Configuring the CSS and Cache Engine for Reverse Proxy Caching



Similar documents
Reverse Proxy Caching

P and FTP Proxy caching Using a Cisco Cache Engine 550 an

Sample Configuration Using the ip nat outside source static

Configuring Static and Dynamic NAT Simultaneously

Sample Configuration Using the ip nat outside source list C

Configuring Cisco CallManager IP Phones to Work With IP Phone Agent

F-SECURE MESSAGING SECURITY GATEWAY

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

IOS NAT Load Balancing for Two ISP Connections

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Table of Contents. Cisco Using the Cisco IOS Firewall to Allow Java Applets From Known Sites while Denying Others

Microsoft Lync Server 2010

NEFSIS DEDICATED SERVER

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Firewall Load Balancing

Cisco Secure PIX Firewall with Two Routers Configuration Example

Configuring the Cisco Secure PIX Firewall with a Single Intern

Deployment Guide Microsoft IIS 7.0

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Securing Networks with PIX and ASA

Skills Assessment Student Training Exam

BRI to PRI Connection Using Data Over Voice

PIX/ASA 7.x with Syslog Configuration Example

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Table of Contents. Cisco Configuring IPSec Cisco Secure VPN Client to Central Router Controlling Access

LifeSize UVC Access Deployment Guide

Overview of WebMux Load Balancer and Live Communications Server 2005

Installation of the On Site Server (OSS)

SiteCelerate white paper

GLBP - Gateway Load Balancing Protocol

LifeSize Video Communications Systems Administrator Guide

ASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example

Network Agent Quick Start

Load Balancing Trend Micro InterScan Web Gateway

Transferring Your Internet Services

Smoothwall Web Filter Deployment Guide

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

HTTP. Internet Engineering. Fall Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

PIX/ASA 7.x and above : Mail (SMTP) Server Access on Inside Network Configuration Example

Load Balancing McAfee Web Gateway. Deployment Guide

Load Balancing Bloxx Web Filter. Deployment Guide

Barracuda Link Balancer Administrator s Guide

Unity Error Message: Your voic box is almost full

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

Chapter 2 Connecting the FVX538 to the Internet

IP Configuration Manual

Acano solution. Third Party Call Control Guide. March E

WiNG 5.X How To. Policy Based Routing Cache Redirection. Part No. TME Rev. A

SuperLumin Nemesis. Administration Guide. February 2011

Step-by-Step Configuration

Load Balancing Barracuda Web Filter. Deployment Guide

F-Secure Internet Gatekeeper

Installing and Configuring vcloud Connector

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Modern snoop lab lite version

How to Configure Web Authentication on a ProCurve Switch

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Barracuda Web Filter Administrator s Guide

Load Balancing Smoothwall Secure Web Gateway

How To Configure A Vyatta As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net (Dspv) On A Network With A D

Issue 2EN. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

Configuration Manual English version

Cisco Configuring Commonly Used IP ACLs

Lab Diagramming Intranet Traffic Flows

Using LifeSize systems with Microsoft Office Communications Server Server Setup

Blue Coat Security First Steps Solution for Deploying an Explicit Proxy

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Brocade Certified Layer 4-7 Professional Version: Demo. Page <<1/8>>

Deploying F5 with Microsoft Forefront Threat Management Gateway 2010

LifeSize Transit Deployment Guide June 2011

Network Configuration/Bandwidth Planning Scope

iboss Enterprise Deployment Guide iboss Web Filters

Load Balancing Sophos Web Gateway. Deployment Guide

How to Configure Captive Portal


CCT vs. CCENT Skill Set Comparison

nexvortex Setup Guide

Table of Contents. Cisco Mapping Outbound VoIP Calls to Specific Digital Voice Ports

Device Interface IP Address Subnet Mask Default Gateway

Cisco AnyConnect Secure Mobility Solution Guide

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Barracuda Networks Web Application Firewall

Troubleshooting the Firewall Services Module

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Lab Developing ACLs to Implement Firewall Rule Sets

Network Load Balancing

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5

Lab Diagramming External Traffic Flows

Apache Server Implementation Guide

Step-by-Step Configuration

Transcription:

Configuring the CSS and Cache Engine for Reverse Proxy Caching Document ID: 12586 Contents Introduction Prerequisites Requirements Components Used Conventions Caching Overview Content Caching Configure Network Diagram Configurations Verify Troubleshoot Troubleshooting Procedure Related Information Introduction An increase in demand for information on the Internet causes congestion and long delays in the retrieval of information. Much of the same information is retrieved over and over again. The save and local storage of information, or caching, can satisfy subsequent requests with more efficiency and less bandwidth. This document provides a sample configuration of the Cisco CSS Content Services Switch and Cisco Cache Engine for reverse proxy caching. Prerequisites Requirements There are no specific requirements for this document. Components Used The information in this document is based on these software and hardware versions: Cisco WebNS Software Version 6.10, Build 7 Cisco Cache Software Releases 2.3, 2.31, and 2.5, and Cisco Application and Content Networking System (ACNS) Software Version 5.1 Microsoft Internet Information Server (IIS) on Microsoft Windows 2000 Cisco CSS 11050 Content Services Switch Cisco 550 and 570 Cache Engines Note: The solution that this document describes works only with particular web servers and in particular configurations.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions For more information on document conventions, refer to the Cisco Technical Tips Conventions. Caching Overview The save and local storage of information is known as caching. With web caching, a cache server temporarily stores copies of recently requested content in locations that are topologically closer to the client. The content is then readily available for client requests. The local storage of content provides these advantages: Optimize network resources Conserve network bandwidth Reduce Internet congestion Improve network response time and overall service quality Content Caching You can make web caching cost effective and more reliable if you deploy content caching in your network. Content caching employs all the features and functions of the CSS. The CSS creates content rules to use your cache servers and acts as a cache front end device because it performs these tasks: Examines network traffic for web content requests Bypasses the cache automatically for noncacheable content Distributes content requests to maximize cache hits on services Bypasses the cache or redistributes content requests among the cache services that remain if a cache service fails When a client requests content, the CSS intercepts the request for content. The CSS applies content intelligence through the parse of the HTTP request header and distribution of content requests to the cache servers. Then, the CSS performs one of these tasks: Directs the request to the appropriate cache The CSS bases this decision on the load balancing method that you specify in the content rule, for example, the destination IP address. Bypasses the cache servers and forwards the request to the origin server The CSS bypasses the cache servers if the content is deemed noncacheable. When the CSS directs the request to the cache server, the cache server either: Returns the requested content, if the cache server has a local copy Sends a new request for the content through the CSS to the origin server that hosts the content When the cache sends a new request for content and receives a reply from the origin server, the cache returns

the response to the client. If the content is cacheable, the cache saves a copy of the content for future requests. When the requested content is found on a local cache server, the request is known as a cache hit. When the requested content is not local and the cache initiates a new request for the content, the request is known as a cache miss. Configure In this section, you are presented with the information to configure the features described in this document. Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only). Network Diagram This document uses this network setup: Configurations This document uses these configurations: CSS 11050 That Runs WebNS 6.10, Build 7 Cache Engine 1 50 That Runs Cache Software Release 2.31 Cache Engine 2 70 That Runs Cache Software Release 2.3 CSS 11050 That Runs WebNS 6.10, Build 7

Active version: ap0610007s configure *************************** GLOBAL *************************** username admin des password lecfjgyezbeaxb2g superuser username chip des password lecfjgyezbeaxb2g superuser ip route 0.0.0.0 0.0.0.0 172.16.0.193 1 persistence reset remap This is necessary for persistent connections that need to be remapped on the back end connection. ************************* INTERFACE ************************* interface ethernet 6 phy 100Mbits FD interface ethernet 7 bridge vlan 2 interface ethernet 8 bridge vlan 2 ************************** CIRCUIT ************************** circuit VLAN1 ip address 172.16.0.1 255.255.0.0 circuit VLAN2 ip address 10.1.1.1 255.255.255.0 ************************** SERVICE ************************** service ce1 ip address 172.16.0.200 type transparent cache no cache bypass service ce2 ip address 172.16.0.218 type transparent cache Disable the destination Network Address Translation (NAT). Only the destination MAC address changes. no cache bypass Permit traffic from the cache to hit a content rule. service webns1 ip address 10.1.1.3 service webns2 ip address 10.1.1.5 **************************** EQL **************************** eql Cacheable extension pdf "Acrobat" extension fdf "Acrobat Forms Document"

