On Tue, 7 Jun 2011 10:05:18 -0400, Shoebottom, Bryan wrote:
Guys,
I have a pair of proxies in L2 mode and have been advised by Cisco to
reduce the bit mask for WCCP due to some TCAM issues I have been
running into. I have searched around, and can't seem to find a way
to
do this. Here's some info from Cisco's WAAS product to help explain
this a little better:
http://docwiki.cisco.com/wiki/Cisco_WAAS_Troubleshooting_Guide_for_Release_4.1.3_and_Later_--_Troubleshooting_WCCP
"Use the smallest number of mask bits possible when using WCCP
redirect ACL. A smaller number of mask bits when used in conjunction
with Redirect ACL results in lower TCAM utilization. If there are 1-2
WCCP clients in a cluster, use one bit. If there are 3-4 WCCP
clients,
use 2 bits. If there are 5-8 WCCP clients, then use 3 bits and so
on."
"The TCAM resources consumed by a WCCP redirect access-list is a
product of the content of that ACL multiplied against the configured
WCCP bit mask. Therefore, there is contention between the number of
WCCP buckets (which are created based on the mask) and the number of
entries in the redirect ACL. For example, a mask of 0xF (4 bits) and
a
200 line redirect permit ACL may result in 3200 (2^4 x 200) TCAM
entries. Reducing the mask to 0x7 (3 bits) reduces the TCAM usage by
50% (2^3 x 200 = 1600)."
I do have a redirect list and try to keep it as small as possible.Â
Here is what my bucket distribution looks like with 1 server attached
(64 buckets):
Switch#sho ip wcc we d
WCCP Client information:
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ WCCP Client ID:ÂÂÂÂÂÂÂÂÂ 192.168.1.1
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Protocol Version:ÂÂÂÂÂÂÂ 2.0
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ State:ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Usable
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Redirection:ÂÂÂÂÂÂÂÂÂÂÂÂ L2
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Packet Return:ÂÂÂÂÂÂÂÂÂÂ L2
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Packets Redirected:ÂÂÂ 27
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Connect Time:ÂÂÂÂÂÂÂÂÂ 00:28:54
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Assignment:ÂÂÂÂÂÂÂÂÂÂÂ MASK
 Mask SrcAddr DstAddr SrcPort DstPort
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ----Â -------ÂÂÂ -------ÂÂÂ ------- -------
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0000: 0x00000000 0x00001741 0x0000Â 0x0000
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Value SrcAddrÂÂÂ DstAddrÂÂÂ SrcPort DstPort CE-IP
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ ----- -------ÂÂÂ -------ÂÂÂ ------- ------- -----
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0000: 0x00000000 0x00000000 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0001: 0x00000000 0x00000001 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
<snip, interesting pattern of masking>
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0056: 0x00000000 0x00001600 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0057: 0x00000000 0x00001601 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0058: 0x00000000 0x00001640 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0059: 0x00000000 0x00001641 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0060: 0x00000000 0x00001700 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0061: 0x00000000 0x00001701 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0062: 0x00000000 0x00001740 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ 0063: 0x00000000 0x00001741 0x0000Â 0x0000Â
0xC0A80101 (192.168.1.1)
Switch#
The goal is to reduce this to a bit mask of 1 allowing for 2
servers. How can I do this within squid?
You should be able to configure the Squid wccp2_service_info flags to
create a custom dynamic mask.
... HOWEVER:
In looking up where that long table came from I see Squid's WCCPv2
service masking appears to be seriously broken. If you will indicate
which version of Squid this is please I'll see about getting you a patch
to fix it so the service flags actually work.
Amos