This is a very basic ACE SLB configuration. One of my friend was configuring his first cisco ACE module, to tie into his 6500 network. So I'm sharing with you my cfg.
Define your real servers that you want to loadbalance against. Typically you can assign weights to servers if you desire.
rserver host WEBAPP01
ip address 10.112.23.1
rserver host WEBAPP02
ip address 10.112.23.2
rserver host WEBAPP03
ip address 10.112.23.3
! these will be all servers that will be loadbalanced in that farm
Build a ACL, but typical you will use "ANY ANY" but it can be tighten down if you wanted;
access-list inbound line 10 extended permit ip any any
access-list inbound line 10 extended permit tcp any any eq 80
access-list inbound line 10 extended permit tcp any any eq 443
! when building the site that's to be loadbalance, keep it simple, but it's also nice to use names of the site
! for the webfarm, some uses the site FQDN for the farmname convention
serverfarm host www_hyperfeed_com
predictor hash url
! now build a class-map for the traffic we will loadbance against, this will be the VIP exposed for the clients to ! hit from the outside
description “outside address public facing”
match virtual-address 217.XXX.XXX.1
Now let’s tie the items together
policy-map type load-balance http first-match vip1_www_hyperfeed
policy-map multi-match client-vips
loadbalance policy vip1_www_hyperfeed
loadbalance vip icmp-reply active
loadbalance vip inservice
And lastly, you define the vlan interfaces for traffic to the server-web and internet, these interface are configured in the same as switch and apply the appropiate trunking to your core switch with the ACE module. So ensure your 802.1 trunking or whatever your doing is good and solid.
Interface vlan 10
description “traffic to the internet via switchport 3/1 ASA5550- FW01.core02"
ip address 220.127.116.11 255.255.255.0
access-group inbound in
service-policy input client_vips
interface vlan 20
description “traffic to backend webfarm via switchport 3/3 "
ip address 10.112.23.254 255.255.255.0
! lastly install a default route for the internet traffic
ip route 0.0.0.0 0.0.0.0 18.104.22.168
To trouble-shoot; make sure you inspect routes and service-policy to ensure traffic is being match.
Cisco ACE has come along way from the landirector series, but it's not a Brocade ServerIron or F5 LTM. It does support multiple context in the same similar fashion as a cisco ASA firewall. It's easy to configured and monitor.
I hope you find this information helpful
Freelance Network&Security Professional
kfelix at hyperfeed d_o_t com