ACE 4710 Design Guide

D e s i g n G u i d e

All contents are Copyright © 1992–20 0 6 Cisco S ystem s, I nc. All rights reserv ed . T his d ocu m ent is Cisco P u b lic I nf orm ation. P age 1 of 13

Interconnecting the Cisco Application Control Engine (ACE) 4 7 1 0 Appliance

T h e C i s c o A C E 4 7 1 0 a p p l i a n c e p r o v i d e s m a x i m i z e d a p p l i c a ti o n a v a i l a b i l i t y to h e l p e n s u r e b u s i n e s s c o n ti n u i t y a n d th e b e s t s e r v i c e to e n d u s e r s b y ta k i n g a d v a n ta g e o f a v a i l a b i l i t y th r o u g h h i g h l y s c a l a b l e L a y e r 4 l o a d b a l a n c i n g a n d L a y e r 7 c o n te n t s w i tc h i n g , a n d m i n i m i z e s e f f e c ts o f a p p l i c a ti o n , d e v i c e , o r n e tw o r k f a i l u r e . T h i s c o n f i g u r a ti o n o v e r v i e w , ta r g e te d a t e n te r p r i s e a n d s e r v i c e p r o v i d e r c u s to m e r s , h e l p s e n s u r e th e o p ti m i z e d a n d s e c u r e d e l i v e r y o f m i s s i o n -c r i ti c a l a p p l i c a ti o n tr a f f i c i n a h i g h l y a v a i l a b l e e n v i r o n m e n t. T h i s d o c u m e n t p r o v i d e s a b e s t p r a c ti c e e x a m p l e o f h o w to c o n f i g u r e th e C i s c o A C E 4 7 1 0 a p p l i a n c e i n a h i g h a v a i l a b l e e n v i r o n m e n t.

ACE 4710 Physical Characteristics The ACE appliance provides four physical Ethernet ports for processing traffic. The four Layer 2 Ethernet ports can b e configured to provide an interface for connecting to 1 0 -M b ps, 1 0 0 -M b ps, or 1 0 0 0 -M b ps netw ork s. Each Ethernet port supports auto-negotiate, full-duplex , or half-duplex operation on an Ethernet LAN and can carry traffic w ithin one or m ore designated V LAN s.



The ACE appliance does not have additional ports used specifically for m anagem ent traffic. The four Ethernet ports are used to handle all data and m anagem ent traffic in and out of ACE. They are also used for ACE appliances deployed in a redundant fashion utiliz ing a fault tolerant V LAN to m aintain high availab ility. Figure 1. A C E 4 7 1 0 A p p l i a n c e f o n t a n d r e a r c h a s s i s v i e w s

F igure 1 show s the LED link indicators for the Ethernet port and the pin num b er assignm ents for the R J -4 5 port. As show n in F igure 1 for Ethernet port 4 , the link LED in the low er right b elow each Ethernet port serves as the indicator for the associated port. The ports are num b ers from right to left. Figure 2 . T h e A C E 4 7 1 0 A p p l i a n c e p h y s i c a l i n t e r f a c e s a r e l a b e l e d f r o m r i g h t t o l e f t .

The states of each Ethernet port link LED are as follow s:

1 . O ff w hen the 1 0 -M b ps Ethernet link is connected or w hen there is no link . 2. G low s steady green w hen the 1 0 0 -M b ps Ethernet link is connected. 3 . G low s steady orange w hen the 1 0 0 0 -M b ps G igab itEthernet link is connected.

The second LED flashes yellow w hen there is activity. �� To m ax im iz e application and infrastructure availab ility, the Cisco ACE 4 7 1 0 appliance tak es advantage of all four gigab it Ethernet interfaces and ACE virtualiz ation. These interfaces can b e



configured in a port-channel to create a single logical link b etw een the Cisco ACE 4 7 1 0 Appliance and Cisco Catalyst S eries S w itches. Trunk ed V LAN s can b e used to carry all client/ server m essaging, m anagem ent traffic and fault tolerance ( F T) com m unication. Figure 3 . P o r t C h a n n e l c a r r i e s t r a f f i c f o r a l l V L A N s

Connecting the ACE 4 7 1 0 to a Catalyst S w itch in this m anner has several ob vious advantages:

1 . I t allow s for the creation of a single very high-b andw idth logical link ensuring the highest level ( 4 G b ps) of throughput possib le on the ACE 4 7 1 0 appliance. G racefully handles asym m etric traffic profiles typical of w eb architectures.

