Белая книга для Cisco Cisco ACE Application Control Engine Module
© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 36
Data traffic is handled by each network processor using 15 cores, each running a set of data-plane software
processes. The remaining core is for data-plane management and runs periodic processes (timers). The data-
plane processes are grouped into the functional sets as follows:
●
Receive (RX): RX is a dedicated process function used that takes traffic from the CDE and buffers it in the
network processor for use by other network processor processes. RX also supports HTTP normalization,
conformance with RFC 2616, MIME-type validation, length and encoding checks, port misuse, tunneling
prevention, and so forth.
●
Fastpath: Fastpath handles most of the low-level data occurs such as MAC address rewrite, Network
Address Translation (NAT), and TCP normalization. Fastpath also performs NAT on the packet: depending
on the configuration, this includes MAC addresses, IP addresses, Layer 4 ports, and TCP sequence (SEQ)
and acknowledgment (ACK) numbers.
●
TCP: The TCP process sends and receives TCP data from other network processor functions when data is
processed at Layer 7 and the connection is fully proxied.
●
HTTP Layer 7 fixup: This process supports HTTP and other Layer 7 application processing (fixups) such as
header matching, rewriting, cookie processing, and persistent and pipelined connection. For application
fixups, this process replaces IP addresses embedded in the application protocol data with the appropriate
virtual IP address, server IP address, or client IP address and binds control and application channels
together to help ensure proper processing by the network processors and real servers.
●
SSL: This process performs SSL record-layer processing inline with a hardware coprocessor.
●
Connection Close Manager (CCM): The CCM removes the internal connection objects for an established
connection upon receipt of a TCP finish (FIN) sequence, TCP restore (RST) command, or connection
timeout.
●
Load balancing: This process facilitates communication and messaging from the microengine to the general
processor. It allows microengine functions to access general processor functions such as load balancing,
SSL state, FTP and Real-Time Streaming Protocol (RTSP) fixups, and high-availability heartbeats.
●
Reassembly: This process manages reassembly of fragmented packets and TCP/IP timer control during
connection handling.
●
Inbound Connection Manager (ICM): The ICM is responsible for the creation of new connections. If the
connection is to be load balanced at Layer 3 or Layer 4, the ICM will facilitate communication with the Intel
XScale core to select a real server for the connection destination. If the connection is at Layer 7, then it will
be passed on to the TCP network processor functions. Many counters on this processor are useful for
identifying the type of traffic that is flowing through the system and the number of connections that are
created, destroyed, timed out, etc.
●
Outbound Connection Manager (OCM): The OCM establishes the connection to the destination for the
client connections. The OCM is also used in TCP reuse, the creation of syslogs for established connections,
and NAT pool source-address and source-port selection.
●
Timers: This process runs on a dedicated core (core 0) on each network processor and handles all network
processor-specific timers.