CSS to ACE migration

I am in the process of Migration all servers from our Content switch to CIsco ACE4710.
one content has this line item
advanced-balance sticky-srcip
What would be similar option in ACE.?
Thanks for any help on this.
Mehdi

Hello,
Here you have a sample about it:
rserver host SLB-1
  ip address 10.198.16.100
  inservice
serverfarm host SLB
  rserver SLB-1
    inservice
sticky ip-netmask 255.255.255.255 address both ACE-SLB
  timeout 10   
  timeout activeconns
  serverfarm SLB
policy-map type loadbalance first-match SLB-Policy
  class class-default
    sticky-serverfarm ACE-SLB
Here you have a document about it:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/sticky.html
Some of feature under the sticky group may vary based on your requirements but besides that, the sample above is what you could be looking for.
Jorge

Similar Messages

  • CSS to ACE migration Tool in A4(2.0)

    Hi,
    I'm currently working on migration from CSS to ACE. The ACE appliance is running A4(2.0) code. And i couldn't find the CSS to ACE conversion tool in the Web gui. Anybody faced the same issue?
    merci,
    arun

    Hi Arun,
    As we discussed over the phone for the TAC case , the conversion tool is avialable over HTTP access only.
    The tool is not avialable over HTTPS to ACE.
    Sincerely,
    Viral

  • CSS to ACE Migration Tool

    Hi,
    We are planning to upgrade from the existing CSS 11500 series to ACE (6506 bundle with 720 Sup engine). To facilitate a smooth migration, do we have any tool/procedure set?
    Thanks,
    RG.

    Currently there is no such tool to migrate CSS configs to ACE module. I heard that such a tool will be available with the release of ACE appliance (ACE box).
    Syed

  • CSS to ACE Convertion

    Hello all,
    We will change the CSS's to ACE's plataform's.
    Do u know any aplication wich can convert the basic CSS configuration into ACE configuration?
    Plataform's:
    CSS11501S-C-K9
    ACE 4710
    The certificates installed in the CSS could be migratted to the ACE ?

    Hello,
    The 4710 with the ACE software has a built-in CSS-to-ACE conversion tool accessible through the web interface. See http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/css_to_ace/user/guide/cssaceug.html for example.
    The tool may not convert 100% but it may provide a good starting point.
    I don't see any reason why you can't export the certificates from the CSS (assuming you remember the password) and import them into the ACE.
    HTH
    Cathy

  • CVP: CSS or ACE

    Could you please help us in answering the below query from the customer,
    Kotak Mahindra Bank currently has one Primary and one Secondary CVP Server on Version 7.X
    Now since they are expanding, we are proposing an additional server MCS-7845-I2-CCE2
    Now for load balancing, do i propose CSS or ACE?
    If CSS, then which model is being currently sold by Cisco?
    If ACE, then how do i select which model of ACE suits best...There  is 0.5Gbps, 1Gbps, 2Gbps and 10Gbps..Which one is more appropriate for  this CC Size?
    The CVP BOM guide suggests an ACE Appliance on CVP 8.0, but for CVP 7.X it suggest CSS 11500 series with WebNS 7.5X...
    Can i chose ACE for CVP 7.X, will it be supported?

    ACE is the direction going forward.
    I have used the CSS pair in the past, but at Cisco Live I spoke to the ACE team in the World of Solutions and ACE pricing was quite similar to CSS (say the ACE 4710 1U model) and it looked to be an effective solution. ACE is also soon available on a Network Module  (ACE30 - could be out now) and that looked great.
    Be aware of the similar restrictions that apply to CSS if you have the pair geographically separated. With ACE, you would need a GSS above.
    Regards,
    Geoff

  • CSS to ACE conversion tool

    Hi ,
    Is their any CSS to ACE configuration conversion tool

    Currently, there isn't one available yet, the conversion tool is embedded into the software image of the ACE. Not sure if there are plans to make it standalone, I have been looking for those answers as well.

