Is the ACE Module support IPV6?
dear all
is the ACE module support IPV6?
best regards
The ACE does not currently support IPv6 but it is being looked at to be added to the feature set.
Similar Messages
-
ACE Module support loadbalance rmi, ajp, jms, etc?
Hello,
Do you know if ACE Module support balance the follow protocols:
1. rmis
2. ajp
3. jms
4. IIOP
5. CORBA
6. IIOPS
I know that ACE module support http, https and tcp/udp port.
Best RegardsHi Alvaro,
There are no specific handlers in ACE for the protocols listed. RMI over IIOP and majority of CORBA implementations are TCP socket based and typically require persistent (Sticky) assignments to real servers if load-balanced, so generic ACE loadbalancing predictors, probes and sticky features should suffice. If you need to do a deeper inspection you can use the Generic Protocol Parsing, and custom Probe (TCL) capabilities to track content of interest. Same applies for JMS and AJP, although there are different transports for these prototocls (i.e. JMS over HTTP) which may change configuration requirements.
In general, since these protocols are used for stateful application integration, long running transactions, messaging, and data access...and they are very sensitive to object namespace/target references you should detail individual use case requirements and applicability of external application delivery controller based load balancing (i.e. using ACE).
Let me know if this helps or if you need more detail. Thanks. -George -
Ssh access into virtual context on the ACE module A(2.2)
Hello,
I tried to configure:
Admin(conf)#context test
Admin(conf-context)#ssh key rsa1 1024
but this command ssh is not supported int this newest version. How can I configure the ssh access directly into virtual context on the ACE module??
Thank youHere's a link on how to configure it.
https://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/access.html#wp1049450
Hope that helps. -
A problem with ACL in the class-map on the ACE module
Hi all,
I configured the following on the ACE module:
object-group network test
host 192.168.1.21
host 192.168.1.22
host 192.168.1.23
object-group service port
tcp eq www
tcp eq 8080
access-list T line 8 extended permit object-group port object-group test any
I tried to configure a class-map for matching this ACL:
ACE-4710-2/Lab-OPT-11(config)# class-map match-any TEST_C
ACE-4710-2/Lab-OPT-11(config-cmap)# match access-list T
Error: Cannot associate acl having object-group ACEs in class-map.
So couldn't I configure the class-map by using ACL with object-groups involved? Is it the bug or the normal behaviour? Because the customer uses object-groups in ACLs and he has to configure ACL without object-groups for the traffic classification. It is horrible.
Thank you
RomanHi Roman,
I'm afraid it's the expected behavior. You cannot use an ACL with object-groups inside a class-map.
Regards
Daniel -
How will the Time Capsule support IPv6 and coop with the new emerging security threats that will emerge due to the new technical possibilities that IPv6 provide?
Cross your fingers and hope.
Obviously if there is any big or known threat Apple will send out a firmware fix.
But the TC is designed to be end user simple device. It has no firewall that is visible at any rate. I don't know that it truly doesn't have a firewall but it is not part of the end user controls.
IMO if you have major security concerns that go beyond end device firewall, which is where Apple do put most of the security, since firewall in the router is plainly not a stop to anybody deliberately downloading an infected file or website, and most end users.. do not want a firewall that prevents them using the web like a business does, where only certain ports are allowed. Everything else tough luck.. you are not allowed to use it. Then TC is unsuitable for you anyway.. buy a proper firewall appliance. -
ACE module support for IPv6 ?
what is the latest on IPv6 support for ACE module? I saw something saying 2HCY10, but that's where we are now. Any documentation pointers to current compatability and or roadmap are greatly appreciated.
thanks
Bob O.As mklemovitch described in the following thread, IPv6 will be
supported on ACE30 module but not in the initial release.
There is no plan for ACE20 module.
https://supportforums.cisco.com/message/3192517#3192517
I'm not sure but maybe around Q3 CY11 or later.
