Intel® NetStructure™ 1520 Cache Appliance Administrator’s Guide
Copyright © 2000, Intel Corporation. All rights reserved. Intel Corporation 5200 N. E. Elam Young Parkway Hillsboro, Oregon 97124-6497 No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual, or otherwise, without the prior written permission of Intel Corporation.
Contents Preface ix Who should read this manual ................................................................... x Conventions used in this manual.............................................................. x Chapter 1 Introduction 1 What is an Intel® NetStructure™ Cache Appliance? ............................... 2 Why use this caching appliance?....................................................... 2 Flexible cache architecture ................................................................
Using the ARM page .............................................................................. 21 Using the Other page ............................................................................. 22 Using the MRTG page ........................................................................... 22 Chapter 4 Configuring the Appliance 23 Accessing configure pages .................................................................... 24 Using the Server Basics page............................................
Chapter 5 Using the Command-Line Interface 49 Starting the command-line interface....................................................... 50 Starting the appliance the first time.................................................. 50 Using the appliance after initial start-up ........................................... 50 Navigating the command-line interface .................................................. 51 Using the setup menu.............................................................................
Using the monitor menu ......................................................................... 99 Viewing Node statistics.................................................................... 99 Viewing Protocol statistics ............................................................. 100 Viewing Cache statistics ................................................................ 104 Viewing Other statistics ................................................................. 105 Using the expert menu ............
Understanding cache hierarchies ......................................................... 135 HTTP cache hierarchies................................................................. 135 ICP cache hierarchies .................................................................... 136 NNTP cache hierarchies ................................................................ 137 News article caching............................................................................. 138 The appliance as a news server ......
Reaching the Cache page...................................................................... 21 Reaching the ARM page ........................................................................ 22 Reaching the Other page ....................................................................... 22 Reaching the MRTG page ..................................................................... 22 Reaching the configure pages ...............................................................
Preparing a cache disk ........................................................................... 61 Setting general controls.......................................................................... 62 Configuring HHTP options...................................................................... 63 Configuring NNTP options...................................................................... 64 Adding NNTP server rules ......................................................................
Deleting ARM bypass rules.................................................................... 95 Viewing ARM bypass rules .................................................................... 95 Configuring load-shedding options......................................................... 96 Configuring host database options......................................................... 96 Viewing host database options .............................................................. 98 Enabling logging options .........
Preface This manual describes how to use and configure an Intel® NetStructure™ Cache Appliance system (referred to as “appliance” in this manual) either as a single node or as a cluster of nodes. The manual covers the following topics: ◆ Chapter 1 contains an overview of the appliance and an overview of this guide. ◆ Chapter 2 through Chapter 1 contain procedural information about starting, monitoring, and configuring the appliance.
Who should read this manual This manual is intended for system administrators who configure, run, and administer Intel NetStructure Cache Appliance systems. Consequently, the information in the manual was written with the assumption that the reader has experience in Web server administration and configuring TCP/IP networking. Conventions used in this manual This manual uses the following conventions.
Chapter 1 Introduction The Intel® NetStructure™ Cache Appliance is a carrier-class caching appliance that offers high performance, high availability, and simple centralized management. The appliance automatically and efficiently copies network documents and images, bringing them closer and serving them faster to your users.
What is an Intel® NetStructure™ Cache Appliance? Internet users request billions of documents each day all over the world. Unfortunately, global data networking has become difficult for professionals as they struggle with overloaded servers trying to keep pace with society’s growing data demands. The Intel NetStructure Cache Appliance family provides you with a turnkey, scalable solution you can place in your network to deliver industry-leading caching capabilities.
Server accelerator The appliance can be configured as a web server to accelerate slower traditional web servers. Documents stored in cache are served at high speed, while documents not in cache are requested on demand from slower, traditional web servers. This server accelerator feature is also called reverse proxy.
Multithreading process support The appliance is the first commercial caching proxy server to aggressively implement multithreading, breaking down large transactions into small, efficient tasks. The appliance processes multiple outstanding requests simultaneously and efficiently, even under peak loads. High-speed caching The cache consists of a high speed object database stored on raw disk. Objects are stored and indexed according to their URL and associated headers.
SNMP Network Management The appliance can be monitored and managed through SNMP network management facilities. The appliance supports two management information bases (MIBs). The first, MIB-2 is a well known standard MIB. The second, the proprietary Intel NetStructure Cache Appliance MIB provides more specific node and cluster information. Performance reporting You can get performance statistics at a glance from the Manager UI or from the command-line interface.
