The Cisco® ACE30 Application Control Engine Module (Figure 1) belongs to the Cisco ACE family of application switches, which deliver availability, security, and consolidation of data center applications. The Cisco ACE product family consists of the Cisco ACE30 Module for the Cisco Catalyst® 6500 Series Switches and the Cisco 7600 Series Routers, Cisco ACE 4710 Appliance, Cisco Global Site Selector (GSS) Appliance, and Cisco Application Networking Manager (ANM) management software.
Figure 1. Cisco ACE30 Module
The Cisco ACE30 allows enterprises to accomplish these important IT objectives for application delivery:
• Increase application availability and performance
• Secure the data center and applications
• Facilitate data center consolidation through the use of fewer servers, load balancers, and data center firewalls
The Cisco ACE30 achieves these goals through a broad set of intelligent Layer 4 load-balancing and Layer 7 content-switching technologies that work with IPv4 and IPv6 traffic and are integrated with the latest virtualization and security capabilities. It supports translation between IPv4 and IPv6 traffic, enabling migration to IPv6 and allowing deployments in mixed networks.
The Cisco ACE30 provides flexibility in managing application traffic, scaling up to 16 Gbps in a single-slot module form factor, upgradeable through software licenses, thus providing IT with long-term investment protection and scalability.
Additionally, through virtualization and role-based access control (RBAC) capabilities, the Cisco ACE30 enables IT to provision and deliver a broad range of applications from a single Cisco ACE module, bringing increased scalability for application provisioning to the data center. This capability helps streamline and reduce the cost of operations involved in implementing, scaling, accelerating, and protecting applications.
The Cisco ACE30 greatly improves server efficiency through highly flexible application traffic management and the offloading of CPU-intensive tasks such as SSL encryption and decryption processing, HTTP compression, and TCP session management.
The Cisco ACE platform is designed to serve as a last line of defense for servers and applications in data centers. An integrated firewall enables IT professionals to comprehensively secure high-value applications in the data center and facilitates data center consolidation (Figure 2).
Figure 2. Cisco ACE Network Integration
By combining high application performance with a comprehensive set of state-of-the-art application delivery features, the Cisco ACE30 promotes greater IT efficiency and reduces the total cost of ownership (TCO).
Features and Benefits
Table 1 summarizes the features and benefits of the Cisco ACE30.
Table 1. Features and Benefits
The Cisco ACE30 provides load-balancing and content-switching functions with granular traffic control based on customizable Layer 4 through 7 rules with support for both IPv4 and IPv6 addresses, VIPs, and server farms.
Cisco ACE can natively load-balance the following protocols in an IPv4 environment: HTTP/HTTPS, FTP, Domain Name System (DNS), Internet Control Message Protocol (ICMP), Session Initiation Protocol (SIP), Real-Time Streaming Protocol (RTSP), Extended RTSP, Lightweight Directory Access Protocol (LDAP), RADIUS, Skinny Client Control Protocol (SCCP) and Microsoft Remote Desktop Protocol (RDP). In an IPv6 environment, it can natively load-balance HTTP, HTTPS, and SSL protocols. It has generic protocol parsing capabilities that enable the configuration of application switching and persistence policies based on any information in the traffic payload for custom and packaged applications without requiring any programming.
The Cisco ACE30 supports translation and load balancing between IPv4 and IPv6 networks and provides flexibility to customers in planning their IPv6 migrations.
Predictors or load-balancing algorithms enable the Cisco ACE30 to select the best server to satisfy a client request.
Persistence and stickiness
Stickiness allows the same client to maintain multiple simultaneous or subsequent TCP or IP connections with the same real server for the duration of a session.
Stateful failover capabilities help ensure resilient network protection for enterprise network environments. The Cisco ACE30 integrates with Cisco GSS to provide a multiple data center scaling and failover system.
Server health monitoring
The Cisco ACE30 checks the health of application servers and server farms through configuration of health probes.
The Cisco ACE30 delivers up to 6-Gbps hardware-accelerated data compression and provides fast application performance for application users.
