Unfortunately, stage fright prevents me from asking this question on the NANOG meeting floor. My understanding of WCCP is that the server is responsible to tell the WCCP-enabled Cisco router that, "Hey, I'm alive to recieve port 80 requests!" My question is, what prevents a cache from seding a WCCP frame saying, "Hey, I'm alive" when it really isn't? Is there a way for the router to check the cache in the opposite direction? Seems odd that your would rely on the cache to verify that the cache is OK. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
At 03:44 PM 11/9/98 -0500, alex@nac.net wrote:
My question is, what prevents a cache from seding a WCCP frame saying, "Hey, I'm alive" when it really isn't?
the application itself (layer 7) is most likely to know more about whether the application is alive and working than anything else.
Is there a way for the router to check the cache in the opposite direction? Seems odd that your would rely on the cache to verify that the cache is OK.
i believe WCCP is more a heartbeat mechanism - the router will age WCCP 'hello' packets and expire them. presumably if it doesn't hear one of the cache engines 'check in', it'll stop forwarding traffic to it. cheers, lincoln.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
My question is, what prevents a cache from seding a WCCP frame saying, "Hey, I'm alive" when it really isn't?
the application itself (layer 7) is most likely to know more about whether the application is alive and working than anything else.
(see below)
i believe WCCP is more a heartbeat mechanism - the router will age WCCP 'hello' packets and expire them. presumably if it doesn't hear one of the cache engines 'check in', it'll stop forwarding traffic to it.
Actually, that is inaccurate. For a cache to say that it is alive is insufficient. This is a reflection of a much more sophisticated, yet lightweight, state being maintained in the infrastructure. Although, this does reflect the view of L4 switch vendors and their "accomplices" -- it is in their best interest to make WCCP look like modified policy routing or simple state maintenance a la heartbeat. Seems like their FUD works. :( James, can you comment? I don't want to get into NDA h*ll ;) Cheers, Chris - -- Christian Kuhtz <ck@adsu.bellsouth.com> -wk ck@gnu.org -hm Sr. Network Architect, BellSouth Corp., Advanced Data Services NOTE: "We speak PGP: key available at well-known key servers." "Turnaucka's Law: The attention span of a computer is only as long as its electrical cord." -- /usr/games/fortune -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> iQA/AwUBNkhZ34RXnO1Cm58sEQJG9ACgkKKQly+oGJYoZHtM2I5f3JkCCGgAoO1X knqTNLpAHQ1M8TJqBvsGKQ8z =6epK -----END PGP SIGNATURE-----
i believe WCCP is more a heartbeat mechanism - the router will age WCCP 'hello' packets and expire them. presumably if it doesn't hear one of the cache engines 'check in', it'll stop forwarding traffic to it.
Your missing what I said. What if the cache continues sending WCCP packets, but the cache itself has died? -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
On Tue, Nov 10, 1998 at 11:04:38AM -0500, alex@nac.net wrote: ==>> i believe WCCP is more a heartbeat mechanism - the router will age WCCP ==>> 'hello' packets and expire them. presumably if it doesn't hear one of the ==>> cache engines 'check in', it'll stop forwarding traffic to it. ==> ==>Your missing what I said. What if the cache continues sending WCCP ==>packets, but the cache itself has died? I haven't yet encountered a situation where the cache was having a problem and yet was still responding and talking WCCP to the router. When our Cache Engines have experienced problems, they have removed themselves from the available pool or stopped responding to WCCP (which, in turn, caused them to be removed). In short, I believe there's a very strong mechanism to check all functions of the cache before saying "hey, I'm okay here". /cah
That I can accept. But, I still have one fundamental argument, which is to ensure true and absolute reliability, a machine should not be verifying its own health. My other concern is that now that it is licensable, will the other cache manufacturers do it properly also?
I haven't yet encountered a situation where the cache was having a problem and yet was still responding and talking WCCP to the router.
When our Cache Engines have experienced problems, they have removed themselves from the available pool or stopped responding to WCCP (which, in turn, caused them to be removed).
In short, I believe there's a very strong mechanism to check all functions of the cache before saying "hey, I'm okay here".
/cah
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
On Tue, Nov 10, 1998 at 11:05:00PM -0500, alex@nac.net wrote:
That I can accept.
But, I still have one fundamental argument, which is to ensure true and absolute reliability, a machine should not be verifying its own health.
My other concern is that now that it is licensable, will the other cache manufacturers do it properly also?
Do you have a link or similar that shows that WCCP is now licensable ? Does any know of any other cache manufacturers that currently supports WCCP ? /Jesper -- Jesper Skriver (JS4261-RIPE), Network manager Tele Danmark DataNet, IP section (AS3292) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.
On Tue, Nov 10, 1998 at 11:05:00PM -0500, alex@nac.net wrote:
That I can accept.
But, I still have one fundamental argument, which is to ensure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 true and
absolute reliability, a machine should not be verifying its own health.
My other concern is that now that it is licensable, will the other cache manufacturers do it properly also?
If cisco has any brains left, they will certify WCCP operation in a series of testsuites before they let anyone claim that it is WCCP.
Do you have a link or similar that shows that WCCP is now licensable ?
It has not been announced yet.
Does any know of any other cache manufacturers that currently supports WCCP ?
WCCP licensing is, AFAIK, not yet available. Cheers, Chris - -- Christian Kuhtz <ck@adsu.bellsouth.com> -wk ck@gnu.org -hm Sr. Network Architect, BellSouth Corp., Advanced Data Services NOTE: "We speak PGP: key available at well-known key servers." "Turnaucka's Law: The attention span of a computer is only as long as its electrical cord." -- /usr/games/fortune -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> iQA/AwUBNkoyDIRXnO1Cm58sEQIU6gCg7tl2LocA0LkLA1TVK8IUiECjY8sAniD8 drSK+t1Wzev2X7i53RyuzjVZ =1CYs -----END PGP SIGNATURE-----
At 11:04 AM 11/10/98 -0500, alex@nac.net wrote:
i believe WCCP is more a heartbeat mechanism - the router will age WCCP 'hello' packets and expire them. presumably if it doesn't hear one of the cache engines 'check in', it'll stop forwarding traffic to it.
Your missing what I said. What if the cache continues sending WCCP packets, but the cache itself has died?
i don't think i am -- i would assume that the cache design would perform suitable sanity checks prior to sending out a heartbeat. if the design is sound, the cache would not be capable of sending out WCCP packets if it has 'died' in some way. cheers, lincoln.
Your missing what I said. What if the cache continues sending WCCP packets, but the cache itself has died?
i don't think i am -- i would assume that the cache design would perform suitable sanity checks prior to sending out a heartbeat. if the design is sound, the cache would not be capable of sending out WCCP packets if it has 'died' in some way.
I am sure someone could make the argument that if the cache were designed suitably, it wouldn't need to send out packets because it wouldn't die in the first place. Or further, wouldn't need load balancing from a switch because it would have a suitable mechanism of capacity planning the traffic itself. I can think of an example where the disk might partially fail and WCCP packets would still be sent out. But of course, no one implements technology today before its been thoroughly matured with a million years of uptime. -Deepak.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am sure someone could make the argument that if the cache were designed suitably, it wouldn't need to send out packets because it wouldn't die in the first place. Or further, wouldn't need load balancing from a switch because it would have a suitable mechanism of capacity planning the traffic itself.
Can you let us know when you found nirvana?
I can think of an example where the disk might partially fail and WCCP packets would still be sent out.
If the disk partially fails, operation of a cache engine would be interrupted. This should result in the router excluding this particular cache engine from WCCP as a fail-safe mode. If not, the software needs a simple sanity check to shut itself down (forcing WCCP into a "standby mode" for this cache engine entity to allow for a "limp home" mode). This has nothing to do with WCCP itself.
But of course, no one implements technology today before its been thoroughly matured with a million years of uptime.
Of course. Cheers, Chris - -- Christian Kuhtz <ck@adsu.bellsouth.com> -wk ck@gnu.org -hm Sr. Network Architect, BellSouth Corp., Advanced Data Services NOTE: "We speak PGP: key available at well-known key servers." "Turnaucka's Law: The attention span of a computer is only as long as its electrical cord." -- /usr/games/fortune -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> iQA/AwUBNkovX4RXnO1Cm58sEQIuNwCg67PQgs2cx8BK4vZhJI2o02d2I5EAn2Zn I/8uPLrmuEre87DzhuZl/SxW =+40b -----END PGP SIGNATURE-----
On Wed, 11 Nov 1998, lincoln dale wrote:
Your missing what I said. What if the cache continues sending WCCP packets, but the cache itself has died?
i don't think i am -- i would assume that the cache design would perform suitable sanity checks prior to sending out a heartbeat. if the design is sound, the cache would not be capable of sending out WCCP packets if it has 'died' in some way.
You can't be serious. A cache may check itself, but my arguement is that this self-checking scheme may fail, seeing itself as alive, but not able to actually serve requests. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone! http://www.nac.net -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
At 11:16 PM 11/10/98 -0500, alex@nac.net wrote:
i don't think i am -- i would assume that the cache design would perform suitable sanity checks prior to sending out a heartbeat. if the design is sound, the cache would not be capable of sending out WCCP packets if it has 'died' in some way.