I cannot see the documentation regarding this feature on CCO.
I would suggest to contact your account team for details.
Regards,
Yuji -
Is the ACE module is hot swapable?
can anybody confirm the ACE service module is hot swapable and either it can be placed in slot 5 in 6509 switch.
Hi,
The 6500 series supports hot-swappable modules and you can hot-swap the ACE blade in theory but you should shut it down prior to removal to avoid loss of data.
Slot 5 in a 6509 is reserved for the Sup720.
See http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/installation/note/aceinote.html
for more information.
HTH Cathy -
Simple SLB with the ACE Module
Hello,
i have some problems with a ACE module i am currently tesing.
I have a simple Serverfarm with two Servers.
But there seems to be some Problems with the Loadbalancing i not understand:
1) I use Round Robin, but the ACE seems to put me serval times to the same server. I notice this, because i have different content on both servers, also different URLs.
2) withz the show serverfarm statement the total connects do not increment.
switch/slb-c1# show serverfarm webfarm
serverfarm : webfarm, type: HOST
total rservers : 2
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
rserver: web1
10.0.33.201:0 8 OPERATIONAL 0 0
rserver: web2
10.0.33.200:0 8 OPERATIONAL 0 0
switch/slb-c1# show service-policy L4_LB_VIP
Status : ACTIVE
Interface: vlan 300
service-policy: L4_LB_VIP
class: L4_VIP_CLASS
loadbalance:
L7 loadbalance policy: L7_SLB_POLICY
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
curr conns : 0 , hit count : 15
dropped conns : 0
client pkt count : 10198 , client byte count: 420991
server pkt count : 23367 , server byte count: 34915173
I have attatched the Config.
Any Idea what is going on?what version do you have ?
I would recommend to run the very recent A1.4.
This is something that really should work.
Gilles. -
Can the ACE module or 4700 server up webpage.
Hello.
Is it possible for the ACE to serve up a web page to a VIP when the VIP is OUTOFSERVICE?
Any capability for that at all?Hi,
The ACE can redirect it to the server which hosts the web page stating content is unavailable , under maintenance etc but no option to do it on ACE itself. If you like to use the former, please look at the option of sorry server and serverfarm.
Regards,
Kanwal -
Shifting rservers on the ACE module
hi all
I wanted to please ask about moving rservers from serverfarm1 -to- serverfarm2
Can anyone please list out the order in steps to complete this trivial task?
I'm asking since it was suggested to me to remove the entire VIP and all associated config, and then redeploy it, and that seemed somewhat excessive.
many thanksserverfarm_A
rserver1
rserver2
rserver3
rserver4
serverfarm_B
rserver11
rserver12
rserver13
rserver14
the requirement is to shift rserver3 and rserver4 to serverfarm_B
Essentially the requirement is quite simple, but I don't know if the VIP wil be same or not and in any event I really don't think that'll matter. -
SSL initiation for SMPP on ACE module
Hi Community,
we have a new requirement to enable a connection to a server with SMPP protocol wrapped inside a SSL channel for transport over internet. Can any one suggest if the ACE module support to do SSL initiation to secure standard SMPP (3.4) servers?
Kind regardsHi,
ACE does support SSL initiation. Please visit the below link for details. Ace also supports SSL termination and End-to-End SSL.
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/ssl/guide/initiate.html
Regards,
Kanwal -
Hi,
can i Loadbalance IPSEC to a Couple of Routers via the ACE Module?
SvenYes, the ACE module supports ipsec.
You need stickyness based on src ip to guarantee that the isakmp traffic goes to the same router as the ipsec traffic.
Gilles. -
[UDP fast age support for ACE Module]
Hello,
I'm testing 2 ACE modules running A3.0.0 for DNS load balancing (UDP). We're testing this by using a DNS query generator that (always) seems to use the same UDP source port when originating these queries. At the moment, the ACE module is hardly doing any load-balancing.
It looks to me like, that because of this, the ACE believes it's the same session (connection) and doesn't really load-balance, so I started looking for a solution and found the fast-age udp feature. But, it seems this is not supported on my ACE modules. Can any one offer another solution and/or look at my config and see if there is another way to achieve load balancing in a testing environment when using a tool like the one I described?
(I put it that way because i believe in real life since queries come from different IP addresses and randomized udp ports, the ACE module will be just fine).
Thanks in advance!
c.Hi Carlos,
Correct. The 3.0(0) is really misleading. You need to start with the "A" - so you really have 1.6.3a installed.
The "show version" for V2 is slightly better -
system: Version A2(1.2) [build 3.0(0)A2(1.2)
Cathy -
Does ACS for Windows 3.3 support AAA for the ACE module?
I don't think that is correct. I am still
having issues with ACE and ACS. See below:
ACE version Software
loader: Version 0.95
system: Version A1(7b) [build 3.0(0)A1(7b)
Cisco ACS version 4.0.1
I am trying to authenticate admin users with AAA authentication for ACE management.
This is what I've done:
ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
warning: numeric key will not be encrypted
ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
ACE-lab/Admin(config-tacacs+)# server ?
TACACS+ server name
ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
can not find the TACACS+ server
specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
ACE-lab/Admin(config-tacacs+)# -
ACE module - Qos - set ip tos #
All,
Trying to mark traffic to/from L4 rules in the ACE.
Documentation (like always) says it's really easy. Mark traffic by using the "set ip tos <value>" command in Policy/Class configuration. Ok, so I do this, set ip tos 24.
Enable qos globally on the 6500 host, but don't see the traffic being marked.
sh mls qos says that packets are being modified by module 5 (ACE)
But I never see the tos value in any of my captures either via netflow from the host 6500, or at the firewall one hop away.
sh mls qos:
QoS is enabled globally
Policy marking depends on port_trust
QoS ip packet dscp rewrite enabled globally
Input mode for GRE Tunnel is Pipe mode
Input mode for MPLS is Pipe mode
QoS Trust state is CoS on the following interface:
Te3/1
QoS Trust state is DSCP on the following interface:
Gi2/3
Vlan or Portchannel(Multi-Earl) policies supported: Yes
Egress policies supported: Yes
----- Module [5] -----
QoS global counters:
Total packets: 207147888661
IP shortcut packets: 0
Packets dropped by policing: 0
IP packets with TOS changed by policing: 2663386
IP packets with COS changed by policing: 4889352
Non-IP packets with COS changed by policing: 0
MPLS packets with EXP changed by policing: 0
Can someone explain to me what I've got wrong here? Is the ACE simply marking traffic destined for the servers behind it and not the return traffic? Am I missunderstanding something?Well... hopefully someone knows how to classify traffic coming from the ACE.
I've given up on using the ACE to mark traffic as I'm fairly certain it won't do it. At least not the way I want.
However, now I've taken to marking ingress on the rserver switch ports... which has resulted in a partially sucessful solution. Problem is, "partially" successful.
