[c-nsp] WCCPv2 Cisco 7600 + mask assignment problems

Lincoln Dale (ltd) ltd at cisco.com
Mon Sep 11 04:51:31 EDT 2006 

g'day Mark,

> As far as I know C7600 will support various combinations of L2/GRE
> forwarding and hash/mask assignment for WCCP v2. I assume you are
> running 12.2SXF?  WCCP is negotiated between 7600 and your squid.  So
if
> squid doesn't support MASK (afaik it does not, but may be wrong), then
> 7600 will fallback to HASH. Same for L2/GRE.  Note that on 7600, the
> L2/MASK combination is supported fully in hardware in the PFC, while
> other combinations result in various levels of software forwarding via
> the MSFC, which is when you need to keep a watch on the CPU of your
7600

pretty much it.

there are numerous permutations (and 2x these if a WCCP-enabled box
supports/uses significant amounts of WCCP return-traffic), but the basic
matrix for 6500/7600 is one of:

 1. GRE forward + XOR-hash-traffic-allocation =
	ACL entries are automatically created to cause packets matching
your
	intercept policy to be punted to software (MSFC) for processing

	punted packets are fast-switched in software (MSFC) to web-cache

	all other traffic will remain in CEF switched hardware path
      (PFC2 / PFC3).

	result: your c6k/7600, which is otherwise capable of forwarding
	over 100M PPS is now limited to ~200-400K PPS intercepted
pkts/sec

 2. L2 forward + XOR-hash-traffic-allocation =
	ACL entries are automatically created to cause packets matching
your
	intercept policy to be punted to software (MSFC) for processing

	first punted packet in a flow is fast-switched in software
(MSFC) to
	web-cache

	software will install a MLS cache entry so subsequent packets in
	the flow are MLS-switched in hardware (at the cost of one MLS
cache
	entry/flow).  this is ok provided you don't fill the MLS cache.
      (128K/256K/512K entries depending on what PFC you have).

	all other traffic will be CEF switched in hardware

	result: your c6k/7600, which is otherwise capable of forwarding
	over 100M PPS is now limited to ~4-5Gbps intercepted pkts/sec
	before MLS cache is exhausted

3. L2 forward + hash-mask =
	all forwarding always stays in CEF hardware switching path

	result: your c6k/7600 stays at maximum performance regardless
      of # of intercepted packets, # of flows, duration of flows etc.


obviously #3 is the most desirable - and that is what Steve is working
to implement in squid.
squid today can only do #1/#2.

(of course, with squid, its debatable whether _it_ can handle the
potential load offered by #3.  but at least #3 doesn't cause the
router/switch to overload).



cheers,

lincoln.

More information about the cisco-nsp mailing list