Is the ACE Module support IPV6?

dear all
is the ACE module support IPV6?
best regards

The ACE does not currently support IPv6 but it is being looked at to be added to the feature set.

Similar Messages

  • ACE Module support loadbalance rmi, ajp, jms, etc?

    Hello,
    Do you know if ACE Module support balance the follow protocols:
    1. rmis
    2. ajp
    3. jms
    4. IIOP
    5. CORBA
    6. IIOPS
    I know that ACE module support http, https and tcp/udp port.
    Best Regards

    Hi Alvaro,
    There are no specific handlers in ACE for the protocols listed. RMI over IIOP and majority of CORBA implementations are TCP socket based and typically require persistent (Sticky) assignments to real servers if load-balanced, so generic ACE loadbalancing predictors, probes and sticky features should suffice. If you need to do a deeper inspection you can use the Generic Protocol Parsing, and custom Probe (TCL) capabilities to track content of interest. Same applies for JMS and AJP, although there are different transports for these prototocls (i.e. JMS over HTTP) which may change configuration requirements.
    In general, since these protocols are used for stateful application integration, long running transactions, messaging, and data access...and they are very sensitive to object namespace/target references you should detail individual use case requirements and applicability of external application delivery controller based load balancing (i.e. using ACE).
    Let me know if this helps or if you need more detail. Thanks. -George

  • Ssh access into virtual context on the ACE module A(2.2)

    Hello,
    I tried to configure:
    Admin(conf)#context test
    Admin(conf-context)#ssh key rsa1 1024
    but this command ssh is not supported int this newest version. How can I configure the ssh access directly into virtual context on the ACE module??
    Thank you

    Here's a link on how to configure it.
    https://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/access.html#wp1049450
    Hope that helps.

  • A problem with ACL in the class-map on the ACE module

                      Hi all,
    I configured the following on the ACE module:
    object-group network test
      host 192.168.1.21
      host 192.168.1.22
      host 192.168.1.23
    object-group service port
      tcp eq www
      tcp eq 8080
    access-list T line 8 extended permit object-group port object-group test any
    I tried to configure a class-map for matching this ACL:
    ACE-4710-2/Lab-OPT-11(config)# class-map match-any TEST_C
    ACE-4710-2/Lab-OPT-11(config-cmap)# match access-list T
    Error: Cannot associate acl having object-group ACEs in class-map.
    So couldn't I  configure the class-map by using ACL with object-groups involved? Is it the bug or the normal behaviour? Because the customer uses object-groups in ACLs and he has to configure ACL without object-groups for the traffic classification. It is horrible.
    Thank you
    Roman

    Hi Roman,
    I'm afraid it's the expected behavior. You cannot use an ACL with object-groups inside a class-map.
    Regards
    Daniel

  • How will the Time Capsule support IPv6 and coop with the new emerging security threats that will emerge due to the new technical possibilities that IPv6 provide?

    How will the Time Capsule support IPv6 and coop with the new emerging security threats that will emerge due to the new technical possibilities that IPv6 provide?

    Cross your fingers and hope.
    Obviously if there is any big or known threat Apple will send out a firmware fix.
    But the TC is designed to be end user simple device. It has no firewall that is visible at any rate. I don't know that it truly doesn't have a firewall but it is not part of the end user controls.
    IMO if you have major security concerns that go beyond end device firewall, which is where Apple do put most of the security, since firewall in the router is plainly not a stop to anybody deliberately downloading an infected file or website, and most end users.. do not want a firewall that prevents them using the web like a business does, where only certain ports are allowed. Everything else tough luck.. you are not allowed to use it. Then TC is unsuitable for you anyway.. buy a proper firewall appliance.

  • ACE module support for IPv6 ?

    what is the latest on IPv6 support for ACE module? I saw something saying 2HCY10, but that's where we are now. Any documentation pointers to current compatability and or roadmap are greatly appreciated.
    thanks
    Bob O.

    As mklemovitch described in the following thread, IPv6 will be
    supported on ACE30 module but not in the initial release.
    There is no plan for ACE20 module.
    https://supportforums.cisco.com/message/3192517#3192517
    I'm not sure but maybe around Q3 CY11 or later.
    I cannot see the documentation regarding this feature on CCO.
    I would suggest to contact your account team for details.
    Regards,
    Yuji

  • Is the ACE module is hot swapable?

    can anybody confirm the ACE service module is hot swapable and either it can be placed in slot 5 in 6509 switch.

