[c-nsp] WCCPv2 Cisco 7600 + mask assignment problems

Dean Smith dean at eatworms.org.uk
Mon Sep 11 14:12:00 EDT 2006 

What's the best real world performance seen on a 7600/6500 with WCCP ? We
moved away from 6500+Sup2+WCCP when we hit TCAM issues.

We've maxed out a 7200-G1 with about 500 Mb/s of traffic delivered to
clients - That's a 3 legged config. Clients / Caches / Internet.

We're currently looking at using the ACE to deliver 2.5Gb/s+ of cached
traffic.

We'd be using other ACE features aswell so its no purely for the
redirect...but WCCP might save us a bigger throughput licence on the ACE ;-)

Dean

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lincoln Dale (ltd)
Sent: 11 September 2006 09:52
To: Mark Pace Balzan; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] WCCPv2 Cisco 7600 + mask assignment problems

g'day Mark,

> As far as I know C7600 will support various combinations of L2/GRE 
> forwarding and hash/mask assignment for WCCP v2. I assume you are 
> running 12.2SXF?  WCCP is negotiated between 7600 and your squid.  So
if
> squid doesn't support MASK (afaik it does not, but may be wrong), then 
> 7600 will fallback to HASH. Same for L2/GRE.  Note that on 7600, the 
> L2/MASK combination is supported fully in hardware in the PFC, while 
> other combinations result in various levels of software forwarding via 
> the MSFC, which is when you need to keep a watch on the CPU of your
7600

pretty much it.

there are numerous permutations (and 2x these if a WCCP-enabled box
supports/uses significant amounts of WCCP return-traffic), but the basic
matrix for 6500/7600 is one of:

 1. GRE forward + XOR-hash-traffic-allocation =
	ACL entries are automatically created to cause packets matching your
	intercept policy to be punted to software (MSFC) for processing

	punted packets are fast-switched in software (MSFC) to web-cache

	all other traffic will remain in CEF switched hardware path
      (PFC2 / PFC3).

	result: your c6k/7600, which is otherwise capable of forwarding
	over 100M PPS is now limited to ~200-400K PPS intercepted pkts/sec

 2. L2 forward + XOR-hash-traffic-allocation =
	ACL entries are automatically created to cause packets matching your
	intercept policy to be punted to software (MSFC) for processing

	first punted packet in a flow is fast-switched in software
(MSFC) to
	web-cache

	software will install a MLS cache entry so subsequent packets in
	the flow are MLS-switched in hardware (at the cost of one MLS cache
	entry/flow).  this is ok provided you don't fill the MLS cache.
      (128K/256K/512K entries depending on what PFC you have).

	all other traffic will be CEF switched in hardware

	result: your c6k/7600, which is otherwise capable of forwarding
	over 100M PPS is now limited to ~4-5Gbps intercepted pkts/sec
	before MLS cache is exhausted

3. L2 forward + hash-mask =
	all forwarding always stays in CEF hardware switching path

	result: your c6k/7600 stays at maximum performance regardless
      of # of intercepted packets, # of flows, duration of flows etc.


obviously #3 is the most desirable - and that is what Steve is working to
implement in squid.
squid today can only do #1/#2.

(of course, with squid, its debatable whether _it_ can handle the potential
load offered by #3.  but at least #3 doesn't cause the router/switch to
overload).



cheers,

lincoln.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list