Re: Squid / Transparent cache killing Cisco cpu

From: Juan Bou R. <squid@dont-contact.us>
Date: Tue, 15 Jun 1999 03:35:09 -0500

Hello Brad,
You need to install IOS 11.3 in the router,
with the version 11.3 the policy routing is fast switched
and dont load the procesor in that way, IOS 11.2 and
earlier dont do policy route fast switched and have this
problem of overload under some traffic level

At 01:40 AM 6/15/99 -0400, Brad Groshok wrote:
>Good evening all.
>
>I'm a new user to Squid and am having a problem with our Cisco 3640 router
>when running Squid. (Its killing the cpu)
>
>Have Squid installed and up and running on a FreBSD System.
>Pentium II-350, 128Meg, 4 Gig for OS and 2x9Gig drives for cache.
>That part seems to be running just fine
>
>Problem I am having is when I cause our Cisco 3640 (core) router to
>redirect HTTP traffic, the cpu load on the cisco goes from ~30% to 99%.
>ie. it just hammers our router!!!
>
>Router is connected to two upstreams
>one via a 100Meg full-duplex ethernet to UUNet
>second via 2 Full T1 loops to Sprint
>Running BGP4 and taking 2 full tables.
>Router has 128Meg ram, Version 11.2(11)P IOS
>Local traffic is delivered via another FastEther full-duplex to our Cisco
>2924XL switch.
>
>I'm applying the "ip policy route-map proxy-redirect" to the local FastEther.
>
>FreeBSD Squid cache box is connected to same switch via full-duplex 100Meg
>Ether.
>
>Like I said, things seem to work along just fine. I tail the access.log
>file and squid seems to be doing everything it should. Just the wheels are
>going to fall off our poor little router. I would have thought a Cisco 3640
>would have been able to handle doing redirects at this level just fine.
>
>Oh, guess I should mention that when I do let squid run for a bit, I'm
>seeing about 1.5 - 1.8 Meg of traffic going to/from the Cache box. This
>being generated from approx 600 dial customers on line at the time.
>But during this time any traffic that goes through the router, is really
>throttled back. Things just seem to grind to a halt. (ie telnet to any
>local systems in the office is almost unusable).
>
>Any suggestions?
>Am I trying to do more that our router will handle?
>or do I maybe have a config problem somewhere?
>
>Some stuff from our cisco:
>
>access-list 110 deny tcp host 209.223.225.2 any eq www
>access-list 110 permit tcp any any eq www
>
>route-map proxy-redirect permit 10
> match ip address 110
> set ip next-hop 209.223.225.2
>
>int fast 0/0
>ip policy route-map proxy-redirect
>
>Thanks for any/all suggestions!
>
> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> _/ Regards: Brad Groshok (bgroshok@odyssey.on.ca) _/
> _/ President Odyssey Network Inc. http://www.odyssey.on.ca _/
> _/ London Ontario Canada PH:(519)660-8883 Fax:(519)660-6111 _/
>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

~
-
        Juan Bou Riquer.
        Internet Cancun.
        jbou@cancun.com.mx
        Tel. 87-2601 Fax. 84-3809
Received on Tue Jun 15 1999 - 02:45:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:53 MST