Using and Configuring Features Version 3.3

Configuring and Monitoring the Encoding Subsystem

Data compression and encryption functions are grouped together in the Encoding Subsystem (ES). ES provides access to the encoding software device for interfaces or protocols and is automatically activated whenever a link is activated for compression or encryption. The software device consists of operational software that performs compression and encryption. The compression and encryption algorithms are run on the router's processor. You do not need to change the default configuration to use the software device.
Note: See Configuring and Monitoring Data Compression for instructions about configuring compression sessions over PPP or Frame Relay, see Using and Configuring Encryption Protocols for instructions about configuring encryption sessions over PPP or Frame Relay, and see Configuring and Monitoring IP Security for instructions about configuring IPSec sessions.

Monitoring the ES activity can be done by entering feature es from the monitoring (talk 5) prompt.

The ES configuration parameters allow you to limit the amount of memory used by the ES software device. The default configuration allows the ES to get as much memory as required. To limit memory usage, use the set command under feature es in the configuration process (Talk 6).

This chapter consists of the following sections:

Configuring the Encoding Subsystem
Monitoring the Encoding Subsystem

Configuring the Encoding Subsystem

The ES configuration parameters provide a way to control the number of compression and encryption sessions that are using the software encoding device at one time. The software encoding device is essentially a collection of compression and encryption libraries that are run on the router's processor. A session consists of a full-duplex connection over a particular interface that has been configured to use compression or encryption.

Generally, data encoding is a processor-intensive operation. By limiting the number of software encoding sessions, the impact of data encoding on the performance of the router can be controlled to a certain extent. As an example, if the router has 20 dial-in interfaces configured for compression and it has been determined that compressing more than 10 interfaces at once has an adverse effect on the performance of the router, the maximum number of compression sessions should be set to 10. This allows any 10 of the 20 interfaces to use compression.

The memory requirements of the software encoding device may also be a reason to limit the number of sessions. Each software compression session uses approximately 30 KB of router memory and an encryption session uses approximately 2 KB. If too much memory is used by the ES, other functions may become memory-restricted and the router's performance can be adversely affected. See "Considerations" for more information.

You can set the minimum or maximum number of ES sessions by stating the number of sessions or by specifying one of the values unlimited, default, or a number. The values unlimited and default have the same meaning; these values allow the router to support all the sessions that have been activated for encryption or compression, until the memory is exhausted.
Note: None of the ES configuration parameters (talk 6) can be dynamically reconfigured. To activate parameter values after you have changed them, you must restart or reload the router.

In the Config process (talk 6), enter feature es at the Config> prompt to access the ES configuration commands. The ES Config> prompt appears. Table 16 lists the commands.

Table 16. ES Configuration Commands

Command Action
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
List Displays the current setting of compression and encryption sessions.
Set Sets the maximum number of encryption and compression sessions available for all interfaces.
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Command	Action
? (Help)	Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
List	Displays the current setting of compression and encryption sessions.
Set	Sets the maximum number of encryption and compression sessions available for all interfaces.
Exit	Returns you to the previous command level. See "Exiting a Lower Level Environment".

List

Use the list command to display the current setting of the compression and encryption sessions.

Syntax:

list

Example:

ES Config> list
Data Compression and Encryption System Configuration
----------------------------------------------------
 
Parameters used for host-based encoding:
  Compression sessions:
    Reserved at initial bootup:           0
    Maximum allowed:                      unlimited
  Encryption sessions:
    Reserved at initial bootup:           0
    Maximum allowed:                      unlimited

Set

Use the set command to set the maximum number of data encryption or compression sessions.

Syntax:

set: sw minimum compression-sessions n, unlimited, or default
: sw maximum compression-sessions n, unlimited, or default
: sw minimum encryption-systems n, unlimited, or default
: sw maximum encryption-systems n, unlimited, or default

Note:

The letters sw are an abbreviation for software.

software minimum compression-sessions n, unlimited, or default

Sets the minimum number of compression sessions available for the interfaces. The router reserves this many sessions so that they are always available.