    Hi,
    The 6500 series supports hot-swappable modules and you can hot-swap the ACE blade in theory but you should shut it down prior to removal to avoid loss of data.
    Slot 5 in a 6509 is reserved for the Sup720.
    See http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/installation/note/aceinote.html
    for more information.
    HTH Cathy

  • Simple SLB with the ACE Module

    Hello,
    i have some problems with a ACE module i am currently tesing.
    I have a simple Serverfarm with two Servers.
    But there seems to be some Problems with the Loadbalancing i not understand:
    1) I use Round Robin, but the ACE seems to put me serval times to the same server. I notice this, because i have different content on both servers, also different URLs.
    2) withz the show serverfarm statement the total connects do not increment.
    switch/slb-c1# show serverfarm webfarm
    serverfarm : webfarm, type: HOST
    total rservers : 2
    ----------connections-----------
    real weight state current total
    ---+---------------------+------+------------+----------+--------------------
    rserver: web1
    10.0.33.201:0 8 OPERATIONAL 0 0
    rserver: web2
    10.0.33.200:0 8 OPERATIONAL 0 0
    switch/slb-c1# show service-policy L4_LB_VIP
    Status : ACTIVE
    Interface: vlan 300
    service-policy: L4_LB_VIP
    class: L4_VIP_CLASS
    loadbalance:
    L7 loadbalance policy: L7_SLB_POLICY
    VIP Route Metric : 77
    VIP Route Advertise : DISABLED
    VIP ICMP Reply : ENABLED
    VIP State: INSERVICE
    curr conns : 0 , hit count : 15
    dropped conns : 0
    client pkt count : 10198 , client byte count: 420991
    server pkt count : 23367 , server byte count: 34915173
    I have attatched the Config.
    Any Idea what is going on?

    what version do you have ?
    I would recommend to run the very recent A1.4.
    This is something that really should work.
    Gilles.

  • Can the ACE module or 4700 server up webpage.

    Hello.
    Is it possible for the ACE to serve up a web page to a VIP when the VIP is OUTOFSERVICE?
    Any capability for that at all?

    Hi,
    The ACE can redirect it to the server which hosts the web page stating content is unavailable , under maintenance etc but no option to do it on ACE itself. If you like to use the former, please look at the option of sorry server and serverfarm.
    Regards,
    Kanwal

  • Shifting rservers on the ACE module

    hi all
    I wanted to please ask about moving rservers from serverfarm1  -to-  serverfarm2
    Can anyone please list out the order in steps to complete this trivial task?
    I'm asking since it was suggested to me to remove the entire VIP and all associated config, and then redeploy it, and that seemed somewhat excessive.
    many thanks

    serverfarm_A
    rserver1
    rserver2
    rserver3
    rserver4
    serverfarm_B
    rserver11
    rserver12
    rserver13
    rserver14
    the requirement is to shift rserver3  and  rserver4 to serverfarm_B
    Essentially the requirement is quite simple, but I don't know if the VIP wil be same or not and in any event I really don't think that'll matter.

  • SSL initiation for SMPP on ACE module

    Hi Community,
    we have a new requirement to enable a connection to a server with SMPP protocol wrapped inside a SSL channel for transport over internet. Can any one suggest if the ACE module support to do SSL initiation to secure standard SMPP (3.4) servers?
    Kind regards

    Hi,
    ACE does support SSL initiation. Please visit the below link for details. Ace also supports SSL termination and End-to-End SSL.
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/ssl/guide/initiate.html
    Regards,
    Kanwal

  • ACE Module and IPSEC

    Hi,
    can i Loadbalance IPSEC to a Couple of Routers via the ACE Module?
    Sven

    Yes, the ACE module supports ipsec.
    You need stickyness based on src ip to guarantee that the isakmp traffic goes to the same router as the ipsec traffic.
    Gilles.

  • [UDP fast age support for ACE Module]

    Hello,
    I'm testing 2 ACE modules running A3.0.0 for DNS load balancing (UDP). We're testing this by using a DNS query generator that (always) seems to use the same UDP source port when originating these queries. At the moment, the ACE module is hardly doing any load-balancing.
    It looks to me like, that because of this, the ACE believes it's the same session (connection) and doesn't really load-balance, so I started looking for a solution and found the fast-age udp feature. But, it seems this is not supported on my ACE modules. Can any one offer another solution and/or look at my config and see if there is another way to achieve load balancing in a testing environment when using a tool like the one I described?
    (I put it that way because i believe in real life since queries come from different IP addresses and randomized udp ports, the ACE module will be just fine).
    Thanks in advance!
    c.

    Hi Carlos,
    Correct. The 3.0(0) is really misleading. You need to start with the "A" - so you really have 1.6.3a installed.
    The "show version" for V2 is slightly better -
    system: Version A2(1.2) [build 3.0(0)A2(1.2)
    Cathy

  • ACS support for ACE Module

    Does ACS for Windows 3.3 support AAA for the ACE module?

    I don't think that is correct. I am still
    having issues with ACE and ACS. See below:
    ACE version Software
    loader: Version 0.95
    system: Version A1(7b) [build 3.0(0)A1(7b)
    Cisco ACS version 4.0.1
    I am trying to authenticate admin users with AAA authentication for ACE management.
    This is what I've done:
    ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
    warning: numeric key will not be encrypted
    ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
    ACE-lab/Admin(config-tacacs+)# server ?
    TACACS+ server name
    ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
    can not find the TACACS+ server
    specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
    ACE-lab/Admin(config-tacacs+)#