2. I t sim plifies the interface configuration since the single port-channel and 8 0 2.1 q trunk need only b e configured once and applied to each physical interface.

3 . F uture upgrades, for ex am ple from 1 G b ps to 4 G b ps, can b e accom plished in real tim e b y installing a license for increased throughput w ithout needing to physically re-cab le the appliance interfaces.

4 . I ndividual ACE contex ts are not lim ited b y the throughput of a single 1 G b ps interface. Traffic can b e shaped according to the availab le throughput at the contex t, V I P , or real server level rather than at the interface level.

5 . Allow s the ACE to reach throughput license lim its including throughput additionally reserved m anagem ent traffic. B y default, the entry-level ACE appliance has a 1 -G b ps through-traffic b andw idth lim it and an additional guarantee of 1 -G b ps m anagem ent-traffic b andw idth resulting in a m ax im um b andw idth of 2 G b ps. S im ilarly, w ith the 2-G b ps license, the ACE has a 2-G b ps through-traffic b andw idth and a 1 -G b ps m anagem ent-traffic b andw idth for a total m ax im um b andw idth of 3 G b ps.

6 . The port-channel provides redundancy should any one of the 4 physical interfaces fail. The single logical link can support all the com m on deploym ent m odes including routed, b ridged, one-arm and asym m etric server return w hile also addressing high availab ility and stateful connection replication w ith out issue.



Figure 4 . E x a m p l e n e t w o r k t o p o l o g y i n c o r p o r a t i n g A C E 4 7 1 0 .

H o w b an d w id th is calcu lated o n ACE Each gigab it link on ACE has the potential for sim ultaneously transferring 1 G b ps input and 1 G b ps output. S ince the w ires for input and output are physically separate ( tw o each) the input doesn' t affect the output. W hen the 4 ink s are aggregated w ith etherchannel, ACE can provide a m ax im um of:

• 4 G b ps input - * from * clients and servers • 4 G b ps output - * to* clients and servers

As you can see, that is 4 G b ps throughput - in from one side, out the other. The traffic flow is illustrated in F igure 5 b elow . Figure 5 . E x a m p l e o f t h e t h r o u g h p u t c a l c u l a t i o n o n t h e A C E 4 7 1 0 .

The 4 G b ps is the theoretical m ax im um of client-to-server + server-to-client + F T sync traffic + prob es, assum ing traffic eq ually spread across those ports. I n som e environm ents the default

4Gbps input to A C E +

4Gbps o utput f r o m A C E 4 Gbps “ F ul l -d upl e x ”

3 . 5 Gbps se r v e r r e spo nse

0 . 5 Gbps c l ie nt r e q ue sts



ether channel hash m any not provide the optim al b alance b etw een the 4 aggregated 1 G b ps link s. The ACE 4 7 1 0 supports various port-channel hashes to optim ally distrib ute a vast variety of traffic.

L ayer 2 Co n f ig u ratio n o f the Cisco Catalyst S w itch O nce the 4 physical interfaces on the Cisco ACE 4 7 1 0 Appliance have b een physically connected to the Catalyst sw itch ports, the first step is to configure the port channel and sw itch ports on the Catalyst sw itch.

Switch Port Channel Configuration I n the follow ing ex am ple a Cisco Catalyst 6 5 0 0 is configured w ith a port-channel utiliz ing an 8 0 2.1 q trunk allow ing the associated V LAN s. The native V LAN of the trunk is V LAN 1 0 , it is recom m ended not to use the default V LAN 1 for the native V LAN since this V LAN is used internally on the ACE 4 7 1 0 Appliance. P ort Channel load b alancing is used to distrib ute the traffic load across each of the link s in the port-channel ensuring efficient utiliz ation of each link . P ort-channel load b alancing on the Cisco Catalyst 6 5 0 0 can use M AC addresses or I P addresses, Layer 4 port num b ers, source addresses, destination addresses, or b oth source and destination addresses. B y default the ACE uses src-dst-m ac to m ak e a load b alancing decision. The recom m ended b est practice is to use source and destination L4 port for the load b alancing decision.

