ACE performance issues

Unanswered Question
Apr 14th, 2009
User Badges:

Hello,


I'm testing an ACE module in a 6509 chassis. I am using ACE firmware c6ace-t1k9-mz.A2_2_0.bin.

I use a script which replaces the variables of the following config with something unique to insert vips.


Config:

class-map match-all TEST_CLASS_%NUMBER%

match virtual-address 172.31.1.200 tcp eq %NUMBER%


rserver host TEST_RSERVER_%NUMBER%_1

ip address %IP1%

inservice


rserver host TEST_RSERVER_%NUMBER%_2

ip address %IP2%

inservice


serverfarm host TEST_SFARM_%NUMBER%

predictor leastconns

probe PING

rserver TEST_RSERVER_%NUMBER%_1 %NUMBER%

inservice

rserver TEST_RSERVER_%NUMBER%_2 %NUMBER%

inservice


policy-map type loadbalance first-match TEST_POLICYMAP_%NUMBER%

class class-default

serverfarm TEST_SFARM_%NUMBER%


policy-map multi-match VLAN1000-POLICYMAP

class TEST_CLASS_%NUMBER%

loadbalance vip inservice

loadbalance policy TEST_POLICYMAP_%NUMBER%

loadbalance vip icmp-reply

nat dynamic 1 vlan 1000


End of config.


The complete config of my context before inserting new vips is:

logging enable

logging console 7




access-list ALLOWALL line 8 extended permit ip any any



probe icmp PING

interval 600

faildetect 2



class-map type management match-all SSHMNGT

2 match protocol ssh any

class-map type management match-all TELNETMNGT

2 match protocol telnet any

class-map type management match-all WEBMNG

2 match protocol http any

class-map type management match-all WEBSMNG

2 match protocol https any


policy-map type management first-match POLICY_MNGT

class SSHMNGT

permit

class TELNETMNGT

permit

class WEBMNG

permit

class WEBSMNG

permit


policy-map multi-match VLAN1000-POLICYMAP


interface vlan 115

ip address 172.31.3.6 255.255.255.0

access-group input ALLOWALL

access-group output ALLOWALL

nat-pool 1 172.31.2.12 172.31.2.12 netmask 255.255.255.255 pat

no shutdown

interface vlan 901

ip address 172.16.15.6 255.255.255.0

access-group input ALLOWALL

access-group output ALLOWALL

service-policy input POLICY_MNGT

no shutdown

interface vlan 1000

ip address 172.31.0.6 255.255.255.0

access-group input ALLOWALL

access-group output ALLOWALL

nat-pool 1 172.31.2.13 172.31.2.30 netmask 255.255.255.255 pat

service-policy input VLAN1000-POLICYMAP

no shutdown


ip route 10.53.0.0 255.255.0.0 172.31.0.118

username www password 5 *************** role Admin domain default-domain

username admin password 5 *************** role Admin domain default-domain


End of complete config.


Now i generate the config of 1000 vips, upload it to the ace and merge it with the running config.

It goes well, it works but the process takes about 20 minutes...

Now I continue until I have added a total of 4000 vips and notice it takes a very long time to complete.

While the ACE is merging the config, the ACE takes about 30 seconds to accept a command. Sometimes I even get API timeouts.

Ah well, I can live with that. What does bother me a lot is that booting my context takes one hour!!! when it is fully loaded.


Can anybody tell me I am doing something wrong or is this by design?


With kind regards,

Tom van Leeuwen


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Fri, 04/17/2009 - 05:40
User Badges:
  • Cisco Employee,

When the congig grows too big, this was somehow normal behavior.

We tried to improve this in version A2(2.0)


We have reduced merge/boot time to 45 seconds.


Gilles.

siennax Mon, 04/20/2009 - 04:32
User Badges:

Hello,


I am using firmware c6ace-t1k9-mz.A2_2_0.bin. So I'm already having that and that is not the problem then... Still haven't found a reason why it takes so long...

Actions

This Discussion