Chapter 2 Getting Started This chapter contains the following sections: ◆ Starting the system for the first time‚ on page 8 ◆ Accessing the Manager UI‚ on page 12 ◆ Accessing the command-line interface‚ on page 15 ◆ Verifying that caching works‚ on page 15 ◆ Changing passwords‚ on page 15 7
Starting the system for the first time Before you can start the Intel NetStructure Cache Appliance, make sure it is physically connected properly. Connections include: ✔ Connecting to the network through the primary network interface. ✔ Connecting a Terminal Emulator or Concentrator to the appliance’s COM1 port using the serial cable that came packaged with the appliance. ✔ Attaching the supplied power cord to the appliance and plugging the cord into an approved receptacle.
4 After your system completes the boot procedure, a console login prompt appears with fields for both a login and password. At the prompt, supply admin for both the login and password, and press Enter. 5 After you login, the VT100 terminal emulator screen displays this initial set of menu selections. —setup install commit 6 Initial Intel Cache Setup Install Intel Cache Commit Setup Changes Use the arrow keys to select setup and press the Enter key.
11 Use the arrow keys to highlight timezone and press the Enter key. Pressing the Enter key causes a scrollable list of available timzones to appear. Here is a partial list: –United United United United States States States States Eastern Central Mountain Pacific 12 Use the arrow keys to scroll through the available zones and highlight the appropriate zone for your area. After highlighting the applicable zone, press the Enter key.
installation, the bottom of the screen keeps you apprised of the installation’s progress. 17 After the installation is complete, use the arrow keys to position the cursor on commit as follows: setup install –commit Initial Intel Cache Setup Install Intel Cache Commit Setup Changes 18 Pressing the Enter key starts the final phase of the initialization process as well as the cache application.
Accessing the Manager UI The Manager UI is a browser-based interface, consisting of a series of web pages. Use the Manager UI to monitor performance and configure and fine-tune selected nodes in your cluster. You can access any node in the cluster through the same Manager UI. ▼ Accessing the Manager UI 1 Open your web browser. The Manager UI requires Java and JavaScript; be sure to enable Java and JavaScript.
Figure 1 The Dashboard page Using Monitor and Configure mode The Manager UI has two modes, Monitor and Configure: ✔ In Monitor mode, view performance statistics and graphs. To access Monitor mode, click the top of the MONITOR tab. ✔ In Configure mode, view and modify the appliance’s configuration options. To access Configure mode, click the top of the CONFIGURE tab.
Figure 2 shows the control frame buttons for both the Monitor and Configure modes. Monitor mode frame Figure 2 Configure mode frame The Monitor and Configure Control Frames When you are in Monitor mode, you can access all the pages that report information about the appliance’s performance. With the exception of the information on the Dashboard page, information on the Monitor pages pertain to the selected node.
Using online help Both the MONITOR and CONFIGURE tabs have a Help page button. When you click the Help page button, the online help opens in another browser window. Each of the Manager UI pages has online help available. Accessing the command-line interface You can access the command-line interface using one of two methods: ✔ Provide a serial connection to the Intel NetStructure Cache Appliance machine. Refer to the Intel NetStructure Cache Appliance Quick Start Guide for detailed information.
Administrator’s ID and password for both telnet and Manager UI access as soon as possible after installing each node. To change the password for the Manager UI, see Using the Security page‚ on page 39. To change the password for the telnet or serial connection, see Changing the administrator password for telnet or serial access‚ on page 60.
Chapter 3 Monitoring Appliance Performance This chapter describes how to use the Manager UI to collect and interpret performance statistics on the Intel NetStructure Cache Appliance.
Accessing monitor pages The Manager UI uses monitor pages to present performance information on the selected appliance and the cluster as a whole. A monitor page is a browser page displayed as a result of “clicking” on a page button in the Manager UI. By default, the Manager UI starts in monitor mode (as opposed to configure mode), which displays Monitor page buttons. ▼ Reaching Monitor pages 1 Open your browser to the Manager UI. 2 Enter the Administrator ID and password.
Use the Dashboard page to: ✔ Select a node ✔ See which nodes are on and which are off ✔ See if an alarm condition exists on any node If an alarm condition exists, you can click the alarm light to view a description of the alarm and resolve it. ✔ See the number (cumulative to date) of objects served to users from each node ✔ See the traffic load (as current transactions per second) The meter dial shows you how hard a node is working. When the needle is to the left on the dial, the work load is light.