Default Value: 0

Valid Values: 0 to unlimited; alternatively, default

software maximum compression-sessions n, unlimited, or default

Sets the maximum number of compression sessions available for the interfaces. Once this number of sessions has been activated, new sessions cannot be activated.

Default Value: 0

Valid Values: 0 to unlimited; alternatively, default

software minimum encryption-sessions n, unlimited, or default

Sets the minimum number of encryption sessions available for the interfaces. The router reserves this number of sessions so that they are always available.

Default Value: 0

Valid Values: 0 to unlimited; alternatively, default

software maximum encryption-sessions n, unlimited, or default

Sets the maximum number of encryption sessions available for the interfaces. Once this number of sessions has been activated, new sessions cannot be activated.

Default Value: 0

Valid Values: 0 to unlimited; alternatively, default

Monitoring the Encoding Subsystem

In the monitoring process, enter feature es at the + prompt to access the ES monitoring commands. The ES Monitor> prompt appears. Table 17 lists the available commands.

Table 17. ES Monitoring Command

Command Action
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
List Lists ES ports, circuits, devices, configuration, status, or summary.
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Command	Action
? (Help)	Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
List	Lists ES ports, circuits, devices, configuration, status, or summary.
Exit	Returns you to the previous command level. See "Exiting a Lower Level Environment".

List

Use the list command to list information about ES. See the list summary command for an example of the output of the list command that includes ports, devices, and status.

Syntax:

list: ports
: circuits
: devices
: config
: status
: summary

ports

The list ports command lists the encoding ports that have been created by potential clients of the encoding system. A port establishes a linkage between the encoding system and the clients that have been configured to use ES. For example, if compression or encryption is configured over the PPP interface Net 1, a port is associated with that interface. The QLen field shows the sum of all the outstanding compression or encryption requests for all of the circuits associated with the port. A client, such as PPP configured over a particular interface, presents a request to ES when it designates a particular buffer of data for encoding.

The Status field shows Idle if nothing is queued at the port, or Busy or Waiting if requests are in process or queued on the port.

circuits

The list circuits command displays the circuits that have been defined by clients of the encoding system. Each circuit corresponds to a full-duplex connection. Date encrypted or compressed at one endpoint is decrypted or decompressed at the other.

By default, only active circuits are displayed. Use the command list circuits all to include both active and inactive circuits.

For each circuit found, the port and user are displayed as in the list ports command. In addition, two lines of information are shown, a Tx line for the outbound circuit and an Rx line for the inbound circuit. The circuit ID is an arbitrary number provided by the client so that it can tag each circuit that it creates. For Frame Relay circuits, this number corresponds to the ID of the associated Frame Relay data-link circuit (DLCI). Point-to-Point links create only one circuit, which is always identified by the number 1.

In addition, the following items are displayed:

Dev

This is the number that represents the encoding device that is servicing that stream. It is 1 when the encoding is being done by software activating the CPU and 2 when the encoding is being done by the compression/encryption adapter.

Cmpr

This field displays the compression or decompression algorithm active for that stream. If it is LZC, STAC-LZC compression is being used; if it is MPPC, Microsoft(R) PPC is used. An asterisk (*) is appended to the name of the algorithm if the stream is operating in stateless mode. Stateless mode is a mode in which the history of the data packet is not maintained after that packet has been processed, as opposed to continuous mode in which history is maintained from handling one packet in order to handle the next. For example, in continuous compression, the encoder maintains a cache of information gathered from previous packets in order to more effectively compress the current packets.

Encr

This field displays the encryption or decryption algorithm being used. It is DES for standard DES, 3DES for Triple DES, or RC4 if RSA's RC4 algorithm is used. An asterisk (*) is appended to the name if the stream is operating in stateless mode. This is significant for RC4 but means little for DES/3DES. Note that the name shown corresponds to the basic encryption algorithm employed, not to the encapsulation format used by the client. For example, PPP supports two encapsulation methods: DESE (RFC 1969) which encrypts with DES, and MPPE (Microsoft nonstandard), which uses RC4.

