Re: WCCP mask bits

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

On Tue, 7 Jun 2011 10:05:18 -0400, Shoebottom, Bryan wrote:
> Guys,
>
> I have a pair of proxies in L2 mode and have been advised by Cisco to
> reduce the bit mask for WCCP due to some TCAM issues I have been
> running into. I have searched around, and can't seem to find a way 
> to
> do this. Here's some info from Cisco's WAAS product to help explain
> this a little better:
>
>
> http://docwiki.cisco.com/wiki/Cisco_WAAS_Troubleshooting_Guide_for_Release_4.1.3_and_Later_--_Troubleshooting_WCCP
>
> "Use the smallest number of mask bits possible when using WCCP
> redirect ACL. A smaller number of mask bits when used in conjunction
> with Redirect ACL results in lower TCAM utilization. If there are 1-2
> WCCP clients in a cluster, use one bit. If there are 3-4 WCCP 
> clients,
> use 2 bits. If there are 5-8 WCCP clients, then use 3 bits and so 
> on."
>
> "The TCAM resources consumed by a WCCP redirect access-list is a
> product of the content of that ACL multiplied against the configured
> WCCP bit mask. Therefore, there is contention between the number of
> WCCP buckets (which are created based on the mask) and the number of
> entries in the redirect ACL. For example, a mask of 0xF (4 bits) and 
> a
> 200 line redirect permit ACL may result in 3200 (2^4 x 200) TCAM
> entries. Reducing the mask to 0x7 (3 bits) reduces the TCAM usage by
> 50% (2^3 x 200 = 1600)."
>
>
>
> I do have a redirect list and try to keep it as small as possible.Â
> Here is what my bucket distribution looks like with 1 server attached
> (64 buckets):
>
> Switch#sho ip wcc we d
> WCCP Client information:
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ WCCP Client ID:ÂÂÂÂÂÂÂÂÂ 192.168.1.1
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Protocol Version:ÂÂÂÂÂÂÂ 2.0
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ State:ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Usable
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Redirection:ÂÂÂÂÂÂÂÂÂÂÂÂ L2
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Packet Return:ÂÂÂÂÂÂÂÂÂÂ L2
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Packets Redirected:ÂÂÂ 27
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Connect Time:ÂÂÂÂÂÂÂÂÂ 00:28:54
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Assignment:ÂÂÂÂÂÂÂÂÂÂÂ MASK
>
>  Mask SrcAddr DstAddr SrcPort DstPort
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ----Â -------ÂÂÂ -------ÂÂÂ ------- -------
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0000: 0x00000000 0x00001741 0x0000Â 0x0000
>
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Value SrcAddrÂÂÂ DstAddrÂÂÂ SrcPort DstPort CE-IP
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ----- -------ÂÂÂ -------ÂÂÂ ------- ------- -----
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0000: 0x00000000 0x00000000 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0001: 0x00000000 0x00000001 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
<snip, interesting pattern of masking>
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0056: 0x00000000 0x00001600 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0057: 0x00000000 0x00001601 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0058: 0x00000000 0x00001640 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0059: 0x00000000 0x00001641 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0060: 0x00000000 0x00001700 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0061: 0x00000000 0x00001701 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0062: 0x00000000 0x00001740 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0063: 0x00000000 0x00001741 0x0000Â 0x0000Â
> 0xC0A80101 (192.168.1.1)
>
> Switch#
>
>
> The goal is to reduce this to a bit mask of 1 allowing for 2
> servers. How can I do this within squid?

You should be able to configure the Squid wccp2_service_info flags to 
create a custom dynamic mask.

... HOWEVER:

In looking up where that long table came from I see Squid's WCCPv2 
service masking appears to be seriously broken.  If you will indicate 
which version of Squid this is please I'll see about getting you a patch 
to fix it so the service flags actually work.

Amos