Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1509
Views
0
Helpful
2
Replies

SYSLOG loadbalancing using ACE

Go to solution
wim.juste
Level 1
Level 1

‎03-17-2012 11:05 AM

Dear,

I want to use the ACE blade in CAT6500 to loadbalancing SYSLOG events towards (SIEM) collectors.

Servers and network devices will sent there syslog messages to different collectors after being loadbalanced by ACE.

I was just wondering, since a lot of clients are going to sent there complete syslog events to the VIP and thus introducing a high connection rate.

(+/- 200.000 CPS)

According to the specs, the ACE blade has a limitation of 325.000 connection per second. I suppose this is a limitation at device level. (not on a per context basis, and does that include both TCP and UDP packets?)

Could the UDP BOOST feature might come in handy allowing very high rate UDP syslog packet loadbalancing?

Thanks for your feedback,

Kind regards,

Wim

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrhiggi
Level 3
Level 3

‎03-21-2012 11:04 AM

Hello Wim!

Excellent questions.

UDP Boost should help at least a bit, UDP Fast Age will not help.  Anything that you can do to mitigate extra checks (i.e. not doing source nat) will help push things through at a faster rate because the packets will need to make the least amount of checks internally.  UDP Boost changes how we do the loadbalancing once a tuple is created in memory for the first packet in the flow.  As well, depending on the ip addresses and port numbers being used, you may need CDE same port hash configured. 

The other thing to think about is what is considered a unique connection.  ACE has different limits, like new connection setup/second, a total amount of connections that can exist at one time, etc.  If you are pushing 325k new cps, then you are going to want to timeout connections relatively quickly or you will fill your total number of connections the box can handle in seconds.  If you are just pushing 325pps through existing connections, that is not as much of a problem. 

Information on UDP Boost:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/classlb.html#wp1281598http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/classlb.html#wp1281598

Information on UDP Fast-Age:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/classlb.html#wp1157547

Regards,

Chris Higgins

View solution in original post

0 Helpful
2 Replies 2

Go to solution
chrhiggi
Level 3
Level 3

‎03-21-2012 11:04 AM

Hello Wim!

Excellent questions.

UDP Boost should help at least a bit, UDP Fast Age will not help.  Anything that you can do to mitigate extra checks (i.e. not doing source nat) will help push things through at a faster rate because the packets will need to make the least amount of checks internally.  UDP Boost changes how we do the loadbalancing once a tuple is created in memory for the first packet in the flow.  As well, depending on the ip addresses and port numbers being used, you may need CDE same port hash configured. 

The other thing to think about is what is considered a unique connection.  ACE has different limits, like new connection setup/second, a total amount of connections that can exist at one time, etc.  If you are pushing 325k new cps, then you are going to want to timeout connections relatively quickly or you will fill your total number of connections the box can handle in seconds.  If you are just pushing 325pps through existing connections, that is not as much of a problem. 

Information on UDP Boost:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/classlb.html#wp1281598http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/classlb.html#wp1281598

Information on UDP Fast-Age:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/slb/guide/classlb.html#wp1157547

Regards,

Chris Higgins

0 Helpful

Go to solution
wim.juste
Level 1
Level 1
In response to chrhiggi

‎03-26-2012 05:28 AM

Hi Chris,

Thank you for your valuable feedback. especially related to the UDP boost information.

Kind regards,

Wim

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents