168.1.125
add service 192.168.1.105-80-web1
add service 192.168.1.115-80-web2
port 80
protocol tcp
balance leastconn
active
service 192.168.1.105-80-web1
ip address 192.168.1.105
keepalive port 80
keepalive uri "/URIDirect_Default.aspx"
keepalive method get
keepalive type http
keepalive hash "44baffe2618ba829a6b14ad9bccfdcf4"
active
service 192.168.1.115-80-web2
ip address 192.168.1.115
keepalive port 80
keepalive uri "/URIDirect_Default.aspx"
keepalive method get
keepalive type http
keepalive hash "f41469e68c42273622774ec706e3ddcf"
active
With this config CSS uses URI health check to determine whether or not the app live on the nodes of the farm (CSS checks for certain file's existing in app's home folder by checking the hash value of the file name - I beleive so). This is also handy for windows team which remove/rename checked file on server when want to remove it from web farm.
However, reading manuals for CSM I can not see http health probe checking for hash, but only for return status.
Can someone help me with how can I replicate above configuration using CSM.
Regards,
SasaSasa,
the hash corresponds to a hash of all the text contained in the html page.
This is to guarantee that the page was not modified.
This is some kind of security in case a hacker would alter your pages.
The CSM does not have this feature.
But honestly, you usually get more troubles with this option than benefits.
If the Apps team wants to have the server down while changing files, they can I guess turn off the server themselves before doing changes. And then re-enable after.
Gilles. -
Migrating from a single 4710 appliance to a pair of ACE30s in a VSS cluster. The 4710 is running in bridged mode and I plan on utilizing the same VLANs and mode for the ACE30s. They are currently configured as a redundant pair. I have not yet turned up the VLAN interfaces on the ACE30s. The 4710 is currently connected to a single switch with the 2 VLANs defined on the switch. The ACE30s I'm migrating to are on a VSS cluster and switches between are a pair of Nexus 7010s. The end result is no spanning tree redundancy. Everything is a port-channel or vPC. My question is do I need to worry about spanning tree when migrating to the ACE30s utlizing the same VLANs on the 6509s. This is to mimize changes to the servers on these VLANs. I basically want to be able to migrate the VIPs from the 4710 to the ACE30s one at a time. I've attached a diagram of the basic layout.
I've been thinking more about this. One question I have is that when I move a VIP to the ACE30s how will I get the back end server to send the traffic back through the ACE30 as opposed to the 4710? I'm assuming the arp for the client address will lead it back to the firewall (which is in front of the ACEs and is the default gateway for the subnet). How will it know to return through the ACE30 versus the 4710? Would I have to do source NAT on the ACE30s to work around this as a temporary solution until I remove the 4710 or should I use a third VLAN that only lives behind the ACE30s and move the servers onto it as part of each VIP migration.
-
I have a pair of 6509's with CSM and SSL modules. We are migrating these to ACE modules in a few days. I have the configuration (except for the interfaces) configured on the ACE, including exported/imported SSL certificates/keys. By not configuring the interfaces with service-policy, the VIP's nor the server IP addresses can conflict with the CSM.
Also, the supervisor config has already been set up to include the client and server vlans for the service linecard. That connectivity has been established, however, I will be changing the client side interface vlan to the one that the CSM was using as the existing one is temporary.
My plan is as follows:
1. Remove the vlan statements for server and client from the supervisor (from config mode, csm mod #).
2. Power down CSM and SSL modules from supervisor.
3. Session into ACE. Modify inteface vlans for both client and server side to use the IP addresses from the vlan server and vlan client configs.
At this time, the servers should begin to appear in the ACE modules' ARP table and the client VIP's should start responding.
Now, what or how do we clean up the rest of the CSM configuration in the supervisor?
If you see any flaws in this plan, please let me know.
Thanks in advance for your assistance.Regarding clean up the CSM configuration, please refer to the following discussion.
Erasing CSM configuration
https://supportforums.cisco.com/message/446477
You can remove CSM config with 'no mod csm [slot#]' command, where you have
to remove all vserver config before you issue this command as Phil said in above
discussion. (I checked with 12.2(18)SXF13 and the result was as below.)
#conf t
(config)#no mod csm 3
% Remove vserver before unconfiguring slot 3 <<==
(config)#
(config)#mod csm 3
(config-module-csm)#no vser test
(config-module-csm)#end
#coff t
(config)#no mod csm 3
(config)#end
Regarding migration step, probably it works fine.
When I migrate from CSM to ACE in my lab, I use the following step.
1) issue 'no power enable' command on the sup for the CSM
2) issue 'svclc vlan-group' command on the sup for the ACE module
#conf t
Enter configuration commands, one per line. End with CNTL/Z.