  • ACE module - Qos - set ip tos #

    All,
    Trying to mark traffic to/from L4 rules in the ACE.
    Documentation (like always) says it's really easy.  Mark traffic by using the "set ip tos <value>" command in Policy/Class configuration.  Ok, so I do this, set ip tos 24.
    Enable qos globally on the 6500 host, but don't see the traffic being marked.
    sh mls qos says that packets are being modified by module 5 (ACE)
    But I never see the tos value in any of my captures either via netflow from the host 6500, or at the firewall one hop away.
    sh mls qos:
    QoS is enabled globally
      Policy marking depends on port_trust
      QoS ip packet dscp rewrite enabled globally
      Input mode for GRE Tunnel is Pipe mode
      Input mode for MPLS is Pipe mode
    QoS Trust state is CoS on the following interface:
    Te3/1
    QoS Trust state is DSCP on the following interface:
    Gi2/3
      Vlan or Portchannel(Multi-Earl) policies supported: Yes
      Egress policies supported: Yes
    ----- Module [5] -----
      QoS global counters:
        Total packets: 207147888661
        IP shortcut packets: 0
        Packets dropped by policing: 0
        IP packets with TOS changed by policing: 2663386
        IP packets with COS changed by policing: 4889352
        Non-IP packets with COS changed by policing: 0
        MPLS packets with EXP changed by policing: 0
    Can someone explain to me what I've got wrong here?  Is the ACE simply marking traffic destined for the servers behind it and not the return traffic?  Am I missunderstanding something?

    Well... hopefully someone knows how to classify traffic coming from the ACE.
    I've given up on using the ACE to mark traffic as I'm fairly certain it won't do it.  At least not the way I want.
    However, now I've taken to marking ingress on the rserver switch ports... which has resulted in a partially sucessful solution.  Problem is, "partially" successful.
    You'll have a bunch of little conversations like this with no tos value full of push-acks:
    10:29:53.527526 207.161.222.68.2828 > 205.200.114.228.http: P 2954:3455(501) ack 203152 win 65535 (DF)
    10:29:53.527698 205.200.114.228.http > 207.161.222.68.2828: . ack 3455 win 32267
    10:29:53.555271 207.161.222.68.2828 > 205.200.114.228.http: P 3455:3686(231) ack 203152 win 65535 (DF)
    10:29:53.562676 205.200.114.228.http > 207.161.222.68.2828: P 203152:203784(632) ack 3686 win 32768
    10:29:53.674758 207.161.222.68.2828 > 205.200.114.228.http: P 3686:4036(350) ack 203784 win 64903 (DF)
    10:29:53.690853 205.200.114.228.http > 207.161.222.68.2828: P 203784:205244(1460) ack 4036 win 32768
    10:29:53.690863 205.200.114.228.http > 207.161.222.68.2828: P 205244:206704(1460) ack 4036 win 32768
    10:29:53.690871 205.200.114.228.http > 207.161.222.68.2828: P 206704:208164(1460) ack 4036 win 32768
    10:29:53.690879 205.200.114.228.http > 207.161.222.68.2828: P 208164:209624(1460) ack 4036 win 32768
    10:29:53.690887 205.200.114.228.http > 207.161.222.68.2828: P 209624:211084(1460) ack 4036 win 32768
    10:29:53.690895 205.200.114.228.http > 207.161.222.68.2828: P 211084:212544(1460) ack 4036 win 32768
    But then you'll see another conversation pop up with the correct markings
    10:31:53.845287 205.200.114.228.http > 207.161.222.68.2828: . 32753:34213(1460) ack 1082 win 62808 (DF) [tos 0x48]
    10:31:53.845298 205.200.114.228.http > 207.161.222.68.2828: . 34213:35673(1460) ack 1082 win 62808 (DF) [tos 0x48]
    10:31:53.845306 205.200.114.228.http > 207.161.222.68.2828: . 35673:37133(1460) ack 1082 win 62808 (DF) [tos 0x48]
    10:31:53.845313 205.200.114.228.http > 207.161.222.68.2828: . 37133:38593(1460) ack 1082 win 62808 (DF) [tos 0x48]
    10:31:53.845321 205.200.114.228.http > 207.161.222.68.2828: . 38593:40053(1460) ack 1082 win 62808 (DF) [tos 0x48]
    10:31:53.845328 205.200.114.228.http > 207.161.222.68.2828: . 40053:41513(1460) ack 1082 win 62808 (DF) [tos 0x48]
    10:31:53.845335 205.200.114.228.http > 207.161.222.68.2828: . 41513:42973(1460) ack 1082 win 62808 (DF) [tos 0x48]
    10:31:53.845343 205.200.114.228.http > 207.161.222.68.2828: . 42973:44433(1460) ack 1082 win 62808 (DF) [tos 0x48]
    I think what's happening, is that the conversations full of the P-acks is the load balancer communicating directly with the client (i.e. LB pretending to be the server), whereas the marked traffic is "data only" which the load balancer isn't mangling (like it might/probably is doing with the p-acks) on it's way back to the client.
    I also can't modify the configuration of the "virtual ten gig" interface that the 6500 uses as a connection to the ACE module, so can't mark traffic there either.  And though I still have a couple of things to try, I don't believe I can do egress marking on a trunk from the 6500 either (connection to the firewalls).
    So.... PLEASE... Anyone???  Ideas???

Maybe you are looking for