Re: [squid-users] WCCP mask bits

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 08 Jun 2011 16:30:00 +1200

 On Tue, 7 Jun 2011 10:05:18 -0400, Shoebottom, Bryan wrote:
> Guys,
>
> I have a pair of proxies in L2 mode and have been advised by Cisco to
> reduce the bit mask for WCCP due to some TCAM issues I have been
> running into.  I have searched around, and can't seem to find a way
> to
> do this.  Here's some info from Cisco's WAAS product to help explain
> this a little better:
>
>
> http://docwiki.cisco.com/wiki/Cisco_WAAS_Troubleshooting_Guide_for_Release_4.1.3_and_Later_--_Troubleshooting_WCCP
>
> "Use the smallest number of mask bits possible when using WCCP
> redirect ACL. A smaller number of mask bits when used in conjunction
> with Redirect ACL results in lower TCAM utilization. If there are 1-2
> WCCP clients in a cluster, use one bit. If there are 3-4 WCCP
> clients,
> use 2 bits. If there are 5-8 WCCP clients, then use 3 bits and so
> on."
>
> "The TCAM resources consumed by a WCCP redirect access-list is a
> product of the content of that ACL multiplied against the configured
> WCCP bit mask. Therefore, there is contention between the number of
> WCCP buckets (which are created based on the mask) and the number of
> entries in the redirect ACL. For example, a mask of 0xF (4 bits) and
> a
> 200 line redirect permit ACL may result in 3200 (2^4 x 200) TCAM
> entries. Reducing the mask to 0x7 (3 bits) reduces the TCAM usage by
> 50% (2^3 x 200 = 1600)."
>
>
>
> I do have a redirect list and try to keep it as small as possible. 
> Here is what my bucket distribution looks like with 1 server attached
> (64 buckets):
>
> Switch#sho ip wcc we d
> WCCP Client information:
>                 WCCP Client ID:          192.168.1.1
>                 Protocol Version:        2.0
>                 State:                   Usable
>                 Redirection:             L2
>                 Packet Return:           L2
>                 Packets Redirected:    27
>                 Connect Time:          00:28:54
>                 Assignment:            MASK
>
>                 Mask  SrcAddr    DstAddr    SrcPort DstPort
>                 ----  -------    -------    ------- -------
>                 0000: 0x00000000 0x00001741 0x0000  0x0000
>
>                 Value SrcAddr    DstAddr    SrcPort DstPort CE-IP
>                 ----- -------    -------    ------- ------- -----
>                 0000: 0x00000000 0x00000000 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0001: 0x00000000 0x00000001 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
 <snip, interesting pattern of masking>
>                 0056: 0x00000000 0x00001600 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0057: 0x00000000 0x00001601 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0058: 0x00000000 0x00001640 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0059: 0x00000000 0x00001641 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0060: 0x00000000 0x00001700 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0061: 0x00000000 0x00001701 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0062: 0x00000000 0x00001740 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>                 0063: 0x00000000 0x00001741 0x0000  0x0000 
> 0xC0A80101 (192.168.1.1)
>
> Switch#
>
>
> The goal is to reduce this to a bit mask of 1 allowing for 2
> servers.  How can I do this within squid?

 You should be able to configure the Squid wccp2_service_info flags to
 create a custom dynamic mask.

 ... HOWEVER:

 In looking up where that long table came from I see Squid's WCCPv2
 service masking appears to be seriously broken. If you will indicate
 which version of Squid this is please I'll see about getting you a patch
 to fix it so the service flags actually work.

 Amos
Received on Wed Jun 08 2011 - 04:30:05 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 17 2011 - 12:00:02 MDT