11/5/2016 Converting a Cisco ACE configuration file to F5 BIG­IP Format

 Filter by: 
 Back to List

TECHNICAL ARTICLE

Converting a Cisco ACE configuration file to F5 BIG-IP Format

Updated 21-Dec-2012 • Originally posted on 11-Dec-2012 by Joe Pruitt F5
article ace cisco configuration deployment design migration news techtip

   

In September, Cisco announced that it was ceasing development and pulling back on sales of its Application Control Engine (ACE) load balancing
modules.  Customers of Cisco’s ACE product line will now have to look for a replacement product to solve their load balancing and application
delivery needs.

One of the first questions that will come up when a customer starts looking into replacement products surrounds the issue of upgradability.  Will the
customer be able to import their current configuration into the new technology or will they have to start with the new product from scratch.  For
smaller businesses, starting over can be a refreshing way to clean up some of the things you’ve been meaning to but weren’t able to for one reason
or another.  But, for a large majority of the users out there, starting over from nothing with a new product is a daunting task.

To help with those users who are considering moving to the F5 universe, DevCentral has included several scripts to assist with the configuration
migration process.  In the Advanced Design and Config wiki, we’ve created a topic aptly titled “Cisco” that includes scripts to convert ACE
configurations into it’s F5 counterpart.  We’ve also included scripts that cover Cisco’s CSS and CSM products as well.

In this article, I’m going to focus on the ace2f5-tmsh” in the ace2f5.zip script library.

The script takes as input an ACE configuration and creates a TMSH script to create the corresponding F5 BIG-IP objects.

ace2f5-tmsh.pl
1 $ perl ace2f5‐tmsh.pl ace_config > tmsh_script ?

We could leave it at that, but I’ll use this article to discuss the components of the ACE configuration and how they map to F5 objects.

ip
The ip object in the ACE configuration is defined like this:

1 ip route 0.0.0.0 0.0.0.0 10.211.143.1 ?

equates to a tmsh “net route” command.

1 net route 0.0.0.0‐0 { network 0.0.0.0/0 gw 10.211.143.1 } ?

rserver
An “rserver” is basically a node containing a server address including an optional “inservice” attribute indicating whether it’s active or not.

ACE Configuration

1 rserver host R190‐JOEINC0060 ?

2   ip address 10.213.240.85
3 rserver host R191‐JOEINC0061
4   ip address 10.213.240.86
5   inservice
6 rserver host R192‐JOEINC0062
7   ip address 10.213.240.88
8   inservice
9 rserver host R193‐JOEINC0063
10   ip address 10.213.240.89
11   inservice

It will be used to find the IP address for a given rserver hostname.

serverfarm
https://devcentral.f5.com/articles/converting­a­cisco­ace­configuration­file­to­f5­big­ip­format 1/5
11/5/2016 Converting a Cisco ACE configuration file to F5 BIG­IP Format

serverfarm
A serverfarm is a LTM pool except that it doesn’t have a port assigned to it yet.

ACE Configuration

1 serverfarm host MySite‐JoeInc ?

2   predictor hash url
3   rserver R190‐JOEINC0060
4     inservice
5   rserver R191‐JOEINC0061
6     inservice
7   rserver R192‐JOEINC0062
8     inservice
9   rserver R193‐JOEINC0063
10     inservice

F5 Configuration

1 ltm pool Insiteqa‐JoeInc { ?

2      load‐balancing‐mode predictive‐node
3      members { 10.213.240.86:any { address 10.213.240.86 }}
4      members { 10.213.240.88:any { address 10.213.240.88 }}
5      members { 10.213.240.89:any { address 10.213.240.89 }}
6 }

probe
a “probe” is a LTM monitor except that it does not have a port.

ACE Configuration

1 probe tcp MySite‐JoeInc ?

2   interval 5
3   faildetect 2
4   passdetect interval 10
5   passdetect count 2

will map to the TMSH “ltm monitor” command.

F5 Configuration

1 ltm monitor Insiteqa‐JoeInc { ?

2     defaults from tcp
3     interval 5
4     timeout 10
5     retry 2
6 }

sticky
The “sticky” object is a way to create a persistence profile.  First you tie the serverfarm to the persist profile, then you tie the profile to the Virtual
Server.

ACE Configuration

1 sticky ip‐netmask 255.255.255.255 address source MySite‐JoeInc‐sticky ?

2   timeout 60
3   replicate sticky
4   serverfarm MySite‐JoeInc

class-map
A “class-map” assigns a listener, or Virtual IP address and port number which is used for the clientside and serverside of the connection.

ACE Configuration

1 class‐map match‐any vip‐MySite‐JoeInc‐12345 ?