✔ Cache hit rate, refresh ✔ Errors ✔ Aborts ✔ Active clients/servers ✔ Average fresh hit Note Online help provides descriptions for each of these statistics. Changing the selected node As mentioned earlier, information on pages accessed in monitor mode exists for the selected node and for the cluster as a whole. You start the process to change the selected node from the Dashboard page by clicking on a node name. ▼ Changing the selected node 1 Click on the node name.
Using the Graphs page The Graphs page provides a list of options for generating performance graphs for cache results, garbage collection, transfer rates, and object size for the currently selected node. ▼ Reaching the Graphs page 1 Be sure you are in monitor mode. If not, click the MONITOR tab. 2 Click the Graphs page button. Once you reach the Graphs page, click a link to generate a graph for viewing.
▼ Reaching the ARM page Note 1 Be sure you are in monitor mode. If not, click the MONITOR tab. 2 Click the Arm page button. Online help provides descriptions of each of the statistics in the ARM page. Using the Other page The Other page reports statistics for the various appliance functions, including host database and DNS lookups for the selected node. ▼ Reaching the Other page Host database and DNS statistics Note 1 Be sure you are in monitor mode. If not, click the MONITOR tab.
Chapter 4 Configuring the Appliance This chapter describes the configuration options that control the Intel NetStructure Cache Appliance behavior and performance, and instructs you on how to set these values in the Manager UI.
Accessing configure pages The Manager UI uses configure pages to display and allow configuration changes to the selected appliance. A configure page is a browser page displayed as a result of “clicking” on a configure page button in the Manager UI. Note Some performance displays rely on Java. To use the configure pages or any other pages in the UI, make sure your browser is set to enable Java and JavaScript. ▼ Reaching the configure pages 1 Open your browser to the Manager UI.
Setting general options The following table describes the general configuration settings in the Intel NetStructure Cache section. Option Description on/off Enables or disables caching. When you disable caching, you shut down all cache and proxy services on a node-by-node basis. That is, you can turn caching on or off only one node at a time. You must disable cache services before performing certain maintenance tasks. Intel NetStructure Cache Cluster name Displays the hostname for the appliance.
Setting Web management options The Web Management section lets you restart the cluster and specify refresh rates as observed in monitor mode. The following table describes these configuration settings. Option Description Restart Restarts the entire cluster. You must restart the cluster to effect changes you have made to port numbers and virtual IP addresses on the selected node. Restarting the cluster takes about 15 seconds, during which time cache and proxy services are disabled.
The following table describes the Virtual IP Addressing configuration settings. Option Description Virtual IP on/off Enables or disables virtual IP addressing. If virtual IP addressing is disabled, appliance nodes cannot cover each other’s failures. Edit virtual IP addresses Allows you to edit your list of virtual IP addresses. Changes will not be effective until you click the Restart button on the same page. Incorrect IP addressing can effectively disable your system.
Setting browser auto configuration options The Autoconfiguration of Browsers section lets you specify an auto configuration file for the selected node. Web browsers use the appliance by specifying a preference to use a proxy server, usually through an auto configuration file. Note Users must set their browsers to connect to the appliance’s auto configuration file. For information on setting your browser to use a proxy, such as the appliance, see your browser documentation.
✔ If it takes the appliance more than 750 milliseconds, it begins to shed 50% of its load. ✔ If the fresh-hit transaction time exceeds 1000 milliseconds, the appliance begins to shed 100% of its load. Load shedding is temporary; when hit-transaction times return to acceptable levels, the appliance reverts to handling all incoming requests. The following table describes the options. Option Description HTTP hit transaction time - low watermark The lower limit for HTTP transaction time in milliseconds.
Using the Protocols page The Protocols page lets you view and change the selected appliance’s protocol configuration. You can tune HTTP, NNTP, and FTP timeout intervals; and configure the appliance to remove HTTP headers from documents to protect site and user privacy. ▼ Reaching the Protocols page 1 Be sure you are in configure mode. If not, click the CONFIGURE tab. 2 Click the Protocols page button. The Protocols page is divided into four sections for configuring HTTP, NNTP, HTTPS, and FTP.
Option Definition (Continued) Activity timeout Inbound Specifies the maximum time the appliance should remain connected to a user. If the user does not finish making a request (reading and writing data) before this timeout expires, the appliance closes the connection. The user can close the connection at any time. Activity Timeout Outbound Specifies the maximum time the appliance should wait for fulfillment of a connection request to a Web server.
The following table describes the options. Option Definition NNTP Server on/off Enables or disables the appliance to cache and serve news articles. After turning NNTP on or off for the selected node, you must restart the cluster to effect the change. Click the Restart button on the Server Basics page. NNTP Server Port Specifies the port that the appliance uses for serving NNTP requests. The default port is 119.