QLen

This parameter shows the number of outstanding packets sitting in the stream's queue waiting to be encoded or decoded. Note that this number only reflects packets that have actually been submitted to ES for processing. Some clients may keep their own queues and feed only a few packets at a time to the encoding system from these private queues.

Status

A quick indication of the stream's status. It is not unusual for all streams to have a waiting status and none to appear to be busy. Seeing a busy status requires catching the queue activity during a fairly narrow window of time in the processing cycle. These are the possible states:

Idle: No packets are queued on this stream
Busy: The system is currently processing packets on this stream (meaning that the item at the head of the queue is going through the encoding engine at that moment).
Waiting: Requests are pending, but nothing from that stream is currently undergoing processing.

devices

The list devices command lists the encoding devices that the system has available to it. An encoding device usually refers to a compression/encryption adapter. The software that is used when a hardware accelerator is not available is implemented as a virtual device and will also show up in this list as a Host Software device. There are two forms for this command: list devices and list device n. The first form produces a short summary listing of all the devices recognized by the system. The second form will produce a detailed listing for a specific device n, where n is the unit number. Unit 1 represents host software, which is a virtual encoding device, and unit 2 represents the compression/encryption adapter. An asterisk (*) can be used in place of the number n, in which case a listing is provided for both units.

config

The list config command displays the current configuration parameters. These are the parameters read from the non-volatile memory at the time that the router is restarted or reloaded. The information displayed is identical to that displayed by the configuration (Talk 6) list config command.

status

The list status command displays the encoding system status, which consists of some global status flags and some miscellaneous system statistics. These are the descriptions of the fields that are displayed by the list status command:

Last Error

The last error code returned to any client of the encoding system. This is meant for debugging and should be used by service personnel.

Internal Condition flags

This field shows certain internal conditions, as defined in the following list:

Ready: The system is up and operational. This is the normal condition.
Not Working: The encoding system is inoperative due to some internal error.
No Devices Available: Indicates that no device is available to do the encoding. This condition should not occur because if a hardware-based encoder is not present, encoding is accomplished by internal software.
Out of Memory: The system tried to allocate memory and failed. This condition indicates that the router is low on RAM and that the encoding system has been adversely affected.

Number of Ports

This field indicates the number of clients that have established ports for themselves in the ES. See the list ports command for a definition of a port.

Number of Circuits

See the list circuits command for a definition of circuits.

Global Request pool size

The number of request buffers allocated and free. Roughly one request buffer is used for each packet that is encoded. If the number of buffers free is smaller than the number allocated, encoding is in process.

Total # of Requests processed

This value shows the total number of buffers that have been processed by the encoding engine. This number corresponds roughly to the total number of packets that have been compressed or encrypted by all the clients of the system since the last router restart or reload.

summary

This command displays a summary of the system. It is a composite command that combines the output from the list status, list devices, and list ports commands.

Example:

list summary
 
Encoding System Status
-----------------------
 
Last Error:                             14 (Stream not active)
 
Internal Condition flags:               0x00000001   -->
                                         Ready
 
Number of Ports:                        2
 
Global Request pool size:               Alloc: 32  Free: 32
Total # of Requests processed:          7059
 
 
 
                        Encoding System Devices
 Encoding System Devices          
                                                         
Device Type                       Slot/Port  Status      
------ -------------------------  ---------  ----------  
     1 Host Software                 0/0     Ready       
     0 Null Device                   0/0     Ready       
 
 
                        Encoding System Ports
                        ---------------------
 
                                 +--Encoder State---+   +--Decoder State---+
Port  User                       QLen  Status           QLen  Status
----  ------------------------   ----  --------------   ----  --------------
   1  Net 2   (PPP/0)               0  Idle                0  Idle
   2  Net 3   (PPP/1)               0  Idle                0  Idle

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]