[c-nsp] WCCPv2 - what happens to existing connections when redirect-list is modified?
Dale Shaw
dale.shaw+cisco-nsp at gmail.com
Fri May 22 22:16:43 EDT 2009
Hi Brad,
On Sat, May 23, 2009 at 11:53 AM, Brad Hedlund <brhedlun at cisco.com> wrote:
>
> One thing you could do to make this transition hitless would be to first
> apply "No Optimization" policies in your WAAS appliances for the flows in
> question (VoIP call signaling).
>
> Once this is done any new flows will go into "pass through" mode on WAAS
> while existing flows are still optimized. When all existing flows
> eventually close you have no optimized connections for this traffic and you
> can at this point apply your WCCP redirect list with no impact -- result #2.
Thanks for the suggestion -- I'll look into it.
Hopefully the TCP flows in question are short-lived. I have a feeling,
though, that at least some of them come up and stay up.
This is something I've observed, actually. When we do WAAS maintenance
(firmware updates, code updates), we typically take the WAE out of
service with "no wccp version 2" after setting the WCCP shutdown wait
time to something really high - the max of 86400 seconds usually. This
is an attempt to reduce the impact of reloading the WAE. More often
than not, though, there are zillions of long-lived TCP sessions that
we have no choice but to zap 'cause we can't wait forever. Looking at
the connection stats, some TCP sessions last for days, weeks..
It'd be way cool if there was a way to gracefully hand off existing
flows to another WAAS in the same group. I guess that would require
some kind of state tracking between WAEs, similar to PIX/ASA
connection state sync, or even stateful NAT.
On a related note, we had a head-end WAE die most ungracefully the
other day. The fixed WCCPv2 timers meant that we were black-holing
traffic for something like 30 seconds. This is why I'm looking at
removing some traffic with the redirect-list. We've got some end
systems that do not cope at all well when their precious TCP
connection goes away.
cheers,
Dale
More information about the cisco-nsp
mailing list