  • Cisco CSS and ACE study guide

    Hi,
    Im ready to kick start Cisco CSS and ACE load balancers. I found that 642-972 DCASD and 642-975 DCASI are the relevant exams for that. But, they are expired now. And, I couldn't even find the old materials for those. Could you please anyone assist me in getting started with this?

    Hi Kanwal,
    Thanks for your reply. BTW, wasn't there any specific study guides for 642-972 DCASD and 642-975 DCASI from Cisco? The reason behind this question is, I want to go step by step starting from how load balancing works, the basics and terminologies of load balancing and its various options and operations etc. I have been working with Network Security and just stepping in to DC operations.

  • CSS and ACE appliance SSL TPS

    Hi,
    Can someone explain how are SSL Transactions per second calculated on CSS and ACE?
    We need to select appropriate SSL license needed for future ACE appliance, wich is defined in terms of TPS.
    We also currently have CSS device with SSL module. Is there any way to find current SSL TPS info on a CSS device?
    Thank you and regards,
    Jasmina

    What is the method used to calculate SSL TPS requirement.
    example,
    Current: Peak SSL Transactions  6,000
    If I expect a peak concurrent connection of 200,000 what would be the methodology for calculating SSL TPS needs. (Some sample calculation steps would be appreciated.)
    Can I interpret the licensing as follows,
    SSL TPS: SSL Transactions per second: Number of NEW transactions that can be setup by ACE per second. (Does this mean established SSL transactions are not counted by the license, though each of the packets in established transactions require SSL termination!)
    Thanks
    Sri

  • Moving from CSS to ACE

    I'm trying to find documentation on moving from a CSS to the ACE but have not been able to find much on the ACE in general (no books at all). Does anyone have any info on this? We are currently using the CSS for multiple Web and Server farms, and are looking to add SSL in the mix. Trying to decide if we should just offload the SSL to the ACE for now (eventually migrating completely to the ACE) or if we should convert everything over at the same time.
    Any links or book suggestions would be appreciated!

    Hi,
    Here is the official link to ACE documentaton (but you probably have already found this...):
    http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html
    I don't believe that there is a book, as this is relatively new product. Also don't hope too much to find migration guide :)
    You may use some design guides for CSM module and try to apply a part of it to ACE (Topology will be simmilar for ACE and CSM, but with ACE you additionaly have possibility of virtualization/contexts).
    But, pay attention, becouse ACE and CSM have completely different config command syntax and configuration philosophy!
    I did not quite understand your dilemma regarding migration?
    Personally, I have not yet had a chance to implement SSL offload on ACE, but it sounds logical to move the server farm that will use SSL offload behind ACE, and do SSL termination and load-balancing for that server farm on ACE. Then, gradually you can move other servers behind ACE...
    You will have to decide based on conditions and requirements in your network, and after reading thousands of pages of documentation... ;)
    Good luck!
    Best regards,
    Jasmina

  • CSS v ACE 4710 Performance Comparison

    Am trying to verify performance figures for a CSS 11503 EOL replacement using ACE 4710
    Trying to comapre apples with apples (is a CSS SSL TPS the same as a ACE 4710 TPS etc...)
    Pulling figures from data sheets, release notes etc I have only come up with the following
    Is there any further figures available for the ACE 4710 to fill in the blanks in table?
    Am sure that ACE 4710 smokes the CSS but have to do the due diligence
    <TR style="HEIGHT: 30pt" mcestyle="height: 30pt;">
    <TD style="WIDTH: 170pt; HEIGHT: 30pt" height=40 width=226 mcestyle="width: 170pt; height: 30pt;"> Metric</TD>
    <TD style="BORDER-LEFT: medium none; WIDTH: 83pt" width=110 mcestyle="border-left: medium none; width: 83pt;"> CSS 11503
    (1xSSL Module)
    <TD style="BORDER-LEFT: medium none; WIDTH: 83pt" width=110 mcestyle="border-left: medium none; width: 83pt;"> ACE 4710</TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> SSL - Transactions per second</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 1,400/sec</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;">7,500/sec</TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> SSL - RSA operations per second</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 4,000/sec</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> SSL - Bulk encryption (ARC4)</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 256 Mbps</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> Maximum concurrent connections</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 40,000</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> Compression </TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 500 Mbps</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;">2 Gbps</TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> Sticky Table</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 128K entries</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> L4 connections/sec</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 22,500</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> </TD></TR>
    <TR style="HEIGHT: 15pt" mcestyle="height: 15pt;">
    <TD style="HEIGHT: 15pt; BORDER-TOP: medium none" height=20 mcestyle="height: 15pt; border-top: medium none;"> L7 connections/sec</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 10,000</TD>
    <TD style="BORDER-LEFT: medium none; BORDER-TOP: medium none" mcestyle="border-left: medium none; border-top: medium none;"> 
    thanks,
    Sez