(config)#no power enable module 3
Aug 17 00:24:29.643: %C6KPWR-SP-4-DISABLED: power to module in slot 3 set off (admin request)
(config)#end
#conf t
(config)#svclc vlan-group 1 771,772
(config)#end
## sup config for ACE in slot4
#sh run | i svclc
svclc autostate
svclc multiple-vlan-interfaces
svclc module 4 vlan-group 1
svclc vlan-group 1 771,772
## CSM config in slot 3
#sh run mod 3
Building configuration...
Current configuration : 458 bytes
module ContentSwitchingModule 3
vlan 771 client
ip address 192.168.71.250 255.255.255.0
vlan 772 server
ip address 192.168.72.250 255.255.255.0
real SV1
address 192.168.72.11
inservice
real SV2
address 192.168.72.12
inservice
serverfarm SF
nat server
no nat client
real name SV1
inservice
real name SV2
inservice
vserver TEST
virtual 192.168.71.100 any
serverfarm SF
persistent rebalance
inservice
end
#conf t
Enter configuration commands, one per line. End with CNTL/Z.
(cnfig)#mod csm 3
(config-module-csm)#no vser test
(config-module-csm)#exit
(config)#no mod csm 3 <<== clear config
(config)#end
*Aug 17 00:31:07.619: %SYS-5-CONFIG_I: Configured from console by console
#sh run mod 3
Building configuration...
Current configuration : 5 bytes
end
## ACE config
ACE20/Admin# sh run
Generating configuration....
hostname ACE20
boot system image:c6ace-t1k9-mz.A2_3_1.bin
access-list all line 8 extended permit ip any any
rserver host sv1
ip address 192.168.72.11
inservice
rserver host sv2
ip address 192.168.72.12
inservice
serverfarm host sf
rserver sv1 80
inservice
rserver sv2 80
inservice
class-map match-all vip-l3
2 match virtual-address 192.168.71.100 any
policy-map type loadbalance first-match lb
class class-default
serverfarm sf
policy-map multi-match client-vips
class vip-l3
loadbalance vip inservice
loadbalance policy lb
loadbalance vip icmp-reply
access-group input all
interface vlan 771
ip address 192.168.71.250 255.255.255.0
service-policy input client-vips
no shutdown
interface vlan 772
ip address 192.168.72.250 255.255.255.0
no shutdown
Regards,
Yuji -
L7 URL Policy command for CSS to ACE
Hi All !
What will be exact Layer 7 URL matching policy command for below CSS configuration .
owner PRO
content proservers
add service proweb2
vip address x.x.x.x1
add service proweb3
balance leastconn
protocol tcp
port 80
url "/*"
advanced-balance arrowpoint-cookie
arrowpoint-cookie name prolianceweb
arrowpoint-cookie browser-expire
active
Thansk In Advance .Umeshkumar,
The config would look something like this.
probe http WEB_SERVERS
interval 30
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
rserver host proweb2
ip address 192.168.0.200
inservice
rserver host proweb3
ip address 192.168.0.201
inservice
serverfarm host SF-1
probe WEB_SERVERS
rserver proweb2
inservice
rserver proweb3
inservice
sticky http-cookie prolianceweb cookie-sticky
cookie insert browser-expire
serverfarm SF-1
class-map match-all L4-CLASS-HTTP
2 match virtual-address x.x.x.1 tcp eq http
policy-map type loadbalance http first-match HTTP-POLICY
class class-default
sticky-serverfarm COOKIE-STICKY
policy-map multi-match VIPs
class L4-CLASS-HTTP
loadbalance vip inservice
loadbalance policy HTTP-POLICY
loadbalance vip icmp-reply
Thank you
Jim
Maybe you are looking for
-
No Audio In After Effects CS5.5(Even after rendering)
I currently have the After Effects CS5.5 Trial Version installed. I am running into a bad audio problem. For the first 2 days I have used it, the audio was fine, it played automatically and I didn't even have to render first to get it. Then, the thir
-
Reciever File Adapter to create multiple target files
Hi All, I have done the mapping to create multiple output messages . I would like each of the messages to be stored as a separate file in the target . Below is the output message with 2 separate MT_CANCELOUT messages . However, both end up in one si
-
Mountain Lion Messages behind a proxy
How can I configure messages to work behind my proxy. Usually there is a proxy to put the proxy information in via the application but I am unable to find this field in messages on mountain lion.
-
[Solved]Can't forward X in ssh with "X11Forwarding yes" set
Hi friends, I can't forward X in ssh, even with "X11Forwarding yes" set. After I ssh -X into the server, it prompts every time when I try to run a graphic app: Error: no display specified Could you please give me a hint? My sshd_config of the server
-
CHALLAN MAPPING REVERSAL (Indian Payroll).
Hi Experts, Can any one provide me the documents for CHALLAN MAPPING REVERSAL (Indian Payroll). Or else can any one provide the step to follow for Reversal of challlan mapping. Thanks and Regards Ankita Sahu