Does anyone have a simple example of a Cisco ACE (6500 blade or 4710) configuration for one-armed load balancing with SNAT? I have a load balancer in one data center that I want to LB for servers/services in another.
I found the following link: http://snippets101.blogspot.com/2007/12/source-nat-on-cisco-ace.html , but this is a little more complicated than my situation.
Something like:
ACE: 10.1.1.1 & ACE VIP: 10.1.1.2
Server1: 10.2.1.1 & Server2: 10.2.1.2
Client: 10.3.1.1
For example: Client goes to 10.1.1.2, gets SNAT’d as 10.1.1.1 and the request then load-balanced to Servers 1 & 2. The servers replies would then return to the ACE before being forwarded to the client.
I realize this could result, at times, in inefficient routing so if there are better ways of doing this I would appreciate any suggestions.
One slight modification to the stated goal is that the SNAT comes out of the pool 10.1.1.10 – 10.1.1.19 instead of the ACE’s own IP address.
probe icmp ping
interval 15
passdetect interval 60rserver host testserver
ip address 10.2.1.1
probe ping
inservice
rserver host testserver2
ip address 10.2.1.2
probe ping
inserviceserverfarm host onearm
predictor leastconns
rserver testserver
inservice
rserver testserver2
inserviceclass-map match-any vip
2 match virtual-address 10.1.1.2 anypolicy-map type loadbalance first-match farm-testfarm
class class-default
policy-map type loadbalance first-match pmOneArm
class class-default
serverfarm onearmpolicy-map multi-match vipOneArm
class vip
loadbalance vip inservice
loadbalance policy pmOneArm
loadbalance vip icmp-reply active
loadbalance vip advertise active
nat dynamic 10 vlan 15interface vlan 15
ip address 10.1.1.1 255.255.255.0
fragment chain 112
no icmp-guard
access-group output ALL
nat-pool 10 10.1.1.10 10.1.1.19 netmask 255.255.255.0 pat
service-policy input vipOneArm
no shutdown
Check more discussion of this question.