The Cisco ACE30 integrates SSL acceleration technology, which offloads the encryption and decryption of SSL traffic from external devices (servers, appliances, etc.), thereby allowing Cisco ACE to look more deeply into encrypted data and apply security and application switching policies and help ensure compliance with internal and external regulations.
The Cisco ACE30 directs website traffic in the most efficient manner by analyzing and directing incoming traffic at the request level. These capabilities enable highly specific application-layer policy and offload TCP processing from the web servers, saving CPU cycles.
Data center security
The Cisco ACE30 protects the data center and critical applications from protocol and denial-of-service (DoS) attacks and encrypts mission-critical content.
The Cisco ACE30 provides deep protocol inspection capabilities, which enables IT professionals to comprehensively secure high-value applications in the data center. It secures mission-critical applications and protects against identity theft, data theft, application disruption, and fraud and defends web-based applications and transactions against targeted attacks by professional hackers.
Virtual contexts provide a means for creating resource segmentation and isolation, allowing the Cisco ACE30 to act as if it were several individual virtual appliances within a single physical appliance. Virtual contexts enable organizations to provide defined levels of service to up to 250 business departments, applications, or customers and partners from a single Cisco ACE appliance.
Role-based access control (RBAC)
RBAC allows organizations to specify administrative roles and restrict administrators to specific functions within the appliance or virtual contexts, allowing each administrator group to freely perform its tasks without affecting the other groups.
Deployment and Management
Through consolidation of application switching, SSL acceleration, data center security, and other functions on one device, the Cisco ACE30 helps achieve better application performance, with fewer devices, simpler network designs, and easier management.
By default, the Cisco ACE30 supports virtualization with one administrator context and 250 user contexts, 30,000 SSL transactions per second (TPS), and up to 6 Gbps of compression. The default throughput can be increased to up to 16 Gbps without the need for new equipment, through software license upgrades.
Cisco ANM supports the management of virtual contexts and hierarchical management domains across multiple Cisco ACE30 modules. This server-based management suite discovers, provisions, monitors, and reports across many virtual contexts on multiple Cisco ACE30 Modules, making deployment transparent.
Table 2 presents the performance specifications for the Cisco ACE30.
Table 2. Product Performance Specifications
Maximum Performance and Configuration
4, 8, or 16 Gbps
4 or 6 Gbps (using GZIP or Deflate)
Up to 30,000 TPS using 1024-bit keys
Maximum number of Layer 4 connections per second
500,000 complete transactions sustained rate
Maximum number of Layer 7 connections per second
200,000 complete transactions sustained rate
Table 3 presents the product specifications for the Cisco ACE30.
Table 3. Product Specifications
Chassis slots required
Occupies 1 slot in the chassis
Dimensions (H x W x D)
1.75 x 15.51 x 16.34 in. (44.45 x 394 x 415 mm)
11 lb (4.98 kg)
Ambient operating temperature
32 to 104°F (0 to 40°C)
Ambient nonoperating temperature
-40 to 158°F (-40 to 70°C)
Operating relative humidity
10 to 85%
Nonoperating relative humidity
5 to 95%
Certified for operation
0 to 6500 ft (0 to 2000m)
Designed and tested for operation
-200 to 10000 ft (-60 to 3000m)
SR-3580-NEBS: Criteria Levels (Level 3 compliant)
GR-63-CORE-NEBS: Physical Protection
GR-1089-CORE-NEBS: EMC and Safety
FCC Part 15 (CFR 47) Class A or B
ICES-003 Class A or B
EN55022 Class A or B
CISPR22 Class A or B
AS/NZS CISPR22 Class A or B
VCCI Class A or B
Can/CSA-C22.2 No. 60950
AS/NZS 60950 TS001
Table 4 lists system requirements for the Cisco Catalyst 6500 Series Switches used with the Cisco ACE30, and Table 5 lists requirements for the Cisco 7600 Series Routers.
Table 4. Cisco Catalyst 6500 Series System Requirements for the Cisco ACE30 Module