Белая книга для Cisco Cisco ACE Application Control Engine Module

Page 3 of 36

Data traffic is handled by each network processor using 15 cores, each running a set of data-plane software

processes. The remaining core is for data-plane management and runs periodic processes (timers). The data-

plane processes are grouped into the functional sets as follows:

●

Receive (RX): RX is a dedicated process function used that takes traffic from the CDE and buffers it in the

network processor for use by other network processor processes. RX also supports HTTP normalization,

conformance with RFC 2616, MIME-type validation, length and encoding checks, port misuse, tunneling

prevention, and so forth.

●

Fastpath: Fastpath handles most of the low-level data occurs such as MAC address rewrite, Network

Address Translation (NAT), and TCP normalization. Fastpath also performs NAT on the packet: depending

on the configuration, this includes MAC addresses, IP addresses, Layer 4 ports, and TCP sequence (SEQ)

and acknowledgment (ACK) numbers.

●

TCP: The TCP process sends and receives TCP data from other network processor functions when data is

processed at Layer 7 and the connection is fully proxied.

●

HTTP Layer 7 fixup: This process supports HTTP and other Layer 7 application processing (fixups) such as

header matching, rewriting, cookie processing, and persistent and pipelined connection. For application

fixups, this process replaces IP addresses embedded in the application protocol data with the appropriate

virtual IP address, server IP address, or client IP address and binds control and application channels

together to help ensure proper processing by the network processors and real servers.

●

SSL: This process performs SSL record-layer processing inline with a hardware coprocessor.

●

Connection Close Manager (CCM): The CCM removes the internal connection objects for an established

connection upon receipt of a TCP finish (FIN) sequence, TCP restore (RST) command, or connection

timeout.

●

Load balancing: This process facilitates communication and messaging from the microengine to the general

processor. It allows microengine functions to access general processor functions such as load balancing,

SSL state, FTP and Real-Time Streaming Protocol (RTSP) fixups, and high-availability heartbeats.

●

Reassembly: This process manages reassembly of fragmented packets and TCP/IP timer control during

connection handling.

●

Inbound Connection Manager (ICM): The ICM is responsible for the creation of new connections. If the

connection is to be load balanced at Layer 3 or Layer 4, the ICM will facilitate communication with the Intel

XScale core to select a real server for the connection destination. If the connection is at Layer 7, then it will

be passed on to the TCP network processor functions. Many counters on this processor are useful for

identifying the type of traffic that is flowing through the system and the number of connections that are

created, destroyed, timed out, etc.

●

Outbound Connection Manager (OCM): The OCM establishes the connection to the destination for the

client connections. The OCM is also used in TCP reuse, the creation of syslogs for established connections,

and NAT pool source-address and source-port selection.

●

Timers: This process runs on a dedicated core (core 0) on each network processor and handles all network

processor-specific timers.