    Have reposted this msg, as table format garbled by forum
    Sez

  • CSS or ACE

    Hi,
    We would like to load blance  Sharepoint app on two servers in two datacentres.I would like to know which applince is better for this purposes.
    CSS 11501/11503 series or ACE 4710
    Regards.

    Ace is the future.
    It is IPv6 ready and new features are being added every day.
    The CSS is still supported but there is no more development of new features and IPv6 will never be available on that machine.
    Personally, I will go for the appliance.
    Gilles

  • CSS to CSM migration and http health checking

    Hi All,
    I hope someone can help me here.
    We are migrating number of web services to new DC and I have some issue migrating load balancing from CSS 11501 to CSM module in 6509 within new environment.
    Here is config from CSS:
    content WS1
    vip address 192.168.1.125
    add service 192.168.1.105-80-web1
    add service 192.168.1.115-80-web2
    port 80
    protocol tcp
    balance leastconn
    active
    service 192.168.1.105-80-web1
    ip address 192.168.1.105
    keepalive port 80
    keepalive uri "/URIDirect_Default.aspx"
    keepalive method get
    keepalive type http
    keepalive hash "44baffe2618ba829a6b14ad9bccfdcf4"
    active
    service 192.168.1.115-80-web2
    ip address 192.168.1.115
    keepalive port 80
    keepalive uri "/URIDirect_Default.aspx"
    keepalive method get
    keepalive type http
    keepalive hash "f41469e68c42273622774ec706e3ddcf"
    active
    With this config CSS uses URI health check to determine whether or not the app live on the nodes of the farm (CSS checks for certain file's existing in app's home folder by checking the hash value of the file name - I beleive so). This is also handy for windows team which remove/rename checked file on server when want to remove it from web farm.
    However, reading manuals for CSM I can not see http health probe checking for hash, but only for return status.
    Can someone help me with how can I replicate above configuration using CSM.
    Regards,
    Sasa

    Sasa,
    the hash corresponds to a hash of all the text contained in the html page.
    This is to guarantee that the page was not modified.
    This is some kind of security in case a hacker would alter your pages.
    The CSM does not have this feature.
    But honestly, you usually get more troubles with this option than benefits.
    If the Apps team wants to have the server down while changing files, they can I guess turn off the server themselves before doing changes. And then re-enable after.
    Gilles.

  • ACE migration

    Migrating from a single 4710 appliance to a pair of ACE30s in a VSS cluster.  The 4710 is running in bridged mode and I plan on utilizing the same VLANs and mode for the ACE30s.  They are currently configured as a redundant pair.  I have not yet turned up the VLAN interfaces on the ACE30s.  The 4710 is currently connected to a single switch with the 2 VLANs defined on the switch.  The ACE30s I'm migrating to are on a VSS cluster and switches between are a pair of Nexus 7010s.  The end result is no spanning tree redundancy.  Everything is a port-channel or vPC.  My question is do I need to worry about spanning tree when migrating to the ACE30s utlizing the same VLANs on the 6509s.  This is to mimize changes to the servers on these VLANs.  I basically want to be able to migrate the VIPs from the 4710 to the ACE30s one at a time.  I've attached a diagram of the basic layout.