sw it c h / A d m in ( c o n f ig) # port-c h a n n e l l oa d -b a l a n c e s rc -d s t-port sw it c h / A d m in ( c o n f ig) # i n te rf a c e P ort-c h a n n e l 1 sw it c h / A d m in ( c o n f ig-if ) # d e s c ri pti on A C E 4 7 1 0 sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port m od e tru n k sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port tru n k e n c a ps u l a ti on d ot1 q sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port tru n k n a ti v e v l a n 1 0 sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port tru n k a l l owe d v l a n 1 0 , 2 0 , 3 0 , 3 1 , 4 0 , 5 0 sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port n on e g oti a te sw it c h / A d m in ( c o n f ig-if ) # m l s q os tru s t c os

sw it c h / A d m in ( c o n f ig-if ) # d o s h o ru n | b e g i n P ort in t e r f ac e P o r t -c h an n e l 1 d e sc r ip t io n t o A C E 4 7 10 sw it c h p o r t sw it c h p o r t t r u n k e n c ap su l at io n d o t 1q sw it c h p o r t t r u n k n at iv e v l an 10 sw it c h p o r t t r u n k al l o w e d v l an 10, 2 0, 3 0, 3 1, 4 0, 5 0 sw it c h p o r t m o d e t r u n k sw it c h p o r t n o n e go t iat e m l s q o s t r u st c o s n o ip ad d r e ss !



O nce the port channel is configured on the sw itch, it can then added to the configuration of the four interfaces. Note: The Cisco ACE 4 7 1 0 Appliance does not support P ort Aggregation P rotocol ( P AgP ) or Link Aggregate Control P rotocol ( LACP ) so the port-channel is configured using “ m ode on”.

Switch I nterface Configuration O n ACE 4 7 1 0 Appliance you can configure the Ethernet port speed for a setting of 1 0 , 1 0 0 , or 1 0 0 0 M b ps b y using the speed com m and in interface configuration m ode. The default for the ACE 4 7 1 0 appliance is auto-negotiate interface speed. I t is recom m ended to avoid relying on auto negotiation of interface speed b y ex plicitly configuring the speed to 1 0 0 0 on b oth the sw itch and the appliance. This w ill avoid the possib ility of the interface operating b elow the ex pected G igab it speed and ensure the port-channel can reach the m ax im um 4 G b ps throughput. The ACE 4 7 1 0 does not im plem ent S panning-Tree protocol and therefore does not tak e part in S panning-Tree root b ridge election process. P ortF ast is configured on the sw itch to reduce the tim e req uired for spanning tree to allow traffic on the port connected to the ACE interface b y im m ediately m oving to forw arding state, b ypassing b lock , listening, and learning states. The average tim e for sw itch port m oving into a forw ard state is approx im ately 3 0 seconds. U sing P ortF ast reduces this tim e to approx im ately 5 seconds. Note: I n virtual partitions operating in b ridge m ode, the ACE offers an option to b ridge S panning-Tree B P D U s b etw een tw o V LAN s in order to prevent the possib ility of a loop. S uch a loop m ay occur w hen tw o partitions end up actively forw arding traffic. W hile this should not happen during norm al operation, the option to b ridge B P D U s provides a safeguard against this condition. U pon seeing B P D U s circling around, the sw itch connected to the ACE 4 7 1 0 w ill im m ediately b lock the port/ V LAN the loop originated from . The follow ing ethertype ACL should b e configured on ACE and applied to Layer 2 interfaces in b ridgem ode: “ acces s -lis t B PD U etherty p e p erm it b p d u”

F o r m o r e i n f o r m a ti o n o n P o r tF a s t, s e e th e f o l l o w i n g U R L : h ttp : / / w w w .c i s c o .c o m / w a r p / p u b l i c / 4 7 3 / 1 2 .h tm l # b k g . The follow ing com m ands are used to configure the sw itch ports:

R o u t e r ( c o n f ig-if ) # i n t ra n g e G i g 3 / 9 - 1 2 R o u t e r ( c o n f ig-if -r an ge ) # c h a n n e l -g rou p 1 m od e on R o u t e r ( c o n f ig-if -r an ge ) # s pe e d 1 0 0 0 R o u t e r ( c o n f ig-if -r an ge ) # s pa n n i n g -tre e portf a s t tru n k R o u t e r ( c o n f ig-if -r an ge ) # n o s h u t