Option Definition (Continued) NNTP options (continued) ❚ Background Posting: Causes the appliance to post NNTP articles to parent NNTP servers in the background. ❚ Obey Cancel Control Messages: Sets the appliance to obey cancel control messages. When the appliance gets a cancel control message, it deletes the corresponding article from the cache. You do not need to enable this option if the appliance is caching articles on demand (i.e. no feed groups exist).
Option Definition (Continued) Authentication Server Port The port on which the locally run authentication server accepts connections. If the authentication server is remote, the appliance connects to it on this port. Local Authentication Server Timeout The number of milliseconds after which the authentication server aborts an incomplete authorization operation. The client can retry the operation. Refer to Configuring NNTP access‚ on page 69 for information about configuring authentication servers.
Using the Cache page The Cache page allows you to configure the following: ✔ Cache activation ✔ Object freshness ✔ Variable object content ▼ Reaching the Cache page 1 Be sure you are in configure mode. If not, click the CONFIGURE tab. 2 Click the Cache page button. The following sections describe the sections in the Cache page. Cache activation The following table describes the cache activation configuration options.
Storage The following table describes the storage options. Option Description Maximum HTTP/FTP object size in bytes Specifies the maximum size of HTTP or FTP objects the appliance can cache. Maximum number of alternate versions (HTTP) Specifies the maximum number of HTTP alternates that the appliance can cache. Use a 0 (zero) to indicate no limit. Use a 0 (zero) to indicate no limit.
Option Description (Continued) FTP cached objects expire Specifies how long the appliance will keep FTP objects in the cache. You can specify from 15 minutes to two weeks.
Variable content The following table describes the variable configuration options. Option Description Do not cache Instructs the appliance to refuse to cache objects served in response to URL addresses that contain: ❚ ❚ ❚ ❚ ? ; cgi end in .asp Enable Alternates Instructs the appliance to cache alternate versions of HTTP documents. Vary on these HTTP header fields: Enables the appliance to serve alternate documents.
Using the Security page The Security page lets you configure access to the Manager UI. You can set administrator and guest IDs and passwords (guests have read-only access) for the selected node. ▼ Reaching the Security page 1 Be sure you are in configure mode. If not, click the CONFIGURE tab. 2 Click the Security page button. The following table describes the Manager access options. Option Description Authentication (basic) on/off Enables or disables authentication.
▼ Reaching the Routing page 1 Be sure you are in configure mode. If not, click the CONFIGURE tab. 2 Click the Routing page button. Setting HTTP parent caching options The appliance can participate as a member of an HTTP cache hierarchy. You can point your appliance at a parent network cache—either another Intel NetStructure Cache Appliance or a different caching product—to form a cache hierarchy, wherein a child cache relies upon a parent cache in fulfilling user requests.
Setting ICP options In the ICP section you can establish ICP peers. The following table describes the ICP options. Option Description ICP Mode Enables or disables ICP mode: ❚ Only Receive Queries ❚ Send/Receive Queries ❚ Disabled ICP Port Specifies the port to use for ICP messages. The default port is 3130. ICP Multicast enabled on/off Enables or disables multicast. If your appliance has a multicast channel connection to its ICP peers, it can send ICP messages through multicast.
▼ Adding an ICP Peer 1 Click the ICP Peers link. 2 Click the Add Entry button. 3 Enter the information for the ICP peer host. If you want to clear the entire form of information, you can press the Reset button. Field Description Hostname The hostname for the ICP host. You do not have to enter a hostname if you know the host IP address. If you enter a hostname but leave the IP address as 0.0.0.0, the ICP configuration obtains the host IP address via a DNS lookup on the entered hostname.
Setting server accelerator options The Server Accelerator section allows you to configure the appliance as a Server Accelerator (also known as a reverse or server-side proxy). You can enable or disable this function as well as control how the appliance routes document requests to the slower traditional Web servers. For more information about setting up the appliance as a Server Accelerator, see Setting general controls‚ on page 62. The following table describes Server Accelerator options.
2 Click the Add Entry button. 3 From the Type field, select the type of rule you want to set (map or reverse_map). 4 In the Target field, enter the origin or from URL for the rule. You can enter up to four components; for example, ://:/ 5 In the Replacement field, enter the destination or to URL for the rule. You can enter up to four components; for example, :// :/ 6 Click the Add button to add the rule.