    I've been thinking more about this.  One question I have is that when I move a VIP to the ACE30s how will I get the back end server to send the traffic back through the ACE30 as opposed to the 4710? I'm assuming the arp for the client address will lead it back to the firewall (which is in front of the ACEs and is the default gateway for the subnet).  How will it know to return through the ACE30 versus the 4710? Would I have to do source NAT on the ACE30s to work around this as a temporary solution until I remove the 4710 or should I use a third VLAN that only lives behind the ACE30s and move the servers onto it as part of each VIP migration.

  • CSM - ACE Migration

    I have a pair of 6509's with CSM and SSL modules. We are migrating these to ACE modules in a few days. I have the configuration (except for the interfaces) configured on the ACE, including exported/imported SSL certificates/keys. By not configuring the interfaces with service-policy, the VIP's nor the server IP addresses can conflict with the CSM.
    Also, the supervisor config has already been set up to include the client and server vlans for the service linecard. That connectivity has been established, however, I will be changing the client side interface vlan to the one that the CSM was using as the existing one is temporary.
    My plan is as follows:
    1. Remove the vlan statements for server and client from the supervisor (from config mode, csm mod #).
    2. Power down CSM and SSL modules from supervisor.
    3. Session into ACE. Modify inteface vlans for both client and server side to use the IP addresses from the vlan server and vlan client configs.
    At this time, the servers should begin to appear in the ACE modules' ARP table and the client VIP's should start responding.
    Now, what or how do we clean up the rest of the CSM configuration in the supervisor?
    If you see any flaws in this plan, please let me know.
    Thanks in advance for your assistance.

    Regarding clean up the CSM configuration, please refer to the following discussion.
    Erasing CSM configuration
    https://supportforums.cisco.com/message/446477
    You can remove CSM config with 'no mod csm [slot#]' command, where you have
    to remove all vserver config before you issue this command as Phil said in above
    discussion. (I checked with 12.2(18)SXF13 and the result was as below.)
    #conf t
    (config)#no mod csm 3
    % Remove vserver before unconfiguring slot 3  <<==
    (config)#
    (config)#mod csm 3
    (config-module-csm)#no vser test
    (config-module-csm)#end
    #coff t
    (config)#no mod csm 3
    (config)#end
    Regarding migration step, probably it works fine.
    When I migrate from CSM to ACE in my lab, I use the following step.
    1) issue 'no power enable' command on the sup for the CSM
    2) issue 'svclc vlan-group' command on the sup for the ACE module
    #conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    (config)#no power enable module 3
    Aug 17 00:24:29.643: %C6KPWR-SP-4-DISABLED: power to module in slot 3 set off (admin request)
    (config)#end
    #conf t
    (config)#svclc vlan-group 1  771,772
    (config)#end
    ## sup config for ACE in slot4
    #sh run | i svclc
    svclc autostate
    svclc multiple-vlan-interfaces
    svclc module 4 vlan-group 1
    svclc vlan-group 1  771,772
    ## CSM config in slot 3
    #sh run mod 3
    Building configuration...
    Current configuration : 458 bytes
    module ContentSwitchingModule 3
    vlan 771 client
      ip address 192.168.71.250 255.255.255.0
    vlan 772 server
      ip address 192.168.72.250 255.255.255.0
    real SV1
      address 192.168.72.11
      inservice
    real SV2
      address 192.168.72.12
      inservice
    serverfarm SF
      nat server
      no nat client
      real name SV1
       inservice
      real name SV2
       inservice
    vserver TEST
      virtual 192.168.71.100 any
      serverfarm SF
      persistent rebalance
      inservice
    end
    #conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    (cnfig)#mod csm 3
    (config-module-csm)#no vser test
    (config-module-csm)#exit
    (config)#no mod csm 3  <<== clear config
    (config)#end
    *Aug 17 00:31:07.619: %SYS-5-CONFIG_I: Configured from console by console
    #sh run mod 3
    Building configuration...
    Current configuration : 5 bytes
    end
    ## ACE config
    ACE20/Admin# sh run
    Generating configuration....
    hostname ACE20
    boot system image:c6ace-t1k9-mz.A2_3_1.bin
    access-list all line 8 extended permit ip any any
    rserver host sv1
      ip address 192.168.72.11
      inservice
    rserver host sv2
      ip address 192.168.72.12
      inservice
    serverfarm host sf
      rserver sv1 80
        inservice
      rserver sv2 80
        inservice
    class-map match-all vip-l3
      2 match virtual-address 192.168.71.100 any
    policy-map type loadbalance first-match lb
      class class-default
        serverfarm sf
    policy-map multi-match client-vips
      class vip-l3
        loadbalance vip inservice
        loadbalance policy lb
        loadbalance vip icmp-reply
    access-group input all
    interface vlan 771
      ip address 192.168.71.250 255.255.255.0
      service-policy input client-vips
      no shutdown
    interface vlan 772
      ip address 192.168.72.250 255.255.255.0
      no shutdown
    Regards,
    Yuji