The port channel configuration is then added to each of the interfaces resulting in the follow ing configuration:

R o u t e r ( c o n f ig-if ) # d o s h o ru n | b e g G i g a b i tE th e rn e t3 / 9 B u il d in g c o n f igu r at io n . . .



in t e r f ac e G igab it E t h e r n e t 3 / 9 d e sc r ip t io n A C E 4 7 10 in t 1 sw it c h p o r t sw it c h p o r t t r u n k n at iv e v l an 10 sw it c h p o r t t r u n k al l o w e d v l an 10, 2 0, 3 0, 3 1, 4 0, 5 0 sw it c h p o r t m o d e t r u n k sw it c h p o r t n o n e go t iat e sp e e d 1000 n o ip ad d r e ss sp an n in g-t r e e p o r t f ast t r u n k c h an n e l -gr o u p 1 m o d e o n ! in t e r f ac e G igab it E t h e r n e t 3 / 10 d e sc r ip t io n A C E 4 7 10 in t 2 sw it c h p o r t sw it c h p o r t t r u n k n at iv e v l an 10 sw it c h p o r t t r u n k al l o w e d v l an 10, 2 0, 3 0, 3 1, 4 0, 5 0 sw it c h p o r t m o d e t r u n k sw it c h p o r t n o n e go t iat e sp e e d 1000 n o ip ad d r e ss sp an n in g-t r e e p o r t f ast t r u n k c h an n e l -gr o u p 1 m o d e o n ! in t e r f ac e G igab it E t h e r n e t 3 / 11 d e sc r ip t io n A C E 4 7 10 in t 3 sw it c h p o r t sw it c h p o r t t r u n k al l o w e d v l an 10, 2 0, 3 0, 3 1, 4 0, 5 0 sw it c h p o r t m o d e t r u n k sw it c h p o r t n o n e go t iat e sp e e d 1000

n o ip ad d r e ss sp an n in g-t r e e p o r t f ast t r u n k c h an n e l -gr o u p 1 m o d e o n ! in t e r f ac e G igab it E t h e r n e t 3 / 12 d e sc r ip t io n A C E 4 7 10 in t 4 sw it c h p o r t sw it c h p o r t t r u n k al l o w e d v l an 10, 2 0, 3 0, 3 1, 4 0, 5 0 sw it c h p o r t m o d e t r u n k sw it c h p o r t n o n e go t iat e sp e e d 1000 n o ip ad d r e ss sp an n in g-t r e e p o r t f ast t r u n k c h an n e l -gr o u p 1 m o d e o n



Co n f ig u rin g the Cisco ACE 4710 Ap p lian ce O nce the sw itch is configured, the nex t task is to configure the Cisco ACE 4 7 1 0 Ethernet interfaces and P ort Channel. I n this design w e configure the four Ethernet ports as 1 0 0 0 -M b ps full-duplex and associate each of the four ports as a m em b er of an Layer 2 P ort Channel. The P ort Channel b undles the individual physical Ethernet ports into a single logical link associated as an 8 0 2.1 Q trunk .

A CE Port Channel Configuration I n the follow ing ex am ple the ACE 4 7 1 0 is configured w ith a port-channel utiliz ing an 8 0 2.1 q trunk allow ing the associated V LAN s. S im ilar to the Catalyst sw itch configuration the native V LAN of the trunk is V LAN 1 0 , it is recom m ended not to use the default V LAN 1 for the native V LAN since this V LAN is used internally on the ACE 4 7 1 0 Appliance. N ote that the port-channel num b er on ACE can b e different from that of the sw itch. F or ex am ple in an H A configuration it w ould b e possib le for the distrib ution sw itch port-channel 1 defined for prim ary Cisco ACE 4 7 1 0 Appliance and port-channel 2 defined for the b ack -up. D uring H A replication the port channel is replicated to the b ack up device. This m eans one of the Cisco ACE 4 7 1 0 Appliances w ill alw ays have a different port-channel num b er than that of the sw itch. S ince the port-channel num b ers are not req uired to b e consistent b etw een devices there w ill b e no issue.

