header
headerhomeService AreasCourse CatalogTraining SchedulesEnrollAbout UsCareers
   

 

Implementing the Application Control Engine Service Module (ACESM)

Deploy and configure intelligent network services using the Catalyst 6500 ACE - 3-day instructor led lecture/lab course

Course Description

In this comprehensive course, examine the key features of the ACE module, including resource virtualization and management, server load balancing (Layer 2-4 and Layer 7), SSL termination and offload, and security features such as application-layer inspection and fix-ups. In addition, you will learn how to deploy and configure intelligent network services using the Catalyst 6500 Application Control Engine (ACE).

Course Objectives

  • IP Application Delivery with the ACE module
  • Configuration tasks necessary to successfully deploy an ACE module
  • Structure and function of the Modular Policy CLI statements used to configure ACE features
  • Capabilities and configuration of the ACE features used to provide load balancing of IP-based applications
  • Layer 7 processing options used to provide advanced application networking
  • ACE support for SSL protocol processing
  • ACE features that provide IP application-based security
  • High Availability options for ACE
  • Methodology used to design and configure multiple ACE features

 

Intended Audience

Technical professionals involved in the installation, configuration, and maintenance of the ACE module 11000.

 

Prerequisites

An in-depth understanding of TCP/IP, IP routing, DNS, HTTP, and SSL, as well as a basic understanding of N-tier application architecture and server load-balancing concepts

 

Course Outline

  1. Introducing ACE
    • IP Protocol Stack Review
    • IP Application Review
    • Introduction to ACE
  2. Deploying ACE
    • Connecting ACE to the Network
    • Network Topologies
    • Virtualization
    • Resource Management
    • Authorizing Management Users
    • Configuring Interfaces
  3. Modular Policy CLI
    • Class Maps
    • Policy Maps
    • Applying Policy Maps
    • Permitting Management Traffic
  4. Managing ACE
    • Control Management Access
    • SNMP Support
  5. Security Features
    • Simple IP ACLs
    • ACL Object Groups
    • SYN Cookies
    • TCP/IP Fragmentation/Reassembly
    • TCP/IP Normalization
    • Network Address Translation
  6. Layer 4/7 Load Balancing
    • Load Balancing Concepts
    • Load Balancing Algorithms
    • Configuring Layer 4 Load Balancing
    • Rate-Limiting Controls
  7. Health Monitoring
    • Overview
    • Active Health Probes
    • HTTP Error Code Monitoring
    • Using TCL Scripting
    • Route Health Injection
    • Persistent and Pipelined Client Connections
    • Server Reuse
  8. Layer 7 Protocol Processing
    • Configuring Layer 7 Load Balancing
    • Session Persistence
    • HTTP Modifications
    • Protocol Inspection
  9. Processing Secure Connections
    • Digital Encryption Technologies
    • SSL Service Options
    • Configuring a Public Key Infrastructure
    • Configuring SSL Proxy Services
  10. High Availability
    • Redundancy
    • Object
    • Tracking FailoverState Replication
    • Displaying Fault Tolerance Information
  11. Integrating Multiple Features
    • Analyzing Network Requirements
    • Designing ACE Contexts
    • Designing ACE Features
    • Configuring Multiple Integrated Features

 

Course Labs

  1. Lab 1: Virtualization
    Observe the lab configuration of the Catalyst 6500 and the ACE Admin Context, and then create new contexts and resource classes to understand the flexibility around ACE module virtualization.
  2. Lab 2: Network Address Translation (NAT)
    Configure the ACE context to perform a variety of NATs. The steps required to configure NAT on ACE are significantly very different from Cisco firewalls. NAT on ACE entirely relies on the MPC framework.
  3. Lab 3: Server Load Balancing
    Configure the ACE context to match VIP-destined traffic and load balance these flows to the real servers on a private network behind the ACE context. Apply class maps to classify client traffic destined to a VIP address. This traffic is then load balanced to a server farm, and one of the real servers is selected to respond to the client request. To allow client traffic into the ACE context, an access list is required to permit the client flows.
  4. Lab 4: Health Monitoring
    Configure the ACE context to monitor real servers.
  5. Lab 5: HTTP SLB (L7) Load Balancing
    Create new class maps and server farms to show URL load balancing.
  6. Lab 6: Sticky Connections
    Configure the ACE context to match VIP-destined traffic and load balance these flows to the real servers on a private network behind the ACE context. Apply class maps to classify client traffic destined to a VIP address. This traffic is then load balanced to a server farm, and one of the real servers is selected to respond to the client request. The same real server will then respond to all future requests from the same source. To allow client traffic into the ACE context, an access list is required to permit the client flows.
  7. Lab 7: Protocol Inspection
    Implement fix-ups and inspection for the FTP protocol.
  8. Lab 8: SSL Termination
    Configure SSL termination.
  9. Lab 9: Multiple Feature Integration
    Configure the ACE context to perform a variety functions in an integrated environment.


TOP

 
 

Course Description

Course Objectives

Intended Audience

Prerequisites

Course Outline

Course Labs

 

 
 

 

    
 
Course Catalog Training Schedules Enroll Training Locations Cancellation Policy Contact Us Related Links Site Map
Service Areas Careers About Us Customer Quotes News & Events
 

CCIP, CCIE, CCDA, CCDP, CCNP, CCNA, VLANDirector, TrafficDirector, CiscoWorks 2000, ONS 15454 Secure PIX Firewal, Secure Virtual Private Networks, Cisco, Cisco Systems, Cisco Systems Logo, Catalyst, EtherChannel, IOS and LightStream are registered trademarks of Cisco Systems, Inc. or its affiliates in the US and certain other countries.