You'll have a bunch of little conversations like this with no tos value full of push-acks:
10:29:53.527526 207.161.222.68.2828 > 205.200.114.228.http: P 2954:3455(501) ack 203152 win 65535 (DF)
10:29:53.527698 205.200.114.228.http > 207.161.222.68.2828: . ack 3455 win 32267
10:29:53.555271 207.161.222.68.2828 > 205.200.114.228.http: P 3455:3686(231) ack 203152 win 65535 (DF)
10:29:53.562676 205.200.114.228.http > 207.161.222.68.2828: P 203152:203784(632) ack 3686 win 32768
10:29:53.674758 207.161.222.68.2828 > 205.200.114.228.http: P 3686:4036(350) ack 203784 win 64903 (DF)
10:29:53.690853 205.200.114.228.http > 207.161.222.68.2828: P 203784:205244(1460) ack 4036 win 32768
10:29:53.690863 205.200.114.228.http > 207.161.222.68.2828: P 205244:206704(1460) ack 4036 win 32768
10:29:53.690871 205.200.114.228.http > 207.161.222.68.2828: P 206704:208164(1460) ack 4036 win 32768
10:29:53.690879 205.200.114.228.http > 207.161.222.68.2828: P 208164:209624(1460) ack 4036 win 32768
10:29:53.690887 205.200.114.228.http > 207.161.222.68.2828: P 209624:211084(1460) ack 4036 win 32768
10:29:53.690895 205.200.114.228.http > 207.161.222.68.2828: P 211084:212544(1460) ack 4036 win 32768
But then you'll see another conversation pop up with the correct markings
10:31:53.845287 205.200.114.228.http > 207.161.222.68.2828: . 32753:34213(1460) ack 1082 win 62808 (DF) [tos 0x48]
10:31:53.845298 205.200.114.228.http > 207.161.222.68.2828: . 34213:35673(1460) ack 1082 win 62808 (DF) [tos 0x48]
10:31:53.845306 205.200.114.228.http > 207.161.222.68.2828: . 35673:37133(1460) ack 1082 win 62808 (DF) [tos 0x48]
10:31:53.845313 205.200.114.228.http > 207.161.222.68.2828: . 37133:38593(1460) ack 1082 win 62808 (DF) [tos 0x48]
10:31:53.845321 205.200.114.228.http > 207.161.222.68.2828: . 38593:40053(1460) ack 1082 win 62808 (DF) [tos 0x48]
10:31:53.845328 205.200.114.228.http > 207.161.222.68.2828: . 40053:41513(1460) ack 1082 win 62808 (DF) [tos 0x48]
10:31:53.845335 205.200.114.228.http > 207.161.222.68.2828: . 41513:42973(1460) ack 1082 win 62808 (DF) [tos 0x48]
10:31:53.845343 205.200.114.228.http > 207.161.222.68.2828: . 42973:44433(1460) ack 1082 win 62808 (DF) [tos 0x48]
I think what's happening, is that the conversations full of the P-acks is the load balancer communicating directly with the client (i.e. LB pretending to be the server), whereas the marked traffic is "data only" which the load balancer isn't mangling (like it might/probably is doing with the p-acks) on it's way back to the client.
I also can't modify the configuration of the "virtual ten gig" interface that the 6500 uses as a connection to the ACE module, so can't mark traffic there either. And though I still have a couple of things to try, I don't believe I can do egress marking on a trunk from the 6500 either (connection to the firewalls).
So.... PLEASE... Anyone??? Ideas???
Maybe you are looking for
-
How can I open a report created in Access by LabView 7.1? I open, edit, delete a register in a field created in Access without problems a database by LB7.1, but I don't know how open a report to print. I'd like to do since To create a report using La
-
In System Prefereneces, when I am in Desktop and Screen Saver, I am unable to remove folders. I can click the "-" and the folder appears to be gone, but when I close and then reopen System Preferences, and open Desktop and Screen Saver, the folder re
-
SAX Parser - Decoding request data
I have implemented the SAX Parser on a web application. To do this I create a BufferedReader from the request and then call the SAX parse() method. BufferedReader reader = request.getReader(); InputSource inputSource = new InputSource( reader ); xmlR
-
Spiderability problem related to iWeb/Google/Go Daddy
I've read through a similar thread already, but I'm not sure how relevant it was. First, here's my site (Go Daddy domain forwarded to .mac domain) www.riyvideo.com Anyway, my site's links function fine in iWeb and on different browsers. However, Go D
-
Can't connect to MBP on network
Hey, I know this is the Tiger forum, but the Leopard forum is a big mess right now and I seem to be the only one with this issue... So I thought I would dare to post here and have an experienced user (BD... please...I know you're there!) point me in