sw it c h / A d m in ( c o n f ig) # i n te rf a c e port-c h a n n e l 3 sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port tru n k n a ti v e v l a n 1 0

sw it c h / A d m in ( c o n f ig-if ) # s wi tc h port tru n k a l l owe d v l a n 1 0 , 2 0 , 3 0 , 3 1 , 4 0 , 5 0 sw it c h / A d m in ( c o n f ig-if ) # port-c h a n n e l l oa d -b a l a n c e s rc -d s t-port sw it c h / A d m in ( c o n f ig-if ) # n o s h u td own

A CE E thernet I nterface Configuration I n the follow ing ex am ple the ACE 4 7 1 0 is configured sim ilarly to the Catalyst sw itch configuration. The interface speed on ACE is set to 1 0 0 0 M F ull D uplex and each of the four interfaces is associated w ith the P ort Channel using the “ channel-group” com m and. I t is recom m ended to configure a carrier delay of 3 0 seconds for deploym ents in w hich ACE is configured w ith fault tolerance and preem ption. Note: R efer to the section “ H A w ith preem ption and Carrier D elay” at the end of the docum ent for m ore inform ation regarding carrier-delay.

Additionally ACE appliance is configured to prioritiz e incom ing H A heartb eat traffic ( CoS value of 7 b y default) on each of the ports. Note: R efer to the section “ Enab ling Q uality of S ervice for H igh Availab ility” at the end of the docum ent for m ore inform ation regarding Q O S and H A traffic.

sw it c h / A d m in ( c o n f ig) # i n te rf a c e g i g a b i tE th e rn e t 1 / 1 sw it c h / A d m in ( c o n f ig-if ) # s pe e d 1 0 0 0 M sw it c h / A d m in ( c o n f ig-if ) # d u pl e x F U L L sw it c h / A d m in ( c o n f ig-if ) # c h a n n e l -g rou p 3



sw it c h / A d m in ( c o n f ig-if ) # c a rri e r-d e l a y 3 0 sw it c h / A d m in ( c o n f ig-if ) # q os tru s t c os sw it c h / A d m in ( c o n f ig-if ) # n o s h u td own sw it c h / A d m in ( c o n f ig) # i n te rf a c e g i g a b i tE th e rn e t 1 / 2 sw it c h / A d m in ( c o n f ig-if ) # s pe e d 1 0 0 0 M sw it c h / A d m in ( c o n f ig-if ) # d u pl e x F U L L sw it c h / A d m in ( c o n f ig-if ) # c h a n n e l -g rou p 3 sw it c h / A d m in ( c o n f ig-if ) # c a rri e r-d e l a y 3 0 sw it c h / A d m in ( c o n f ig-if ) # q os tru s t c os

sw it c h / A d m in ( c o n f ig-if ) # n o s h u td own sw it c h / A d m in ( c o n f ig) # i n te rf a c e g i g a b i tE th e rn e t 1 / 3 sw it c h / A d m in ( c o n f ig-if ) # s pe e d 1 0 0 0 M sw it c h / A d m in ( c o n f ig-if ) # d u pl e x F U L L sw it c h / A d m in ( c o n f ig-if ) # c h a n n e l -g rou p 3 sw it c h / A d m in ( c o n f ig-if ) # c a rri e r-d e l a y 3 0 sw it c h / A d m in ( c o n f ig-if ) # q os tru s t c os sw it c h / A d m in ( c o n f ig-if ) # n o s h u td own sw it c h / A d m in ( c o n f ig) # i n te rf a c e g i g a b i tE th e rn e t 1 / 4 sw it c h / A d m in ( c o n f ig-if ) # s pe e d 1 0 0 0 M sw it c h / A d m in ( c o n f ig-if ) # d u pl e x F U L L sw it c h / A d m in ( c o n f ig-if ) # c h a n n e l -g rou p 3 sw it c h / A d m in ( c o n f ig-if ) # c a rri e r-d e l a y 3 0 sw it c h / A d m in ( c o n f ig-if ) # q os tru s t c os

sw it c h / A d m in ( c o n f ig-if ) # n o s h u td own

The port channel configuration is then added to each of the interfaces resulting in the follow ing configuration:

sw it c h / A d m in ( c o n f ig) # d o s h ow ru n i n t G e n e r at in g c o n f igu r at io n . . . .

