Re: ACE performance issues

siennax · ‎04-14-2009

Hello,

I'm testing an ACE module in a 6509 chassis. I am using ACE firmware c6ace-t1k9-mz.A2_2_0.bin.

I use a script which replaces the variables of the following config with something unique to insert vips.

Config:

class-map match-all TEST_CLASS_%NUMBER%

match virtual-address 172.31.1.200 tcp eq %NUMBER%

rserver host TEST_RSERVER_%NUMBER%_1

ip address %IP1%

inservice

rserver host TEST_RSERVER_%NUMBER%_2

ip address %IP2%

inservice

serverfarm host TEST_SFARM_%NUMBER%

predictor leastconns

probe PING

rserver TEST_RSERVER_%NUMBER%_1 %NUMBER%

inservice

rserver TEST_RSERVER_%NUMBER%_2 %NUMBER%

inservice

policy-map type loadbalance first-match TEST_POLICYMAP_%NUMBER%

class class-default

serverfarm TEST_SFARM_%NUMBER%

policy-map multi-match VLAN1000-POLICYMAP

class TEST_CLASS_%NUMBER%

loadbalance vip inservice

loadbalance policy TEST_POLICYMAP_%NUMBER%

loadbalance vip icmp-reply

nat dynamic 1 vlan 1000

End of config.

The complete config of my context before inserting new vips is:

logging enable

logging console 7

access-list ALLOWALL line 8 extended permit ip any any

probe icmp PING

interval 600

faildetect 2

class-map type management match-all SSHMNGT

2 match protocol ssh any

class-map type management match-all TELNETMNGT

2 match protocol telnet any

class-map type management match-all WEBMNG

2 match protocol http any

class-map type management match-all WEBSMNG

2 match protocol https any

policy-map type management first-match POLICY_MNGT

class SSHMNGT

permit

class TELNETMNGT

permit

class WEBMNG

permit

class WEBSMNG

permit

policy-map multi-match VLAN1000-POLICYMAP

interface vlan 115

ip address 172.31.3.6 255.255.255.0

access-group input ALLOWALL

access-group output ALLOWALL

nat-pool 1 172.31.2.12 172.31.2.12 netmask 255.255.255.255 pat

no shutdown

interface vlan 901

ip address 172.16.15.6 255.255.255.0

access-group input ALLOWALL

access-group output ALLOWALL

service-policy input POLICY_MNGT

no shutdown

interface vlan 1000

ip address 172.31.0.6 255.255.255.0

access-group input ALLOWALL

access-group output ALLOWALL

nat-pool 1 172.31.2.13 172.31.2.30 netmask 255.255.255.255 pat

service-policy input VLAN1000-POLICYMAP

no shutdown

ip route 10.53.0.0 255.255.0.0 172.31.0.118

username www password 5 *************** role Admin domain default-domain

username admin password 5 *************** role Admin domain default-domain

End of complete config.

Now i generate the config of 1000 vips, upload it to the ace and merge it with the running config.

It goes well, it works but the process takes about 20 minutes...

Now I continue until I have added a total of 4000 vips and notice it takes a very long time to complete.

While the ACE is merging the config, the ACE takes about 30 seconds to accept a command. Sometimes I even get API timeouts.

Ah well, I can live with that. What does bother me a lot is that booting my context takes one hour!!! when it is fully loaded.

Can anybody tell me I am doing something wrong or is this by design?

With kind regards,

Tom van Leeuwen

Gilles Dufour · ‎04-17-2009

When the congig grows too big, this was somehow normal behavior.

We tried to improve this in version A2(2.0)

We have reduced merge/boot time to 45 seconds.

Gilles.

siennax · ‎04-20-2009

Hello,

I am using firmware c6ace-t1k9-mz.A2_2_0.bin. So I'm already having that and that is not the problem then... Still haven't found a reason why it takes so long...