extension au "Sound audio/basic" extension bmp "Bitmap Image" extension z "Compressed data application/x compress" extension gif "GIF Image image/gif" extension html "Hypertext Markup Language text/html" extension htm extension js "Java script application/x javascript" extension mocha extension jpeg "JPEG image image/jpeg" extension jpg extension jpe extension jfif extension pjpeg extension pjp extension mp2 "MPEG Audio audio/x mpeg" extension mpa extension abs extension mpeg "MPEG Video video/mpeg" extension mpg extension mpe extension mpv extension vbs extension m1v extension pcx "PCX Image" extension txt "Plain text text/plain" extension text extension mov "QuickTime video/quicktime" extension tiff "TIFF Image image/tiff" extension tar "Unix Tape Archive application/x tar" extension avi "Video for Windows video/x msvideo" extension wav "Wave File audio/x wav" extension gz "application/x gzip" extension zip "ZIP file application/x zip compressed" description "This EQL contains extensions of cacheable content" *************************** OWNER *************************** owner chip content cache_request_rule add service webns1 add service webns2 vip address 172.16.0.198 protocol tcp port 80 url "/*" This content rule catches requests from the cache and load balances the requests to the web servers. content reverse_proxy_rule add service ce1 add service ce2 vip address 172.16.0.237 protocol tcp port 80 url "/*" eql Cacheable Only objects that match an extension that is in the Extension Qualifier List (EQL) Cacheable use this rule. content web_server_rule add service webns1 add service webns2

protocol tcp port 80 url "/*" vip address 172.16.0.237 When the request does not match any extension that appears in the EQL Cacheable, the request goes directly to the servers. Cache Engine 1 50 That Runs Cache Software Release 2.31 Current configuration: user add admin uid 0 password 1 "eesdy9dcy" capability admin access hostname ce1 interface ethernet 0 ip address 172.16.0.200 255.255.0.0 ip broadcast address 172.16.255.255 exit interface ethernet 1 exit ip default gateway 172.16.0.1 ip name server 171.70.32.127 ip domain name chip.com ip route 0.0.0.0 0.0.0.0 172.16.0.1 cron file /local/etc/crontab no bypass load enable http proxy incoming 80 This http proxy incoming 80 command is necessary in software releases 2.31 and 2.50. http l4 switch enable Enable l4 switch so that the cache accepts connections on any IP address, even if the address is not configured on the cache. authentication login local enable authentication configuration local enable rule use proxy 172.16.0.198 80 domain www.chip.com This command sends all requests for the domain www.chip.com to the web server virtual IP (VIP) on the CSS. Another solution is to issue the http proxy outgoing host 172.16.0.198 80 command. rule no cache url regex.*cgi bin.* rule no cache url regex.*aw cgi.* end

Cache Engine 2 70 That Runs Cache Software Release 2.3 Current configuration: no logging console user add admin uid 0 capability admin access hostname ce 2 interface ethernet 0 ip address 172.16.0.218 255.255.0.0 ip broadcast address 172.16.255.255 exit interface ethernet 1 exit ip default gateway 172.16.0.1 ip name server 171.70.32.127 ip domain name chip.com ip route 0.0.0.0 0.0.0.0 172.16.0.1 cron file /local/etc/crontab no bypass load enable http l4 switch enable authentication login local enable authentication configuration local enable rule use proxy 172.16.0.198 80 domain www.chip.com This command sends all requests for the domain www.chip.com to the web server VIP on the CSS. rule no cache url regex.*cgi bin.* rule no cache url regex.*aw cgi.* end Verify This section provides information you can use to confirm your configuration is working properly. Note: Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output. CSS show Commands show summarydisplays the relationship between owners, content rules, and services show service summarydisplays summary information for all services This information includes the service state, connections, weight, and load. show ruledisplays all content rules for a specific owner or for all owners The screen shows information about the owner and the content rules. If you are in owner mode, the show rule command displays the summary for the current owner.