in t e r f ac e gigab it E t h e r n e t 1/ 1 sp e e d 1000M d u p l e x F U L L c h an n e l -gr o u p 3 c ar r ie r -d e l ay 3 0

n o sh u t d o w n in t e r f ac e gigab it E t h e r n e t 1/ 2

sp e e d 1000M d u p l e x F U L L c h an n e l -gr o u p 3 c ar r ie r -d e l ay 3 0 n o sh u t d o w n

in t e r f ac e gigab it E t h e r n e t 1/ 3 sp e e d 1000M



d u p l e x F U L L c h an n e l -gr o u p 3 c ar r ie r -d e l ay 3 0 n o sh u t d o w n

in t e r f ac e gigab it E t h e r n e t 1/ 4 sp e e d 1000M d u p l e x F U L L c h an n e l -gr o u p 3 c ar r ie r -d e l ay 3 0 n o sh u t d o w n

V erif y L ayer 2 N etw o rk Co n n ectiv ity At this tim e the port-channel and trunk should b e up on b oth the sw itch and the Cisco ACE 4 7 1 0 Appliance. There are several show com m ands that can verify the port-channel and trunk status. F or ex am ple, to view the configuration status for port-channel interface 3 , enter:

sw it c h / A d m in # s h ow i n t port-c h a n n e l 3 P o r t C h an n e l 3 : ---------------------------- D e sc r ip t io n : m o d e : T r u n k n at iv e v l an : 10 st at u s: ( U P ) , l o ad -b al an c e sc h e m e : u n k n o w n P o r t C h an n e l 3 m ap p e d p h y p o r t : 1/ 1 1/ 2 1/ 3 1/ 4 P o r t C h an n e l 3 m ap p e d ac t iv e p h y p o r t : 1/ 1 1/ 2 1/ 3 1/ 4 P o r t C h an n e l 3 al l o w v l an : v l an < 10> v l an < 2 0> v l an < 3 0> -< 3 1> v l an < 4 0> v l an < 5 0> 116 06 09 4 p ac k e t s in p u t , 9 7 012 13 6 8 b y t e s, 0 d r o p p e d R e c e iv e d 6 9 4 8 4 4 b r o ad c ast s ( 108 7 7 8 6 8 m u l t ic ast s) 0 r u n t s , 0 gian t s 0 F C S / A l ign e r r o r s , 0 r u n t F C S , 0 gian t F C S 8 5 4 3 1 p ac k e t s o u t p u t , 12 2 7 8 9 5 5 b y t e s 2 2 3 3 4 b r o ad c ast , 0 m u l t ic ast , 0 c o n t r o l o u t p u t p ac k e t s 0 u n d e r f l o w , 0 sin gl e c o l l isio n , 0 m u l t ip l e c o l l isio n o u t p u t p ac k e t s 0 e x c e ssiv e c o l l isio n an d d r o p p e d , 0 E x c e ssiv e D e f e r r al an d d r o p p e d

I t is im portant to note that the status should indicate “ U P ” and that the all four of the interfaces appear in the “ m apped” output. Also verify that the m ode is “ Trunk ” w ith the correct V LAN s associated. S im ilarly the status of each physical interface can b e verified using the “ show interface” com m and:

sw it c h / A d m in # s h ow i n te rf a c e g i g a b i tE th e rn e t 1 / 4 G igab it E t h e r n e t P o r t 1/ 4 is U P , l in e p r o t o c o l is U P H ar d w ar e is A C E A p p l ian c e 1000M b 8 02 . 3 , ad d r e ss is 00. 00. 00. 00. 2 0. 6 2



M T U 0 b y t e s F u l l -d u p l e x , 1000M b / s 0 p ac k e t s in p u t , 0 b y t e s, 0 d r o p p e d R e c e iv e d 0 b r o ad c ast s ( 0 m u l t ic ast s)

0 r u n t s , 0 gian t s 0 F C S / A l ign e r r o r s , 0 r u n t F C S , 0 gian t F C S

0 p ac k e t s o u t p u t , 0 b y t e s 0 b r o ad c ast , 0 m u l t ic ast , 0 c o n t r o l o u t p u t p ac k e t s 0 u n d e r f l o w , 0 sin gl e c o l l isio n , 0 m u l t ip l e c o l l isio n o u t p u t p ac k e t s 0 e x c e ssiv e c o l l isio n an d d r o p p e d , 0 E x c e ssiv e D e f e r r al an d d r o p p e d

