[nsp] 7600 IOS SLB/WCCP for transparent cache

Lincoln Dale ltd@cisco.com
Thu, 21 Nov 2002 14:05:10 +1100 

if your caching vendor supports both the L2-redirect and "Mask Assignment" 
method of WCCP, and you at least have a Supervisor 2, WCCP can be processed 
entirely in hardware (in the PFC).
under the above scenario, none of those packets would touch any 
software-forwarding path at all.

for WCCP, assuming a recent version of IOS, you end up of a matrix as follows:

WCCPv2:
Supervisor      Redirect_Method Hash_Method     Forwarding_Path_Used
----------      ------------            ---------- 
-----------------
Sup1            GRE                     XOR             Software-switched 
on MSFC
Sup1            L2 Rewrite              XOR             MLS; first-packet 
in s/w, subsequent packets hardware switched (flow)

Sup2            GRE                     XOR             Software-switched 
on MSFC
Sup2            GRE                     Mask Assign     Software-switched 
on MSFC
Sup2            L2 Rewrite              XOR             MLS; first-packet 
in s/w, subsequent packets hardware switched (flow)
Sup2            L2 Rewrite              Mask Assign     Hardware-switched 
in PFC

on a Sup2, all non-intercepted traffic will continue to be switched with 
CEF in hardware.
in terms of a Sup2 performing MLS-switching of redirected traffic, that 
will be using up MLS-cache (hardware-flow-switching) entries on the PFC.

obviously, from the above table, Sup2 + L2_Rewrite + Mask_Assignment is the 
ideal solution -- and can scale to the maximum performance of the chassis.


hope this helps.

cheers,

lincoln.

At 10:30 AM 19/11/2002 -0700, Clinton Work wrote:

>One of our 6500 Native IOS routers is doing WCCP V2 redirection
>for around 500Mbps of traffic at peak. I would guess that about 125Mbps of 
>that
>traffic is HTTP traffic which gets redirected to the web-caches. The MSFC2
>CPU impact is high (> 50%), but I have a case open with Cisco right now to
>determine why.
>
>Only doing HTTP redirection at this point, but we could do other protocols.
>
>On Tue, Nov 19, 2002 at 06:02:36PM +0200, Arie Vayner wrote:
> > Hi
> >
> > Can you please say how much traffic did it take?
> > Did you do HTTP only, or did you do other stuff as well?
> >
> > Arie
> >
> > On Sun, 17 Nov 2002, Clinton Work wrote:
> >
> > >
> > > I have used 6500s running both Native and Hybrid IOS to do WCCP V2 
> redirection
> > > for transparent web-caching. The PFC2 is designed to support layer2 
> WCCP redirection
> > > in hardware. Network appliance web-caches can to transparent caching with
> > > IP spoofing using WCCP V2 redirection. Long redirection ACLs or vlan 
> interfaces
> > > under Native IOS may force the redirection into software on the 
> MSFC2. You can
> > > build in full redundancy, but it adds a lot of complexity to the WCCP 
> configuration.
> > >
> > >
> > > 12.1E release notes when WCCP V2 support was added
> > > 
> http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/ol_2310.htm#xtocid146
> > >
> > > Configuring WCCP in IOS 12.1:
> > > 
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt3/fcd305.htm
> > >
> > > WCCP inbound redirection (12.1E feature):
> > > 
> http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1833/products_feature_guide09186a00800d6a3e.html
> > >
> > > On Sat, Nov 16, 2002 at 11:57:49PM +0200, Arie Vayner wrote:
> > > > Hi
> > > >
> > > > I am investigating an option of using our 7600 to do transparent proxy
> > > > redirection.
> > > >
> > > > I could not find anything special on Cisco's website except a short
> > > > paragraph saying:
> > > >
> > > > "Transparent Webcache Load Balancing
> > > > IOS SLB can load-balance HTTP flows across a cluster of transparent
> > > > webcaches. To set up this function, configure the subnet IP addresses
> > > > served by the transparent webcaches, or some common subset of them, as
> > > > virtual servers. Virtual servers used for transparent webcache load
> > > > balancing do not answer pings on behalf of the subnet IP addresses, 
> and
> > > > they do not affect traceroute.
> > > >
> > > > In some cases, such as when its cache does not contain needed pages, a
> > > > webcache might need to initiate its own connections to the 
> Internet. Those
> > > > connections should not be load-balanced back to the same set of 
> webcaches.
> > > > To address this need, IOS SLB allows you to configure client exclude
> > > > statements, which exclude connections initiated by the webcaches 
> from the
> > > > load-balancing scheme."
> > > >
> > > >
> > > > Does any one do it? Can I do it for other protocols except HTTP?
> > > > Would IP spoofing be supported (where the server is using the client's
> > > > source IP)?
> > > >
> > > > Any ideas?
> > > >
> > > > Arie
> > > >
> > > > _______________________________________________
> > > > cisco-nsp mailing list  real_name)s@puck.nether.net
> > > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >
> >
>
>--
>=========================================================================
>Clinton Work                                        clinton@scripty.com
>Calgary, Alberta
>_______________________________________________
>cisco-nsp mailing list  real_name)s@puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/