Cache Engine show Commands show statistics http savingsdisplays HTTP savings statistics show statistics http requestsdisplays HTTP requests statistics show statistics rule alldisplays all rule statistics show statistics http miss reasondisplays details of the reasons that the cache did not have a copy of the requested content Troubleshoot This section provides information you can use to troubleshoot your configuration. Troubleshooting Procedure Complete these steps to troubleshoot your configuration: 1. In order to detect if traffic hits the correct content rule on the CSS, issue the show summary command. Global Bypass Counters: No Rule Bypass Count: 0 Acl Bypass Count: 0 Owner Content Rules State Services Service Hits chip web_server_rule Active webns1 5 webns2 6 reverse_proxy_rule Active ce1 7 ce2 4 cache_request_rule Active webns1 10 webns2 9 If there is no hit, check for connectivity issues. If there is no hit for the reverse_proxy_rule, check the EQL setup. If there is no hit for the cache_request_rule, check the configuration of the caches. 2. In order to check for HTTP requests, issue the show statistics http requests command on the cache. show statistics http requests Statistics Requests Total % of Requests Total Received Requests: 6 Forced Reloads: 0 0.0 Client Errors: 0 0.0 Server Errors: 0 0.0 URL Blocked (Reset): 0 0.0 URL Blocked: 0 0.0 Sent to Outgoing Proxy: 4 66.7 Failures from Outgoing Proxy: 0 0.0 Excluded from Outgoing Proxy: 0 0.0 ICP Client Hits: 0 0.0 ICP Server Hits: 0 0.0 If Range Hits: 0 0.0 HTTP 0.9 Requests: 0 0.0 HTTP 1.0 Requests: 0 0.0 HTTP 1.1 Requests: 6 100.0 HTTP Unknown Requests: 0 0.0 Non HTTP Requests: 0 0.0 Non HTTP Responses: 0 0.0

Chunked HTTP Responses: 0 0.0 Http Miss Due To DNS: 0 0.0 Http Deletes Due To DNS: 0 0.0 Objects cached for min ttl: 0 0.0 If you do not see any requests, issue the http l4 switch enable command. 3. In order to determine if the cache is caching the request correctly, issue the show statistics http savings command. show statistics http savings Statistics Savings Requests Bytes Total: 6 11293008 Hits: 2 3795880 Miss: 4 7497128 Savings: 33.3 % 33.6 % If the number of misses is high, issue the show statistics http miss reason command to determine the reason. show statistics http miss reason Statistics No hit reasons Reason: No. of Requests not_in_cache: 1 dmbuf_low: 0 none_get_method: 0 ftp_not_anonymous: 0 http_not_anonymous: 0 suspicious_url: 0 ie_5_ims: 0 has_if_match: 0 has_invalid_if_range: 0 has_if_unmodified_since: 0 has_invalid_range: 0 has_more_than_supported_range: 0 has_pragma_no_cache: 0 has_authorization: 0 has_cache_control_no_cache: 0 is_https: 0 invalid_ims: 0 cert_check_fail: 0 second_validation: 0 invalid_ims_reply: 0 ims_200_reply: 0 xfs_open_error: 0 has_unknown_length_transfer_pending: 0 object_in_cache_older_than_clients: 0 object_in_cache_expired_cannot_verified: 0 different_protocol: 0 other_error: 0 Statistics Validate reasons Reason: No. of Requests reval_all: 0 reval_text: 0 max_age: 0 min_fresh: 0 max_stale: 0 response_say_so: 0 object_expired: 0 reval_no_cache_req: 0

rule_refresh: 0 Statistics No store reasons Reason: No. of Requests dmbuf_low: 0 none_get_method: 0 ftp_not_anonymous: 0 http_not_anonymous: 0 suspicious_url: 0 has_range: 1 has_authorization: 0 has_cache_control_no_store: 0 invalid_ims: 0 cert_check_fail: 0 second_validation: 0 invalid_ims_reply: 0 url_too_long: 0 http_0_9_reply: 0 header_too_long: 0 http_unknown_verion_reply: 0 http_none_cachable_reply_status: 1 http_unknow_reply_status: 0 has_cookie: 3 object_too_big: 0 has_pragma_no_cache: 0 cache_control_no_cache: 0 cache_control_no_store: 0 cache_control_private: 0 has_multipart: 0 invalid_expire: 0 invalid_last_modified: 0 invalid_date: 0 content_length_0: 0 has_vary: 0 transfer_encoding: 0 three_to_two_way: 0 xfs_open_error: 0 has_unknown_length_transfer_pending: 0 other_error: 0 weird_server_pipe_though: 0 incorrect_content_length: 0 rule_no_store: 0 When you know the reason for a miss or a No store, you can try to correct the problem. For example, in this case, there are a number of hits against has_cookie. In order to resolve this, issue the http cache cookies command on the cache. Related Information Cisco Cache Software Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map 2014 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Jan 31, 2006 Document ID: 12586

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information