2 CSG in FT scenario (active-standby). During normal work you can see extensite checksum errors with "sh mod csg X stats":
cisco-csg1#sh mod csg 2 stats
Connections Created: 220120
Connections Destroyed: 219713
Connections Current: 407
Connections Timed-Out: 0
Connections Failed: 0
Server initiated Connections:
Created: 0, Current: 0, Failed: 0
L4 Load-Balanced Decisions: 220120
L4 Rejected Connections: 0
L7 Load-Balanced Decisions: 0
L7 Rejected Connections:
Total: 0, Parser: 0,
Reached max parse len: 0, Cookie out of mem: 0,
Cfg version mismatch: 0, Bad SSL2 format: 0
L4/L7 Rejected Connections:
No policy: 0, No policy match 0,
No real: 0, ACL denied 0,
Server initiated: 0
Checksum Failures: IP: 6770821, TCP: 0
Redirect Connections: 0, Redirect Dropped: 0
FTP Connections: 0
MAC Frames:
Tx: Unicast: 0, Multicast: 118, Broadcast: 0,
Underflow Errors: 6815443
Rx: Unicast: 751, Multicast: 10, Broadcast: 0,
Overflow Errors: 0, CRC Errors: 46627
cisco-csg1#
Cisco TAC writes about it:
"As you are running replication it is normal to see packets with wrong checksum on FT VLAN. This comes from the way CSG communicate new sessions and tear downs to standby CSG. This is done through "fake" SYNC and RST packets send over FT VLAn and these packets doesn't have correct checksum. If you have possibility to collect sniffer traces with VLAn tags in it you should see that those are only frames on FT VLAN."
Saturday, May 24, 2008
Cisco CSG sh mod csg X stats extensive checksum errors
Thursday, May 22, 2008
CSG in action
Sandwich configuration (2 CSG cards per chassis), RLB (Radius Load Balancing) from client side, FWLB (Firewall Load Balancing) from server side. LB across 2 cards, and every card has standby one in other chassis.
Sunday, May 18, 2008
Cisco CSG part III
How traffic quoting works? First of all, CSG has several configurations parts (i will not show all):
1. contents (+policy+maps)
2. services
3. billing
Contents - you define content providers there. Where can be 4000 contents (as i remember). You should know, that all Internet is content provider too.
Services - some kind of traffic definition and method of traffic accounting. Services include contents with policy definitions (we can have different pages from one content provider included in different services).
Billings - this is billing plan definitions. Really we can use prepaid or postpaid.
The most interesting for us - Prepaid. When user opens tcp session (or sends any other traffic), it opens service. You can see open services per user with "sh ip csg account user ...." command. CSG sends to quota server service authorization request, where it asks for some volume of quota. Server answers, and user begins work. You can see how user eats quota with above command. When quota volume is low, CSG sends service reauthorization and asks more quota. If no more quota available, than server returns zero, and CSG redirects http/wap traffic to configured page or drop any other traffic.
The quota metered in quadrans. This is virtual resource. In your services you can set what we will use as one quadran (ip bytes, tcp bytes, events, time), and also set quadran weight (for one page we can eat 1 quadrant per 1 byte, for other - 1 quadran per 10 byte or 10 quadrans per 1 byte).
1. contents (+policy+maps)
2. services
3. billing
Contents - you define content providers there. Where can be 4000 contents (as i remember). You should know, that all Internet is content provider too.
Services - some kind of traffic definition and method of traffic accounting. Services include contents with policy definitions (we can have different pages from one content provider included in different services).
Billings - this is billing plan definitions. Really we can use prepaid or postpaid.
The most interesting for us - Prepaid. When user opens tcp session (or sends any other traffic), it opens service. You can see open services per user with "sh ip csg account user ...." command. CSG sends to quota server service authorization request, where it asks for some volume of quota. Server answers, and user begins work. You can see how user eats quota with above command. When quota volume is low, CSG sends service reauthorization and asks more quota. If no more quota available, than server returns zero, and CSG redirects http/wap traffic to configured page or drop any other traffic.
The quota metered in quadrans. This is virtual resource. In your services you can set what we will use as one quadran (ip bytes, tcp bytes, events, time), and also set quadran weight (for one page we can eat 1 quadrant per 1 byte, for other - 1 quadran per 10 byte or 10 quadrans per 1 byte).
Friday, May 16, 2008
CSG in load balancing IP addr plan (RLB/FWLB sandwich)
This is picture from RLB/FWLB sandwich for CSG load balancing.
Thursday, May 1, 2008
Cisco CSG1 performance
One result from my lab. It done with traffic exchange about 8 kbytes in both directions per TCP session (appx 8 input and 8 output), 2 CSG in FT (content without replication), 150 radius events per second, 3000 active users. Content authorization enabled, all users PREPAID (worst case). 4 balanced quota/bma servers. Input - traffic from the clients, output - traffic to the clients (we send some more data from server in one session).
This is not official result, this is only my investigation.
Subscribe to:
Posts (Atom)