Configuring the host database The appliance host database stores the domain name server (DNS) entries of servers that the appliance contacts to fulfill user requests. You configure the appliance host database by setting options in the Host Database Management section. The following table describes the options. Option Description Lookup timeout Specifies the DNS lookup timeout in seconds.
Option Description (Continued) Background timeout Specifies how long DNS entries can remain in the database before they are flagged as entries to refresh in the background. These entries are still fresh, so they can be refreshed after they are served, rather than before. You can choose from the following: ❚ ❚ ❚ ❚ ❚ 3 hours 6 hours 12 hours 24 hours 48 hours For example, the foreground refresh timeout interval is 24 hours and the background timeout is 12 hours.
Configuring DNS The DNS Configuration section lets you configure DNS services. The following table describes the options. Option Description Resolve attempt timeout Specifies how long the appliance must wait for the DNS server to respond with an IP address, even if the client request has been cancelled.
▼ Reaching the Snapshots page 1 Be sure you are in configure mode. If not, click the CONFIGURE tab. 2 Click the Snapshots page button. The following table describes the options. Note 48 Option Description Name New Snapshot Specifies a name for the snapshot. Do not include the forward slash “/” character in the name. Take Snapshot Takes a snapshot. Taking a snapshop saves a copy of all appliance configuration files. The snapshot is saved under the name specified in the Name New Snapshot field.
Chapter 5 Using the Command-Line Interface This chapter describes the command-line utility that you can use to configure the system’s network addresses and to control, configure, and monitor the Intel NetStructure Cache Appliance.
Starting the command-line interface The command-line interface displays automatically on screen when you provide a serial interface connection to the appliance. For information on how to make a serial connection to the appliance, see the Intel NetStructure Cache Appliance Quick Start Guide. Note Make sure your terminal is set to emulate a VT100 terminal when you are communicating with the appliance through a serial interface.
These menu selections let you do the following: ✔ setup—Change the system’s network address configuration and time settings. See Using the setup menu‚ on page 52 for more information. ✔ main—Start or stop the cache and proxy services, check version information, clear statistics, and install and delete software. See Using the main menu‚ on page 54 for more information. ✔ config—Configure the appliance, including server, protocols, security, and routing.
As you navigate through windows, you see the path of the window displayed in the top menu border, starting with the root menu. The following steps provide an example of how to view cache performance statistics from the monitor menu. 1 From the initial menu, use the down arrow key on your keyboard to navigate to the monitor menu item. Doing so highlights that item to show that you have selected it. 2 Press Enter. After pressing Enter, the monitor menu appears and the menu border displays root->monitor.
4 In the New Hostname field, enter the hostname that you want to assign to the appliance, and press Enter. 5 In the New Netmask field, enter the netmask address that you want to assign to the appliance system, and press Enter. 6 Press CTRL-X to save your changes and return to the previous menu. Changing the controller speed and transmission mode You can change the speed and transmission mode of the primary network interface controller any time after the initial setup.
Configuring time zone settings You can configure the appliance for the appropriate time zone. ▼ Configuring the time zone setting 1 Select the setup menu, and press Enter. 2 Select timezone, and press Enter. Doing so displays a list of available time zone settings. 3 Use the up and down arrow keys to scroll through the list and select the appropriate time zone. 4 Once you have selected the item, press Enter. 5 Press any key to continue. 6 Press CTRL-X to return to the previous screen.
✔ Start the appliance cache and proxy services. ✔ Stop the appliance cache and proxy services. ✔ View and maintain the version of software installed on the appliance. ✔ Clear persistent statistics. ✔ Reboot the system. ✔ Halt the system. ✔ Change Administrator password for telnet and serial access. ✔ Reset the appliance to the factory settings. ✔ Prepare cache disk. Checking the status of the Server and Manager You can check the status of the appliance’s Server and Manager applications using the main menu.
Viewing and maintaining versions of the software You can have up to two versions of the appliance software installed on the system at the same time. From these versions, you can choose which one is current and executes in the appliance. Installing a new version of the software automatically makes it the current version. You can use the versions menu, which is a submenu of the main menu, to do the following: ✔ Identify the installed versions. ✔ Install new versions. ✔ Switch versions. ✔ Delete a version.
4 Regardless of the type of upgrade, that is, application, patch, or OS/ application, each upgrade requires two files, which you must copy into the correct directory on the FTP server: upgrade_info .tar.gz ▼ Starting the upgrade from the appliance side 1 Start the command line interface.
Patch upgrade After you press Ctrl-X to proceed, the CLI displays this message: Installing The Patch. Please Wait... The server transfers the application upgrade tar.gz (typically less than 10 MB). When the transfer is complete, the CLI displays this message: Ftp Fetching Successful The appliance starts to install the upgrade. The CLI displays this message: Patch Installation In Progress. Please Wait...
Deleting a version of the appliance software You can delete a version of the appliance software when you need to add a newer version but you already have two versions installed. Note You cannot delete the currently running version of the appliance software. To delete that software, you must first switch to the second version and then delete the other version. Also, if you have only one software version installed, you cannot delete it.
5 Press CTRL-X to clear the statistics and return to the previous screen. Choosing to clear the statistics causes a confirmation message to appear. 6 Select start, and press Enter. Doing so resumes the caching functions in the appliance. Rebooting the System You can reboot the system. Rebooting the system is different than starting or stopping the caching software. A system reboot performs an orderly shutdown of the appliance and restarts the operating system.
Note 2 Select passwd, and press Enter. Doing so causes a prompt to appear requesting you to type and confirm the new administrator password. 3 Enter and confirm the new password. 4 Press CTRL-X to save your changes and return to the previous screen. Changing the password value using CLI changes only the password for telnet or serial access. It does not change the password for Manager UI access. Resetting to factory settings You can reset settings in the appliance to their factory defaults.
✔ Configure routing options. ✔ Configure the Adaptive Redirection Module (ARM) for transparent proxy caching. ✔ Configure the host database options. ✔ Configure logging options. Setting general controls You can stop, start, or restart caching on the local appliance or cluster. You can also bounce the local appliance or the cluster. When you bounce the local appliance, caching is stopped and then quickly restarted on the local appliance.
address you want to use in this field and press CTRL-X to save your changes and return to the previous screen. ✔ To see whether the appliance is in reverse or forward proxy mode, select view-mode, and press Enter. A message displays at the bottom of the screen that indicates reverse or forward proxy enabled. ✔ To set the appliance for reverse proxy, select rev-proxy, and press Enter. ✔ To set the appliance for forward proxy, select forw-proxy, and press Enter.
User-Agent: Cookie: identifies the agent making the request, usually a browser identifies the user that made the request ✔ To add HTTP headers, select add, and press Enter.
✔ To Disable the appliance from caching and serving news articles select disable, and press Enter. ✔ To allow NNTP server feeds, select the first feeds in the menu and press Enter. ✔ To inhibit NNTP server feeds select the second feeds in the menu and press Enter. ✔ To allow NNTP access control, select the first access in the menu and press Enter. ✔ To inhibit NNTP access control select the second access in the menu and press Enter. ✔ To configure NNTP servers, select servers, and press Enter.
The following table describes the tags you can use in a rule: Tag Description hostname Choose one of the following: ❚ ❚ ❚ ❚ ❚ group-wildmat host name host name:port IP address IP address:port .block—Use .block to block access to specific news groups. This tag must be a comma-separated list of group names and list files in wildmat format (use * as a wildcard). The list file options are: subscriptions, distributions, and distrib.pats. Do not use spaces in the list.
Tag (Continued) Description (Continued) priority (continued) ❚ feed The appliance will receive news feeds for the specified groups as the parent NNTP server receives news feeds. The appliance will not cache articles on demand, since it will have them. ❚ push The appliance can both receive news feeds and cache articles on demand. ❚ pull The appliance actively pulls (caches) all articles from these news groups at a frequency you specify in the appliance Manager UI.
Examples The following rule tells the appliance to block all requests from rec.* groups with the exception of rec.soccer: .block !rec.soccer,rec.* The following rule is an example of setting the port associated with the hostname: news.webhost.com:999 * The following rule is an example of associating an interface and priority with an IP address: news.webhost.com * 0 10.3.3.2 The following rules are examples of establishing priorities for the hostnames: news.webhost.com * 0 news.backup.
▼ Viewing NNTP server rules 1 Select the config menu, and press Enter. 2 Select protocols, and press Enter. 3 Select nntp, and press Enter. 4 Select servers, and press Enter. 5 Select view, and press Enter. Doing so displays the file containing the NNTP server rules. Configuring NNTP access The appliance uses NNTP access rules to let you control user access to news articles that are cached. Each rule describes the access privileges for a particular group of clients.
The following table lists the access directive options: If access is... authenticator is... user is... pass is... ip_allow not required not required not required ip_deny not required not required not required basic not required required optional generic optional not required not required custom required optional; but the only allowed entry is the string “required”. (See the following example.) optional; but the only allowed entry is the string “required”. (See the following example.
