For simple 2-server loadbalancing based on Cisco ACE with basic tcp health checking please follow this guide.

Required elements:
- 2 (hg/mg/eg) hosts to make loadbalancing between them
- Professional use option on the servers above (we have to use vlan between hosts and ACE box)
- Cisco ACE box access
- IP RIPE block (we use one IP only here)



Configure the two servers by following the guide http://help.ovh.ie/vrack.
First we set the ip 172.16.0.1 to 172.16.0.2 and the first machine on the second machine and so on.

IMPORTANT !! You can set 172.16.0.0/12 with the exception of IP listed below, you must add the IP AUCUN CAS as an interface on your machine: 172.16.0.0 => IP Network 172.31.255.248 => Reserved IP used in our example 172.31.255.249 => Reserved IP used in our example 172.31.255.250 => Reserved IP used in our example 172.31.255.251 => Reserved IP used in our example 172.31.255.252 => IP reserved for internal use at OVH 172.31.255.253 => IP reserved for internal use at OVH 172.31.255.254 => Gateway IP of your virtual rack

Then check if your servers are able to communicate :





We will now configure the ACE Load Balancer.

Note that for safety, during the ACE delivery it will be available ONLY from your private network.
So you must set one of your dedicated servers with private IP. Once done you can connect from your dedicated server on the private ip loadbalancer to configure an ACL.



Enter configuration mode and create an ACL in order to access from outside to your ACE.
To find the 'public' vlan your ACE you can do a 'sh run'. The interface that contains the IP of your block is ripe interface 'vlan public'.



Now the ACE context is accessible through ssh on the public IP you can also find in the sh run.

Tip For more information, when you see "(config)" as above, you must do this: Type "conf t" or "configure" to enter configuration mode and then exit with CTRL + Z after the configuration entry.

IMPORTANT !! We use a VLAN tag which is close to yours to configure access to the ACE box. For vlan 2045, we generally use the vlan 245. It is possible that it is different. You can find out by doing a "show running-config". Do not remove above the interface vlan 245! If you do this, you will lose access to the Load Balancer and you will be charged for the restoration of the configuration of our administrators.

Tip ! You can cancel an input line by mistake. For example, if port forwarding provided the wrong gateway, check your configuration using "show running interface" then do: rbx-99-6k-ace-1/vrack1234# configure rbx-99-6k-ace-1/vrack1234(config)# no ip address 72.16.0.10 255.255.255.255 Then enter the correct rule : rbx-99-6k-ace-1/vrack1234# configure rbx-99-6k-ace-1/vrack1234(config)# ip address 172.16.0.10 255.240.0.0

First, add the "ANY" access-list to allow ICMP (ping) and TCP for everyone:

Next, define the interface of the virtual rack for internal use.
OVH recommend using the IP range 172.0.0.0/12.

Your ACE is intended to have a fault tolerance of 0. It is therefore important for you to know that in case of failure on the first router, the second router must be able to take over.
This can occur only when the interfaces are configured.

The configuration will be done in the example too:

• 172.31.255.248 => This IP will become the NAT POOL
• 172.31.255.249 => P ALIAS (which fall on either router #1 or #2)
• 172.31.255.250 => IP of router #1
• 172.31.255.251 => IP of router #2

INFO! The card which is in standby mode for ACE is not configurable! So you can not log on. The configuration is done on the active map that will send thanks to the FT (fault tolerance group) the information to the card is HOT standby.

So let's add the first private network interface:


Add the private address to this interface:

Add and send the ip to be on the second router:

Set the alias for the above two IPs:


The three steps above have therefore set the ip interface vlan on private ROUTER1, ROUTER2 the 'floating' ip (alias) of the two.
We still need to add the nat-pool. Here we use port translation to the real servers in NAT:


then activate the interface and allow the ping:




Make sure your servers A and B are accessed via the virtual rack from ACE:




Above all, we ask the ACE to check the operation of your machines, then we define PROBE_TCP with an interval of 30 seconds and 60 seconds in case of error:


Declare dedicated servers. We announce the loadbalancing machines and their IP and the connection protocol to follow.
In this example, we put a connection limit of 50,000 to prevent overload:



Create a Server Farm
In this example, the farm FARM_WEB is named, we will use the method "leastconns predictor" that creates a Load Balancer which is based on the number of connections. We use the PROBE_TCP configured earlier:





Set http-parameter map. This instructs ACE to perform HTTP header modifications as well as put each new request to a potentially new real server:


Ok, now we have to set a class-map for an inbound traffic selecting. For that we use IP 178.33.8.65 (one of IP RIPE block IPs) and port 80 (www):

Now policy-map which puts client source IP into HTTP header while sending traffic to the serverfarm. We name it WEB_L7_POLICY:

Combine the class-map IP-WEB-L4 and WEB_L7_POLICY HTTP_PARAMETER_MAP and apply.

Apply the service-policy access-list to the incoming interface vlan:



Your interface should look like this (178.33.8.77 IP administration is used to access the ACE Load Balancer)




Make several telnet sessions: