Web Cache Redirection using a Layer-4 switch: Architecture, issues, tradeoffs, and trends Shirish Sathaye Vice-President of Engineering.

Slides:

Advertisements

Similar presentations

Welcome to Middleware Joseph Amrithraj

Advertisements

Access Control List (ACL)

The Ins and Outs of Layer 4+ Switching Dr. Shirish Sathaye Vice President of Engineering.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Working with Proxy Servers and Application-Level Firewalls Chapter 5.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

Module 8: Concepts of a Network Load Balancing Cluster

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

11/2/2000Weihong Wang/Content Switch Page 1 Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of.

CSE 190: Internet E-Commerce Lecture 16: Performance.

EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

1 A Comparison of Load Balancing Techniques for Scalable Web Servers Haakon Bryhni, University of Oslo Espen Klovning and Øivind Kure, Telenor Reserch.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

SERVER LOAD BALANCING Presented By : Priya Palanivelu.

1 Web Proxies Dr. Rocky K. C. Chang 6 November 2005.

Web Caching1 By Amisha Thakkar Alpa Shah. Web Caching2 Overview What is a Web Cache ? Caching Terminology Why use a cache? Disadvantages of Web Cache.

Web Caching1 By Amisha Thakkar. Web Caching2 Overview What is a Web Cache ? Caching Terminology Why use a cache? Disadvantages of Web Cache Other Features.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Lesson 1: Configuring Network Load Balancing

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Chapter 7: Working with Proxy Servers & Application-Level Firewalls

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

1F0_4553_c1 © 1999, Cisco Systems, Inc. Cisco Load Balancing Solutions.

Server Load Balancing. Introduction Why is load balancing of servers needed? If there is only one web server responding to all the incoming HTTP requests.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.

Interposed Request Routing for Scalable Network Storage Darrell Anderson, Jeff Chase, and Amin Vahdat Department of Computer Science Duke University.

Redirection and Load Balancing

Chapter 6: Packet Filtering

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Jamel Callands Austin Chaet Carson Gallimore.  Downloading  Recommended Specifications  Features  Reporting and Monitoring  Questions.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

CH2 System models.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Kiew-Hong Chua a.k.a Francis Computer Network Presentation 12/5/00.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

DYNAMIC LOAD BALANCING ON WEB-SERVER SYSTEMS by Valeria Cardellini Michele Colajanni Philip S. Yu.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 12: Planning and Implementing Server Availability and Scalability.

Security fundamentals Topic 10 Securing the network perimeter.

CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.

Overview on Web Caching COSC 513 Class Presentation Instructor: Prof. M. Anvari Student name: Wei Wei ID:

Network Processing Systems Design

Security fundamentals

NAT、DHCP、Firewall、FTP、Proxy

CONNECTING TO THE INTERNET

F5 BIGIP V 9 Training.

ETHANE: TAKING CONTROL OF THE ENTERPRISE

VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)

Introduction to Networking

Firewalls Jiang Long Spring 2002.

Specialized Cloud Architectures

Ch 17 - Binding Protocol Addresses

Presentation transcript:

Web Cache Redirection using a Layer-4 switch: Architecture, issues, tradeoffs, and trends Shirish Sathaye Vice-President of Engineering

Outline Web-Cache deployment options - descriptions and tradeoffs –Proxy caching –Transparent proxy caching –Transparent proxy with Web Cache Redirection Web-Cache-Redirectors - Why do I need yet another device in my network? –Performance –Intelligence –Cache hit-rate –Availability Summary

Proxy caching Browser pointed at cache instead of origin server No impact on non-Web traffic Incremental hardware/software costs limited to cache server and software Every browser needs to be re-configured Each client hits only one cache –Can’t take advantage of data stored in other local caches, lowering hit rate –Lower hit rates mean user delays and unnecessary WAN traffic –If cache is down, user loses web access until browser reconfigured

Transparent proxy caching Browser sends requests for web pages to origin server Impact on non-web traffic: Cache sits in data path, examines all out-bound packets, intercepts and processes web traffic No browser reconfiguration required Caches must be configured to do network address translation Each client hits only one cache –Difficult to take advantage of data stored in other local caches, lowering hit rate If cache is down, user loses all Internet access until alternate path operational

Transparent proxy caching with WCR Browser sends requests for web pages to origin server LAN switch (Cache Redirector) in data path examines all packets and redirects web traffic to cache(s) Very little impact on non-web traffic No browser re-configuration required Cache need not do NAT, the redirector can offload this function from the cache. Each client hits multiple caches –Takes advantage of data stored in all local caches, raising hit rate –Higher hit rates mean less user delay and less unnecessary WAN traffic –If any cache is down, traffic directed to other caches

Why do I need yet another device for Web-Cache-Redirection? Performance: specialized device for high-performance web-cache redirection Cache-hit rate: specialized device implements techniques to maximize hit rate High availability: support for redundant caches and redundant redirectors Intelligence: support for content-aware, content-specific, and site-specific caching. Support for various data types and protocols

Maximizing Performance Per-session: –Every session must be mapped to a cache server –Device must maintain state information in each direction –Must consider special application requirements: eg FTP caching, etc. Per-packet: –Must substitute session address (NAT) –May need to modify content (header fix-up) –Needs to recompute protocol check-sums Background: –Must perform server and service health check –Must track load on a per-cache server basis

Redirector - Performance Requirements Scalable performance across all ports Ability to look arbitrarily deep into packet and rewrite portions of packet content at wire-speed Ability to support a rich set of redirection rules Ability to have line-rate performance with richest combination of redirection rules enabled Traffic not subject to redirection experiences minimal latency or throughput impact

Redirector Implementation Hardware acceleration at each port for parsing packets at line- rate and performing sophisticated transformations Distributed processing at each port for flexibility to add new redirection rules with no performance impact –ASIC integrates two 100 MIPS RISC processors, and 10/100/1000 Ethernet MAC per port Support for traditional L2 and L3 switching at wire-speed Separate processors for background management functions... Multi-Gigabit switch backplane Management Module 4MB SRAM 2MB Flash Switch Modules 1MB RISC HW assist RISC 1MB RISC HW assist RISC 1MB RISC HW assist RISC ports

Intelligence Network address translation: –Offloads NAT from web-cache Authentication: –Web-sites may use client source-IP address based authentication –Redirector can be dynamically programmed to not redirect connections for non-cacheable sites Content-driven caching: –Some information is non-cacheable (eg: POSTs etc) –Redirector can be programmed to not send this info to cache –Redirector can be programmed to not redirect some content types Support for caching different application protocols –FTP, NNTP, Streaming Audio, Video

Maximizing Cache Hit-rate Variety of content distribution algorithms for a cache array Balances load across caches using load-balancing techniques Controls degree and placement of replicated information depending on which cache selection algorithm is used. Allows tradeoff between hit-rate, performance, replication and fault-tolerance. Examples of cache selection algorithms: –Hashing on origin server IP address –Transforming the origin-server IP address and some portion of client address using a deterministic function –Using a least-loaded-first scheme –Using a round-robin scheme

High availability Redirector monitors cache health Supports dynamic cache addition and removal from array Automatically redistributes content between remaining caches Supports redundant switching topologies with no single point of failure

Summary Transparent proxy with web-cache redirection is often the preferred way to deploy a web-cache system A specialized Layer-4 switch (Redirector) offers significant advantages compared to redirecting using traditional networking devices: –Performance –Intelligence –Cache-hit rate –Availability