Configuring Secure Socket Layer (SSL) port You can view and specify the ports to which SSL is restricted. ▼ Viewing SSL ports ▼ 1 Select the config menu, and press Enter. 2 Select protocols, and press Enter. 3 Select ssl, and press Enter. 4 Select view, and press Enter. Doing so displays the ports to which SSL is restricted. Restricting SSL to specific ports 1 Select the config menu, and press Enter. 2 Select protocols, and press Enter. 3 Select ssl, and press Enter.
✔ To set the inactivity timeout (the length of time the appliance waits for a response from the FTP server before abandoning the user’s request for data), select inactivity, and press Enter. Doing so causes a field to appear with the current setting displayed. Supply the new value and press Enter. Press CTRL-X to save your changes and return to the previous screen. ✔ To set the anonymous password for FTP servers that require a password for access, select password, and press Enter.
The secondary specifiers are optional.
The following rule tells the appliance to keep the client IP address header for URL addresses that contain the regular expression politics and whose path prefix is /viewpoint. url_regex=politics prefix=/viewpoint keep_hdr=client_ip The following rule tells the appliance to strip all cookies to the requested host www.intel.com. dest_host=www.intel.com strip_hdr=cookie The following rule tells the appliance not to allow puts to the requested host www.intel.com. dest_host=www.intel.
3 Select remap, and press Enter. 4 Select add rules, and press Enter. 5 Enter a remap rule, and press Enter. 6 Press CTRL-X to save your changes and return to the previous screen. Each rule must consist of three fields: type target replacement. The following table describes the proper format for each field. Field Description type Enter either one of the following: ❚ map—maps an incoming request URL to the appropriate origin server URL. ❚ reverse_map—use for location header modifying rules.
Configuring the cache You can configure cache storage options to do the following: ✔ Enable caching of objects for different protocols. ✔ Set disk storage options. ✔ Set freshness properties. ✔ Set caching rules. Enabling caching for different protocols You can configure the appliance to cache objects retrieved via the HTTP, NNTP, and FTP protocols. You can also choose to ignore or obey user requests to bypass the cache.
Setting disk storage options You can configure the cache to store only objects below a certain size and to store a limited number of alternates. ▼ Setting disk storage options 1 Select the config menu, and press Enter. 2 Select cache, and press Enter. 3 Select storage, and press Enter. Doing so causes the Configure Cache Storage box to appear. This box shows the current settings for maximum object size and maximum number of alternates allowed in the cache.
The following table shows the options: Option Description Options to Verify freshness Choosing this option lets you configure how the appliance asks the original content server to verify the freshness of objects (revalidate them) before serving them. Select from one of the following options and press Enter. After pressing Enter press CTRL-X to save your changes and return to the previous screen.
Option (Continued) Description (Continued) Set FTP objects expiry FTP objects carry no time stamp or date information. The appliance considers them fresh for the amount of time specified here. This "freshness" time is counted from the time the object arrives in the cache. Enter the time in seconds and press Enter. After pressing Enter, press CTRL-X to save your changes and return to the previous screen.
3 Select rules, and press Enter. 4 Select add rules, and press Enter. 5 Enter a caching rule, and press Enter. 6 Press CTRL-X to save your rule and return to the previous screen.
The following table lists the possible action tags and their allowed values: Action Value action ❚ never-cache ❚ ignore-no-cache pin-in-cache Enter the amount of time you want to keep the object(s) in the cache. Use the following time formats: ❚ ❚ ❚ ❚ revalidate h for hours, e.g. 10h m for minutes, e.g. 5m s for seconds, e.g. 20s mixed units, e.g. 1h15m20s Enter the amount of time you want to consider the object(s) fresh. Use the same time formats that are shown in pin-in-cache.
▼ Viewing cache rules 1 Select the config menu, and press Enter. 2 Select cache, and press Enter. 3 Select rules, and press Enter. 4 Select view rules, and press Enter. Doing so displays the file containing the cache rules. Configuring security options You can control client access to the appliance and access to the Manager UI. Controlling client access to the appliance The appliance uses IP Allow rules to specify ranges of IP addresses that are allowed to use the appliance as a web proxy.
3 Select server, and press Enter. 4 Select delete rules, and press Enter. Doing so displays a list of current rules. If no rules exist, a message displays at the bottom of the screen indicating such. 5 Use the arrow keys to position the cursor over the rule you want to delete, and press Enter. 6 Press CTRL-X to save your changes and return to the previous screen. ▼ Viewing IP Allow rules 1 Select the config menu, and press Enter. 2 Select security, and press Enter.