2   2 match virtual‐address 10.213.238.140 tcp eq 12345
3 class‐map match‐any vip‐MySite‐JoeInc‐1433
4   2 match virtual‐address 10.213.238.140 tcp eq 1433
5 class‐map match‐any vip‐MySite‐JoeInc‐31314
6   2 match virtual‐address 10.213.238.140 tcp eq 31314
7 class‐map match‐any vip‐MySite‐JoeInc‐8080
8   2 match virtual‐address 10.213.238.140 tcp eq 8080
9 class‐map match‐any vip‐MySite‐JoeInc‐http
10   2 match virtual‐address 10.213.238.140 tcp eq www
11 class‐map match‐any vip‐MySite‐JoeInc‐https
12   2 match virtual‐address 10.213.238.140 tcp eq https

 
https://devcentral.f5.com/articles/converting­a­cisco­ace­configuration­file­to­f5­big­ip­format 2/5
11/5/2016 Converting a Cisco ACE configuration file to F5 BIG­IP Format

policy-map
a policy-map of type loadbalance simply ties the persistence profile to the Virtual .  the “multi-match” attribute constructs the virtual server by tying a
bunch of objects together.

ACE Configuration

1 policy‐map type loadbalance first‐match vip‐pol‐MySite‐JoeInc ?

2   class class‐default
3     sticky‐serverfarm MySite‐JoeInc‐sticky
4  
5 policy‐map multi‐match lb‐MySite‐JoeInc
6   class vip‐MySite‐JoeInc‐http
7     loadbalance vip inservice
8     loadbalance policy vip‐pol‐MySite‐JoeInc
9     loadbalance vip icmp‐reply
10   class vip‐MySite‐JoeInc‐https
11     loadbalance vip inservice
12     loadbalance vip icmp‐reply
13   class vip‐MySite‐JoeInc‐12345
14     loadbalance vip inservice
15     loadbalance policy vip‐pol‐MySite‐JoeInc
16     loadbalance vip icmp‐reply
17   class vip‐MySite‐JoeInc‐31314
18     loadbalance vip inservice
19     loadbalance policy vip‐pol‐MySite‐JoeInc
20     loadbalance vip icmp‐reply
21   class vip‐MySite‐JoeInc‐1433
22     loadbalance vip inservice
23     loadbalance policy vip‐pol‐MySite‐JoeInc
24     loadbalance vip icmp‐reply
25   class reals
26     nat dynamic 1 vlan 240
27   class vip‐MySite‐JoeInc‐8080
28     loadbalance vip inservice
29     loadbalance policy vip‐pol‐MySite‐JoeInc
30     loadbalance vip icmp‐reply

F5 Configuration

1 ltm virtual vip‐Insiteqa‐JoeInc‐12345 { ?

2     destination 10.213.238.140:12345
3     pool Insiteqa‐JoeInc
4     persist my_source_addr
5     profiles {
6         tcp {}
7     }
8 }
9  
10 ltm virtual vip‐Insiteqa‐JoeInc‐1433 {
11     destination 10.213.238.140:1433
12     pool Insiteqa‐JoeInc
13     persist my_source_addr
14     profiles {
15         tcp {}
16     }
17 }
18  
19 ltm virtual vip‐Insiteqa‐JoeInc‐31314 {
20     destination 10.213.238.140:31314
21     pool Insiteqa‐JoeInc
22     persist my_source_addr
23     profiles {
24         tcp {}
25     }
26 }
27  
28 ltm virtual vip‐Insiteqa‐JoeInc‐8080 {
29     destination 10.213.238.140:8080
30     pool Insiteqa‐JoeInc
31     persist my_source_addr
32     profiles {
33         tcp {}
34     }
35 }
36  
37 ltm virtual vip‐Insiteqa‐JoeInc‐http {
38     destination 10.213.238.140:http
39     pool Insiteqa‐JoeInc
40     persist my_source_addr
41     profiles {
42         tcp {}
43         http {}
44     }
45 }
46  
47 ltm virtual vip‐Insiteqa‐JoeInc‐https {
48     destination 10.213.238.140:https
49     profiles {
https://devcentral.f5.com/articles/converting­a­cisco­ace­configuration­file­to­f5­big­ip­format 3/5
11/5/2016 Converting a Cisco ACE configuration file to F5 BIG­IP Format
49     profiles {
50         tcp {}
51 }

Conclusion
If you are considering migrating from Cicso’s ACE to F5, I’d consider you take a look at the Cisco conversion scripts to assist with the conversion.

 Average Rating: 4.0

 Print  Download  Favorite  Share

Subscribe to Notifications on this Article

Comments on this Article

Comment made 28-Aug-2014 by whswhswhs124  19

'
 0  |  Report this Comment  |

Add a comment

Add Comment

About DevCentral
We are a community of 250,000+ technical peers who solve problems together.

Learn More

 Get a Developer Lab license

 Contact us - Feedback and Help

 Become an MVP

ABOUT F5
EDUCATION

https://devcentral.f5.com/articles/converting­a­cisco­ace­configuration­file­to­f5­big­ip­format 4/5
11/5/2016 Converting a Cisco ACE configuration file to F5 BIG­IP Format

F5 SITES
PREFERENCES
CONNECT WITH US

Copyright 2016 by F5 Networks | Policies | Trademarks

https://devcentral.f5.com/articles/converting­a­cisco­ace­configuration­file­to­f5­big­ip­format 5/5