  • L7 URL Policy command for CSS to ACE

    Hi All !
    What will be exact Layer 7 URL matching policy command for below CSS configuration .
    owner PRO
      content proservers
        add service proweb2
        vip address x.x.x.x1
        add service proweb3
        balance leastconn
        protocol tcp
        port 80
        url "/*"
        advanced-balance arrowpoint-cookie
        arrowpoint-cookie name prolianceweb
        arrowpoint-cookie browser-expire
        active
    Thansk In Advance .

    Umeshkumar,
    The config would look something like this.
    probe http WEB_SERVERS
      interval 30
      passdetect interval 30
      passdetect count 2
      request method get url /index.html
      expect status 200 200
    rserver host proweb2
      ip address 192.168.0.200
      inservice
    rserver host proweb3
      ip address 192.168.0.201
      inservice
    serverfarm host SF-1
      probe WEB_SERVERS
      rserver proweb2
        inservice
      rserver proweb3
        inservice
    sticky http-cookie prolianceweb cookie-sticky
      cookie insert browser-expire
      serverfarm SF-1
    class-map match-all L4-CLASS-HTTP
       2 match virtual-address x.x.x.1 tcp eq http
    policy-map type loadbalance http first-match HTTP-POLICY
      class class-default
        sticky-serverfarm COOKIE-STICKY
    policy-map multi-match VIPs
      class L4-CLASS-HTTP
        loadbalance vip inservice
        loadbalance policy HTTP-POLICY
        loadbalance vip icmp-reply
    Thank you
    Jim

Maybe you are looking for

  • No Audio In After Effects CS5.5(Even after rendering)

    I currently have the After Effects CS5.5 Trial Version installed. I am running into a bad audio problem. For the first 2 days I have used it, the audio was fine, it played automatically and I didn't even have to render first to get it. Then, the thir

  • Reciever File Adapter to create multiple target files

    Hi All, I have done the mapping to create multiple output messages . I would like each of the messages to be stored as a separate file in the target . Below is the output message with 2 separate MT_CANCELOUT  messages . However, both end up in one si

  • Mountain Lion Messages behind a proxy

    How can I configure messages to work behind my proxy. Usually there is a proxy to put the proxy information in via the application but I am unable to find this field in messages on mountain lion.

  • [Solved]Can't forward X in ssh with "X11Forwarding yes" set

    Hi friends, I can't forward X in ssh, even with "X11Forwarding yes" set. After I ssh -X into the server, it prompts every time when I try to run a graphic app: Error: no display specified Could you please give me a hint? My sshd_config of the server

  • CHALLAN MAPPING REVERSAL (Indian  Payroll).

    Hi Experts, Can any one provide me the documents  for CHALLAN MAPPING REVERSAL (Indian  Payroll). Or else can any one provide the step to follow for Reversal of challlan mapping. Thanks and Regards Ankita Sahu