RE: WCCP and WAE question regarding high cpu utilization.

Carlos,

My typo. I was thinking of VoIP "control" ports (e.g. Skinny TCP 2000)
and not RTP, I worded that as UDP...actually the 61/62 thing works in
the "TCP-promiscuous" mode. That's a part of its name :) - Anyway as the
best practice the forwarding decision should be inclusive and not
exclusive. So you pick only the things that you really need.

But let's go back to the problem:
 
1- We need to verify CEF. This can be done through the commands I asked
for.
2- We need to make sure that WCCP is configure properly. That's why I
asked for the configuration of the "integrated" interface.
3- We however still not quite sure whether any optimization is achieved
or not. The previous item has to be verified first.
4- Read through the output provided by the original poster you see this
"Total Packets s/w Redirected", I know it's a bit strange but the "s/w"
keyword stands for "Software"! if you configure hardware switching (with
the latest version of the IOS is possible to some extend) then that
counter should not be going up at all. So we need to know a bit of
config of the NME module as well.

As soon as he posts some more details we can look into the issue but
generally speaking the following items are among the most important CPU
spike cases in WCCP installations:

1- Bad WCCP configuration/Design (e.g. wrong interface, outbound
interception etc.)
2- CEF issues
3- Software switching and GRE overhead. The L2 redirection is a nice
remedy.
4- Bugs

Needless to say, all these things are case-based. So let's wait and see
what he says.

HTH

--------------------------
Kambiz Agahian
CCIE (R&S), CCSI, WAASSE, RSSSE
Technical Instructor
CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
Email: kagahian_at_ccbootcamp.com
Toll Free: 877-654-2243
International: +1-702-968-5100
Skype: skype:ccbootcamp?call
FAX: +1-702-446-8012
YES! We take Cisco Learning Credits!
Training And Remote Racks: http://www.ccbootcamp.com

-----Original Message-----
From: Carlos G Mendioroz [mailto:tron_at_huapi.ba.ar]
Sent: Saturday, May 01, 2010 6:02 AM
To: Kambiz Agahian
Cc: Group Study; Cisco certification
Subject: Re: WCCP and WAE question regarding high cpu utilization.

Kambiz,
on #1, wccp group 61/62 only redirect TCP traffic, so RTP is not going
to get caught AFAIK, and though SIP can run over TCP, I would usually
associate "voip traffic" to RTP.

General question: can this be done in CEF at all ? I.e. TCP redirection.
I know cisco says to enable CEF in the routers, etc.
But isn't CEF a fast destination IP controlled thing ? So if the router
has to differentiate TCP from the rest, it would have to punt the
traffic.

Enter the architecture dependent world. Some chasis do have extensions
to deal with L4 on hardware for things like QoS and ACLs, but here we
need differentiated forwarding based on L4. I'm suspicious that this is
a no no for an ISR.

Thoughts ?
-Carlos

Kambiz Agahian @ 1/05/2010 6:54 -0300 dixit:
> Hi there,
>
> Your platform is one of the suitable/recommended models for WCCP
> redirection to/from NME's but here are my suggestions:
>
> 1- Never ever use a permit any ACL with Cisco WAAS - you certainly
don't
> want to kick your voip traffic over to the WAAS module. First off, you
> need a TCP only ACL but in this case start with a simple ACL just to
> pick some "interesting" traffic. HTTP is usually a good choice.
>
> 2- I need more info to troubleshoot this. The output of the "show ip
int
> xxx" and "show int xxx" commands is obviously necessary. If you're not
> limited by confidentiality policies I also need a full config of the
> router, for instance I need to know what your QoS policy is doing.
>
> 3- If you have any, please take all the CEF killers off the config,
I'm
> quite sure you're aware of this, but do get rid of things like ACLs
with
> the log option enabled.
>
> * If you're not comfortable with posting more details here feel free
to
> contact me off-list or as a best practice open a case with Cisco TAC.
>
>
> HTH
>
> --------------------------
> Kambiz Agahian
> CCIE (R&S), CCSI, WAASSE, RSSSE
> Technical Instructor
> CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
> Email: kagahian_at_ccbootcamp.com
> Toll Free: 877-654-2243
> International: +1-702-968-5100
> Skype: skype:ccbootcamp?call
> FAX: +1-702-446-8012
> YES! We take Cisco Learning Credits!
> Training And Remote Racks: http://www.ccbootcamp.com
>
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
Of
> Group Study
> Sent: Friday, April 30, 2010 1:43 PM
> To: Cisco certification
> Subject: WCCP and WAE question regarding high cpu utilization.
>
> I'm using a nme-wae card in an ISR router and using wccp to redirect
> traffic, all traffic.
>
> I notice that the CPU utilization gets to 100% and when I do a "show
> ip wccp" i notice CEF switched packets are zero and process switched
> packets are many, leading me to believe that's the reason for high
> cpu...
>
> Any suggestions on how to fix this?
>
> Global WCCP information:
> Router information:
> Router Identifier: 192.168.133.21
> Protocol Version: 2.0
>
> Service Identifier: 61
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 141892759
> Process: 141892759
> CEF: 0
> Service mode: Open
> Service Access-list: -none-
> Total Packets Dropped Closed: 0
> Redirect Access-list: WAAS_PERMIT_ANY
> Total Packets Denied Redirect: 0
> Total Packets Unassigned: 7881
> Group Access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 784
>
> Service Identifier: 62
> Number of Service Group Clients: 1
> Number of Service Group Routers: 1
> Total Packets s/w Redirected: 138317602
> Process: 137859756
> CEF: 457846
> Service mode: Open
> Service Access-list: -none-
> Total Packets Dropped Closed: 0
> Redirect Access-list: WAAS_PERMIT_ANY
> Total Packets Denied Redirect: 168333787
> Total Packets Unassigned: 9094
> Group Access-list: -none-
> Total Messages Denied to Group: 0
> Total Authentication failures: 0
> Total Bypassed Packets Received: 732
>
>
>
> !
> interface FastEthernet0/0
> ip address 192.168.70.161 255.255.255.252 secondary
> ip address 10.160.1.3 255.255.255.0
> ip wccp 61 redirect in
> ip pim sparse-dense-mode
> ip cgmp
> duplex full
> speed 100
> standby 1 ip 10.160.1.2
> standby 1 timers 5 15
> standby 1 priority 105
> standby 1 preempt
> standby 1 track Multilink1
> end
>
> interface Multilink1
> description
> bandwidth 4096
>
> ip wccp 62 redirect in
> ip flow ingress
> ip flow egress
> no peer neighbor-route
> ppp chap hostname abc
> ppp multilink
> ppp multilink links minimum 1
> ppp multilink group 1
> ppp multilink fragment disable
> service-policy output QOS
> end
>
>
> Blogs and organic groups at http://www.ccie.net
>
>
Received on Sat May 01 2010 - 16:28:29 ART