You can't be serious.
A cache may check itself, but my arguement is that this self-checking scheme may fail, seeing itself as alive, but not able to actually serve requests.
lets go through the following scenario. i've no idea if a CCE works this way, but lets say for arguments sake that it does: - internally, a process goes and stores an object in the cache under URL A. the contents of the object is some unique number. - the process then goes and requests, via HTTP, (say over the loopback interface) that object. just about all of the functionality of the cache is then tested: - the disk store works, - the cache is able to accept a HTTP request, - the tcp stack is working - the internal processes of associating a cache object to a request works (and the disk worked ...). everything has therefore been checked, except external network connectivity. the sending of the WCCP packet and subsequent receival by the router tests that as working. i guess what we come down to is this: is it the router's responsibility to maintain state on devices around it, or of devices to inform the router of their state. imho, its a moot point, but i dare say that it was probably easier for cisco to implement the former, as it would have involved far less lines coded in IOS than the latter solution. cheers, lincoln.
i guess what we come down to is this: is it the router's responsibility to maintain state on devices around it, or of devices to inform the router of their state. imho, its a moot point, but i dare say that it was
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry, previous message accidentally went out unedited. Blame it on Microsleuth Lookout 98 and operator error. probably
easier for cisco to implement the former, as it would have involved far less lines coded in IOS than the latter solution.
WCCP maintains "shared state" between cache engines and routers. Unless all entities agree about the state of the world, WCCP is not activated (or will shut itself down to prevent service disruption). It does have very distinct "fail-safe" mechanisms, and is very suitable for maintaining consistent state in a one-to-many as well as many-to-many caching setup because of it. IMHO, that is. Cheers, Chris - -- Christian Kuhtz <ck@adsu.bellsouth.com> -wk ck@gnu.org -hm Sr. Network Architect, BellSouth Corp., Advanced Data Services NOTE: "We speak PGP: key available at well-known key servers." "Turnaucka's Law: The attention span of a computer is only as long as its electrical cord." -- /usr/games/fortune -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> iQA/AwUBNkoxo4RXnO1Cm58sEQLImwCg9uQEO4h/Hrm5O/RFgEqg3a8FwnMAn3GI 1iXOfZVSKEDK/3DHQWAfBSZZ =bppa -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If it isn't actually alive anymore, it won't be able to serve requests, and by the same token won't be able to maintain its matrix of producers and consumers. Once that state is reached, the system goes into a "fail-safe" mode. Sure, fail-safe mechanisms can fail. But being overly creative about the software bug doesn't help either. - -- Christian Kuhtz <ck@adsu.bellsouth.com> -wk ck@gnu.org -hm Sr. Network Architect, BellSouth Corp., Advanced Data Services NOTE: "We speak PGP: key available at well-known key servers." "Turnaucka's Law: The attention span of a computer is only as long as its electrical cord." -- /usr/games/fortune
-----Original Message----- From: alex@nac.net [mailto:alex@nac.net] Sent: Tuesday, November 10, 1998 11:16 PM To: lincoln dale Cc: nanog@merit.edu; Christian Kuhtz Subject: Re: WCCP talk..
On Wed, 11 Nov 1998, lincoln dale wrote:
Your missing what I said. What if the cache continues sending WCCP packets, but the cache itself has died?
i don't think i am -- i would assume that the cache design would perform suitable sanity checks prior to sending out a heartbeat. if the design is sound, the cache would not be capable of sending out WCCP packets if it has 'died' in some way.
You can't be serious.
A cache may check itself, but my arguement is that this self-checking scheme may fail, seeing itself as alive, but not able to actually serve requests.
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Atheism is a non-prophet organization. I route, therefore I am. Alex Rubenstein, alex@nac.net, KC2BUO, ISP/C Charter Member Father of the Network and Head Bottle-Washer Net Access Corporation, 9 Mt. Pleasant Tpk., Denville, NJ 07834 Don't choose a spineless ISP; we have more backbone!
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0 for non-commercial use <http://www.pgp.com> iQA/AwUBNkov4oRXnO1Cm58sEQLhagCdHJc1bF6TcpS3BR52lx3HN/Lo1ogAoPAo 9qMkhOtBEkx7xQv06j3QN4Tn =tsmb -----END PGP SIGNATURE-----
participants (6)
-
alex@nac.net
-
Christian Kuhtz
-
Craig A. Huegen
-
Deepak Jain
-
Jesper Skriver
-
lincoln dale