[squid-users] WCCP mask bits

From: Shoebottom, Bryan <BShoebottom_at_fanshawec.ca>
Date: Tue, 7 Jun 2011 10:05:18 -0400

Guys,

I have a pair of proxies in L2 mode and have been advised by Cisco to reduce the bit mask for WCCP due to some TCAM issues I have been running into.  I have searched around, and can't seem to find a way to do this.  Here's some info from Cisco's WAAS product to help explain this a little better:

http://docwiki.cisco.com/wiki/Cisco_WAAS_Troubleshooting_Guide_for_Release_4.1.3_and_Later_--_Troubleshooting_WCCP

"Use the smallest number of mask bits possible when using WCCP redirect ACL. A smaller number of mask bits when used in conjunction with Redirect ACL results in lower TCAM utilization. If there are 1-2 WCCP clients in a cluster, use one bit. If there are 3-4 WCCP clients, use 2 bits. If there are 5-8 WCCP clients, then use 3 bits and so on."

"The TCAM resources consumed by a WCCP redirect access-list is a product of the content of that ACL multiplied against the configured WCCP bit mask. Therefore, there is contention between the number of WCCP buckets (which are created based on the mask) and the number of entries in the redirect ACL. For example, a mask of 0xF (4 bits) and a 200 line redirect permit ACL may result in 3200 (2^4 x 200) TCAM entries. Reducing the mask to 0x7 (3 bits) reduces the TCAM usage by 50% (2^3 x 200 = 1600)."

I do have a redirect list and try to keep it as small as possible.  Here is what my bucket distribution looks like with 1 server attached (64 buckets):

Switch#sho ip wcc we d
WCCP Client information:
                WCCP Client ID:          192.168.1.1
                Protocol Version:        2.0
                State:                   Usable
                Redirection:             L2
                Packet Return:           L2
                Packets Redirected:    27
                Connect Time:          00:28:54
                Assignment:            MASK

                Mask  SrcAddr    DstAddr    SrcPort DstPort
                ----  -------    -------    ------- -------
                0000: 0x00000000 0x00001741 0x0000  0x0000

                Value SrcAddr    DstAddr    SrcPort DstPort CE-IP
                ----- -------    -------    ------- ------- -----
                0000: 0x00000000 0x00000000 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0001: 0x00000000 0x00000001 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0002: 0x00000000 0x00000040 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0003: 0x00000000 0x00000041 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0004: 0x00000000 0x00000100 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0005: 0x00000000 0x00000101 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0006: 0x00000000 0x00000140 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0007: 0x00000000 0x00000141 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0008: 0x00000000 0x00000200 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0009: 0x00000000 0x00000201 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0010: 0x00000000 0x00000240 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0011: 0x00000000 0x00000241 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0012: 0x00000000 0x00000300 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0013: 0x00000000 0x00000301 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0014: 0x00000000 0x00000340 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0015: 0x00000000 0x00000341 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0016: 0x00000000 0x00000400 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0017: 0x00000000 0x00000401 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0018: 0x00000000 0x00000440 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0019: 0x00000000 0x00000441 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0020: 0x00000000 0x00000500 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0021: 0x00000000 0x00000501 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0022: 0x00000000 0x00000540 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0023: 0x00000000 0x00000541 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0024: 0x00000000 0x00000600 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0025: 0x00000000 0x00000601 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0026: 0x00000000 0x00000640 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0027: 0x00000000 0x00000641 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0028: 0x00000000 0x00000700 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0029: 0x00000000 0x00000701 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0030: 0x00000000 0x00000740 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0031: 0x00000000 0x00000741 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0032: 0x00000000 0x00001000 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0033: 0x00000000 0x00001001 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0034: 0x00000000 0x00001040 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0035: 0x00000000 0x00001041 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0036: 0x00000000 0x00001100 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0037: 0x00000000 0x00001101 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0038: 0x00000000 0x00001140 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0039: 0x00000000 0x00001141 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0040: 0x00000000 0x00001200 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0041: 0x00000000 0x00001201 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0042: 0x00000000 0x00001240 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0043: 0x00000000 0x00001241 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0044: 0x00000000 0x00001300 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0045: 0x00000000 0x00001301 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0046: 0x00000000 0x00001340 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0047: 0x00000000 0x00001341 0x0000  0x0000  0xC0A80101 (192.168.1.1)
        0048: 0x00000000 0x00001400 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0049: 0x00000000 0x00001401 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0050: 0x00000000 0x00001440 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0051: 0x00000000 0x00001441 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0052: 0x00000000 0x00001500 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0053: 0x00000000 0x00001501 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0054: 0x00000000 0x00001540 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0055: 0x00000000 0x00001541 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0056: 0x00000000 0x00001600 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0057: 0x00000000 0x00001601 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0058: 0x00000000 0x00001640 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0059: 0x00000000 0x00001641 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0060: 0x00000000 0x00001700 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0061: 0x00000000 0x00001701 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0062: 0x00000000 0x00001740 0x0000  0x0000  0xC0A80101 (192.168.1.1)
                0063: 0x00000000 0x00001741 0x0000  0x0000  0xC0A80101 (192.168.1.1)

Switch#

The goal is to reduce this to a bit mask of 1 allowing for 2 servers.  How can I do this within squid? 

--
Thanks,
Bryan Shoebottom
Network & Systems Specialist
Network Services & Computer Operations Fanshawe College
Phone:  (519) 452-4430 x4904
Fax:  (519) 453-3231
BShoebottom_at_fanshawec.ca
Received on Tue Jun 07 2011 - 14:05:24 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 13 2011 - 12:00:02 MDT