[nsp] 7600 IOS SLB/WCCP for transparent cache
Clinton Work
work@scripty.com
Wed, 20 Nov 2002 22:49:09 -0700
Is there a way to tell which method is being used?
Thanks for the additional WCCP details. The CCO doesn't have a lot of
detail about 6500 WCCP support.
msfc2#show ip wccp 10 detail
IP Address: x.x.x.x
Protocol Version: 2.0
State: Usable
Redirection: L2
Initial Hash Info: 00000000000000000000000000000000
00000000000000000000000000000000
Assigned Hash Info: 00000000000000000000000000000000
0000000000000000FFFFFFFFFFFFFFFF
Hash Allotment: 64 (25.00%)
Packets Redirected: 82250947
Connect Time: 1d01h
...
msfc2#show ip wccp
Global WCCP information:
Router information:
Router Identifier: x.x.x.x
Protocol Version: 2.0
Service Identifier: 10
Number of Cache Engines: 4
Number of routers: 3
Total Packets Redirected: 2066400846
Redirect access-list: 195
Total Packets Denied Redirect: 1233208043
Total Packets Unassigned: 7217203
Group access-list: 99
Total Messages Denied to Group: 0
Total Authentication failures: 0
Service Identifier: 11
Number of Cache Engines: 4
Number of routers: 3
Total Packets Redirected: 189688704
Redirect access-list: 196
Total Packets Denied Redirect: 114052061
Total Packets Unassigned: 662994
Group access-list: 99
Total Messages Denied to Group: 0
Total Authentication failures: 0
On Thu, Nov 21, 2002 at 02:05:10PM +1100, Lincoln Dale wrote:
> if your caching vendor supports both the L2-redirect and "Mask Assignment"
> method of WCCP, and you at least have a Supervisor 2, WCCP can be processed
> entirely in hardware (in the PFC).
> under the above scenario, none of those packets would touch any
> software-forwarding path at all.
>
> for WCCP, assuming a recent version of IOS, you end up of a matrix as
> follows:
>
> WCCPv2:
> Supervisor Redirect_Method Hash_Method Forwarding_Path_Used
> ---------- ------------ ----------
> -----------------
> Sup1 GRE XOR Software-switched
> on MSFC
> Sup1 L2 Rewrite XOR MLS; first-packet
> in s/w, subsequent packets hardware switched (flow)
>
> Sup2 GRE XOR Software-switched
> on MSFC
> Sup2 GRE Mask Assign Software-switched
> on MSFC
> Sup2 L2 Rewrite XOR MLS; first-packet
> in s/w, subsequent packets hardware switched (flow)
> Sup2 L2 Rewrite Mask Assign Hardware-switched
> in PFC
>
> on a Sup2, all non-intercepted traffic will continue to be switched with
> CEF in hardware.
> in terms of a Sup2 performing MLS-switching of redirected traffic, that
> will be using up MLS-cache (hardware-flow-switching) entries on the PFC.
>
> obviously, from the above table, Sup2 + L2_Rewrite + Mask_Assignment is the
> ideal solution -- and can scale to the maximum performance of the chassis.
>
>
> hope this helps.
>
> cheers,
>
> lincoln.
>
> At 10:30 AM 19/11/2002 -0700, Clinton Work wrote:
>
> >One of our 6500 Native IOS routers is doing WCCP V2 redirection
> >for around 500Mbps of traffic at peak. I would guess that about 125Mbps of
> >that
> >traffic is HTTP traffic which gets redirected to the web-caches. The MSFC2
> >CPU impact is high (> 50%), but I have a case open with Cisco right now to
> >determine why.
> >
> >Only doing HTTP redirection at this point, but we could do other protocols.
> >
> >On Tue, Nov 19, 2002 at 06:02:36PM +0200, Arie Vayner wrote:
> >> Hi
> >>
> >> Can you please say how much traffic did it take?
> >> Did you do HTTP only, or did you do other stuff as well?
> >>
> >> Arie
> >>
> >> On Sun, 17 Nov 2002, Clinton Work wrote:
> >>
> >> >
> >> > I have used 6500s running both Native and Hybrid IOS to do WCCP V2
> >redirection
> >> > for transparent web-caching. The PFC2 is designed to support layer2
> >WCCP redirection
> >> > in hardware. Network appliance web-caches can to transparent caching
> >with
> >> > IP spoofing using WCCP V2 redirection. Long redirection ACLs or vlan
> >interfaces
> >> > under Native IOS may force the redirection into software on the
> >MSFC2. You can
> >> > build in full redundancy, but it adds a lot of complexity to the WCCP
> >configuration.
> >> >
> >> >
> >> > 12.1E release notes when WCCP V2 support was added
> >> >
> >http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/ol_2310.htm#xtocid146
> >> >
> >> > Configuring WCCP in IOS 12.1:
> >> >
> >http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt3/fcd305.htm
> >> >
> >> > WCCP inbound redirection (12.1E feature):
> >> >
> >http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1833/products_feature_guide09186a00800d6a3e.html
> >> >
> >> > On Sat, Nov 16, 2002 at 11:57:49PM +0200, Arie Vayner wrote:
> >> > > Hi
> >> > >
> >> > > I am investigating an option of using our 7600 to do transparent
> >proxy
> >> > > redirection.
> >> > >
> >> > > I could not find anything special on Cisco's website except a short
> >> > > paragraph saying:
> >> > >
> >> > > "Transparent Webcache Load Balancing
> >> > > IOS SLB can load-balance HTTP flows across a cluster of transparent
> >> > > webcaches. To set up this function, configure the subnet IP addresses
> >> > > served by the transparent webcaches, or some common subset of them,
> >as
> >> > > virtual servers. Virtual servers used for transparent webcache load
> >> > > balancing do not answer pings on behalf of the subnet IP addresses,
> >and
> >> > > they do not affect traceroute.
> >> > >
> >> > > In some cases, such as when its cache does not contain needed pages,
> >a
> >> > > webcache might need to initiate its own connections to the
> >Internet. Those
> >> > > connections should not be load-balanced back to the same set of
> >webcaches.
> >> > > To address this need, IOS SLB allows you to configure client exclude
> >> > > statements, which exclude connections initiated by the webcaches
> >from the
> >> > > load-balancing scheme."
> >> > >
> >> > >
> >> > > Does any one do it? Can I do it for other protocols except HTTP?
> >> > > Would IP spoofing be supported (where the server is using the
> >client's
> >> > > source IP)?
> >> > >
> >> > > Any ideas?
> >> > >
> >> > > Arie
> >> > >
> >> > > _______________________________________________
> >> > > cisco-nsp mailing list real_name)s@puck.nether.net
> >> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> >> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >> >
> >> >
> >>
> >
> >--
> >=========================================================================
> >Clinton Work clinton@scripty.com
> >Calgary, Alberta
> >_______________________________________________
> >cisco-nsp mailing list real_name)s@puck.nether.net
> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
=========================================================================
Clinton Work clinton@scripty.com
Calgary, Alberta