On Tue, 7 Jun 2011 10:05:18 -0400, Shoebottom, Bryan wrote:
> Guys,
>
> I have a pair of proxies in L2 mode and have been advised by Cisco to
> reduce the bit mask for WCCP due to some TCAM issues I have been
> running into. I have searched around, and can't seem to find a way
> to
> do this. Here's some info from Cisco's WAAS product to help explain
> this a little better:
>
>
> http://docwiki.cisco.com/wiki/Cisco_WAAS_Troubleshooting_Guide_for_Release_4.1.3_and_Later_--_Troubleshooting_WCCP
>
> "Use the smallest number of mask bits possible when using WCCP
> redirect ACL. A smaller number of mask bits when used in conjunction
> with Redirect ACL results in lower TCAM utilization. If there are 1-2
> WCCP clients in a cluster, use one bit. If there are 3-4 WCCP
> clients,
> use 2 bits. If there are 5-8 WCCP clients, then use 3 bits and so
> on."
>
> "The TCAM resources consumed by a WCCP redirect access-list is a
> product of the content of that ACL multiplied against the configured
> WCCP bit mask. Therefore, there is contention between the number of
> WCCP buckets (which are created based on the mask) and the number of
> entries in the redirect ACL. For example, a mask of 0xF (4 bits) and
> a
> 200 line redirect permit ACL may result in 3200 (2^4 x 200) TCAM
> entries. Reducing the mask to 0x7 (3 bits) reduces the TCAM usage by
> 50% (2^3 x 200 = 1600)."
>
>
>
> I do have a redirect list and try to keep it as small as possible.
> Here is what my bucket distribution looks like with 1 server attached
> (64 buckets):
>
> Switch#sho ip wcc we d
> WCCP Client information:
> WCCP Client ID: 192.168.1.1
> Protocol Version: 2.0
> State: Usable
> Redirection: L2
> Packet Return: L2
> Packets Redirected: 27
> Connect Time: 00:28:54
> Assignment: MASK
>
> Mask SrcAddr DstAddr SrcPort DstPort
> ---- ------- ------- ------- -------
> 0000: 0x00000000 0x00001741 0x0000 0x0000
>
> Value SrcAddr DstAddr SrcPort DstPort CE-IP
> ----- ------- ------- ------- ------- -----
> 0000: 0x00000000 0x00000000 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0001: 0x00000000 0x00000001 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
<snip, interesting pattern of masking>
> 0056: 0x00000000 0x00001600 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0057: 0x00000000 0x00001601 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0058: 0x00000000 0x00001640 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0059: 0x00000000 0x00001641 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0060: 0x00000000 0x00001700 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0061: 0x00000000 0x00001701 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0062: 0x00000000 0x00001740 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
> 0063: 0x00000000 0x00001741 0x0000 0x0000
> 0xC0A80101 (192.168.1.1)
>
> Switch#
>
>
> The goal is to reduce this to a bit mask of 1 allowing for 2
> servers. How can I do this within squid?
You should be able to configure the Squid wccp2_service_info flags to
create a custom dynamic mask.
... HOWEVER:
In looking up where that long table came from I see Squid's WCCPv2
service masking appears to be seriously broken. If you will indicate
which version of Squid this is please I'll see about getting you a patch
to fix it so the service flags actually work.
Amos
Received on Wed Jun 08 2011 - 04:30:05 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 17 2011 - 12:00:02 MDT