Y ou can also inspect the interface counters on ACE using the follow ing com m and: sw it c h / A d m in # s h ow i n te rf a c e g i g a b i tE th e rn e t 1 / 1 c ou n te rs

O n the Catalyst 6 5 0 0 S w itch the follow ing show com m ands can b e used to verify the P ort Channel and interface configuration:

R o u t e r ( c o n f ig) # d o s h o i n t port 1 e th e r A ge o f t h e P o r t -c h an n e l = 5 d : 2 0h : 3 3 m : 4 8 s L o gic al sl o t / p o r t = 14 / 1 N u m b e r o f p o r t s = 4 G C = 0x 00000000 H o t S t an d B y p o r t = n u l l P o r t st at e = P o r t -c h an n e l A g-I n u se P r o t o c o l = - P o r t s in t h e P o r t -c h an n e l : I n d e x L o ad P o r t E C st at e N o o f b it s ------+------+------+------------------+----------- 0 11 G i3 / 9 O n 2 1 2 2 G i3 / 10 O n 2 2 4 4 G i3 / 11 O n 2 3 8 8 G i3 / 12 O n 2 T im e sin c e l ast p o r t b u n d l e d : 0d : 01h : 4 0m : 5 4 s G i3 / 12 T im e sin c e l ast p o r t U n -b u n d l e d : 0d : 01h : 4 0m : 5 4 s G i3 / 12

R o u t e r ( c o n f ig) # d o s h o i n t tru n k P o r t M o d e E n c ap su l at io n S t at u s N at iv e v l an P o 1 o n 8 02 . 1q t r u n k in g 10 P o r t V l an s al l o w e d o n t r u n k P o 1 10, 2 0, 3 0-3 1, 4 0, 5 0 P o r t V l an s al l o w e d an d ac t iv e in m an age m e n t d o m ain



P o 1 10, 2 0, 3 0-3 1, 4 0, 5 0 P o r t V l an s in sp an n in g t r e e f o r w ar d in g st at e an d n o t p r u n e d P o 1 10, 2 0, 3 0-3 1, 4 0, 5 0

R o u t e r # s h ow i n te rf a c e s c ou n te rs e th e rc h a n n e l P o r t I n O c t e t s I n U c ast P k t s I n M c ast P k t s I n B c ast P k t s G P o 2 00 16 5 8 6 4 14 9 2 3 6 8 5 2 6 0 9 2 4 5 G F a1/ 11 16 5 8 5 9 7 8 3 2 3 6 8 4 6 3 0 9 2 4 4 G F a1/ 12 8 2 0 0 1 G F a1/ 13 4 5 02 6 5 0 1 G P o 2 01 4 5 3 7 3 0 3 1 0 6 6 3 6 G F a1/ 2 1 4 5 3 9 4 0 3 1 0 6 6 3 9 P o r t O u t O c t e t s O u t U c ast P k t s O u t M c ast P k t s O u t B c ast P k t s G P o 2 00 2 18 3 4 04 6 5 5 0 1113 4 4 5 7 2 3 8 14 002 9 3 5 7 5 7 8 8 6 G F a1/ 11 2 18 3 4 03 8 3 5 6 1113 4 4 5 7 2 3 8 14 002 2 3 5 7 5 7 8 3 3 G F a1/ 12 4 2 15 0 5 12 G F a1/ 13 4 5 07 0 5 4 5 G P o 2 01 2 16 2 5 7 4 4 4 2 6 107 9 6 3 5 4 2 3 8 14 112 0 3 5 7 6 12 5 8 G F a1/ 2 1 2 16 2 5 7 4 4 7 8 8 107 9 6 3 5 4 2 3 8 14 112 2 3 5 7 6 12 5 9

� �� B y default, the entry-level ACE has a 1 -G b ps through-traffic b andw idth and a 1 -G b ps m anagem ent-traffic b andw idth for a total m ax im um b andw idth of 2 G b ps. H ow ever w hen the 4 -G b ps throughput license is applied, the ACE cannot reserve additional b andw idth b eyond the four 1 -G b ps port lim it. Therefore som e fraction of the total availab le b andw idth m ust b e reserved at the contex t level for m anagem ent traffic sent to the ACE appliance using the lim it-resource com m and. I n the ex am ple b elow a resource class is created and 2% of the total 4 -G b ps of b andw idth is reserved for m anagem ent traffic in the ACE Adm in contex t:

sw it c h / A d m in ( c o n f ig) # re s ou rc e -c l a s s G L O B A L sw it c h / A d m in ( c o n f ig-r e so u r c e ) # l i m i t-re s ou rc e ra te m g m t-tra f f i c m i n i m u m 2 m a x i m u m e q u a l -to-m i n sw it c h / A d m in ( c o n f ig) # c on te x t A d m i n sw it c h / A d m in ( c o n f ig) # re s ou rc e -c l a s s G L O B A L

W hen you allocate a m inim um percentage of b andw idth to m anagem ent traffic, the ACE sub tracts that value from the m ax im um availab le m anagem ent traffic b andw idth for all contex ts in the ACE. B y default, m anagem ent traffic is guaranteed a m inim um b andw idth rate of 0 and a m ax im um b andw idth rate of 1 G b ps, regardless of the b andw idth license that you install in the ACE. The b est practice recom m endation is to reserve roughly 1 0 0 M b ps for m anagem ent traffic per contex t.

� �� The “ carrier-delay” com m and w as introduced in the ACE 4 7 1 0 1 .8 softw are release. This com m and w as added to handle a very specific scenario involving fault tolerant configurations and preem ption. I n this scenario tw o ACE 4 7 1 0 appliances are connected to each other through a com m on LAN



sw itch such as a Catalyst 6 5 0 0 . ACE A is Active w hile ACE B is S tandb y. S uppose ACE B tak es over b ecause of a failure of ACE A. M om ents later, ACE A com es b ack and w ishes to reclaim its active role ( it is configured to preem pt) . W hen the ACE 4 7 1 0 com es b ack up, it b rings up its Ethernet interfaces and assum es shortly thereafter that the sw itch is ready to accept and process traffic. This m ight not b e the case due to tim ing differences. F or ex am ple the S panning-Tree process could still b e determ ining w hether the port can safely b e put in the forw arding state on the sw itch side. I n the m eantim e, the ACE 4 7 1 0 has already sent gratuitous AR P s to refresh the sw itch fab ric’ s M AC addresses. To prevent this tim ing discrepancy, it is recom m ended you configure a carrier-delay of 3 0 seconds on the ACE 4 7 1 0 that is configured to preem pt.

� �� ! " � �� # �� B y default, Q uality of S ervice ( Q oS ) is disab led for each physical Ethernet port on the ACE. Y ou can enab le Q oS for a configured physical Ethernet port that is b ased on V LAN Class of S ervice ( CoS ) b its ( priority b its that segm ent the traffic in eight different classes of service) . I f a V LAN header is present, the CoS b its are used b y the ACE to m ap fram es into class q ueues for ingress only. I f the fram e is untagged, it falls b ack to a default port Q oS level for m apping. W hen you enab le Q oS on a port ( a trusted port) , ingress traffic is m apped into different ingress q ueues b ased on their V LAN CoS b its. I f there are no V LAN CoS b its, or Q oS is not enab led on the port ( untrusted port) , the traffic is then m apped into the low est priority q ueue. Y ou can enab le Q oS for an Ethernet port configured for fault tolerance. I n this case, heartb eat pack ets are alw ays tagged w ith CoS b its set to 7 ( a w eight of H igh) . W e recom m end that you enab le Q oS on all ports utiliz ing the F T V LAN to provide a higher priority for incom ing F T heartb eats.

F O R M O R E I N F O R M AT I O N F or m ore inform ation ab out the Cisco ACE product fam ily, visit http: / / w w w .cisco.com / go/ ace F or m ore inform ation ab out Application N etw ork ing S ervices, go to: http: / / w w w .cisco.com / en/ U S / products/ hw / contnetw / index .htm l or contact your local account representative.

P r i n t e d i n U S A C7 8 -3 3 17 2 7 -01 10/06 P r i n t e d i n U S A C7 8 -3 3 17 2 7 -01 10/06

ACE 4710 Design Guide

Documents

Transcript of ACE 4710 Design Guide