▼ Deleting Manager Allow rules 1 Select the config menu, and press Enter. 2 Select security, and press Enter. 3 Select mgmt, and press Enter. 4 Select delete rules, and press Enter. Doing so displays a list of the current rules. If no rules exist, a message displays at the bottom of the screen indicating such. 5 Use the arrow keys to position the cursor over the rule you want to delete, and press Enter. 6 Press CTRL-X to save your changes and return to the previous screen.
▼ Adding ICP rules 1 Select the config menu, and press Enter. 2 Select routing, and press Enter. 3 Select icp, and press Enter. 4 Select rules, and press Enter. 5 Select add rules, and press Enter. 6 Add an ICP rule, and press Enter. 7 Press CTRL-X to save your rule and return to the previous screen.
Field (Continued) Description (Continued) MC_IP The multicast IP address. If MC_on is disabled, appliance ignores this field. MC_TTL The multicast time to live. Use the following options: ❚ 1 if IP multicast datagrams will not be forwarded beyond a single subnetwork ❚ 2 to allow delivery of IP multicast datagrams to more than one subnet (if there are one or more multicast routers attached to the first hop subnet) If MC_on is disabled, appliance ignores this field.
▼ Viewing ICP rules 1 Select the config menu, and press Enter. 2 Select routing, and press Enter. 3 Select icp, and press Enter. 4 Select rules, and press Enter. 5 Select view rules, and press Enter. Doing so causes the file containing the ICP rules to appear. Viewing current ICP settings You can find out if the ICP protocol is enabled or disabled, what the ICP port number is, whether ICP multicast is enabled or disabled, and the ICP query timeout by viewing the settings.
Enabling and disabling multicast in ICP You can enable or disable multicast in ICP. ▼ ▼ Enabling multicast in ICP 1 Select the config menu, and press Enter. 2 Select routing, and press Enter. 3 Select icp, and press Enter. 4 Select enable-multicast, and press Enter. Disabling multicast in ICP 1 Select the config menu, and press Enter. 2 Select routing, and press Enter. 3 Select icp, and press Enter. 4 Select disable-multicast, and press Enter.
▼ Setting the ICP query timeout number 1 Select the config menu, and press Enter. 2 Select routing, and press Enter. 3 Select icp, and press Enter. 4 Select timeout, and press Enter. Doing so causes a field to appear that has the current timeout value in seconds displayed. 5 Supply the new timeout value in seconds in the data field, and press Enter. 6 Press CTRL-X to save your changes and return to the previous screen.
7 Press CTRL-X to save your rule and return to the previous screen. Each rule must have the following format: primary destination=value secondary specifier=value action=value The following table lists the primary destinations and their allowed values: Primary Destination Allowed Value dest_domain Requested domain name dest_host Requested host name dest_ip Requested IP address url_regex Regular expression to be found in a URL The secondary specifiers are optional.
Action Tag Allowed Value (Continued) round_robin ❚ true Enter true if you want the appliance to go through the parent proxy list in a round-robin. ❚ false go_direct ❚ true Enter true if you want requests to bypass parent hierarchies and go directly to the origin server. ❚ false Enter false if you do not want requests to bypass parent hierarchies. Examples The following rule sets up a parent proxy hierarchy consisting of the appliance (which is the child) and two parents, p1 and p2.
▼ Viewing parent proxy caching rules 1 Select the config menu, and press Enter. 2 Select routing, and press Enter. 3 Select parent, and press Enter. 4 Select delete, and press Enter. 5 Select view rules, and press Enter. Doing so lists the file containing the parent proxy caching rules. Configuring WCCP options The appliance supports WCCP 2.0-enabled routers. If you use WCCP, you must specify the IP address of the router. You can enable, disable, configure, and view WCCP options.
bottom field and press Enter. Finally, press CTRL-X to save your changes and return to the previous screen. ✔ To disable multicast communication, select disable multicast, and press Enter. ✔ To enable HTTP redirection, select enable HTTP, and press Enter. ✔ To disable HTTP redirection, select disable HTTP, and press Enter. ✔ To enable NNTP redirection, select enable NNTP, and press Enter. ✔ To enable NNTP redirection, select enable NNTP, and press Enter.
Configuring ARM bypass rules The appliance uses ARM bypass rules to determine whether to bypass incoming client requests or to attempt to serve them transparently. You can add, delete, and view ARM bypass rules. ▼ Adding ARM bypass rules 1 Select the config menu, and press Enter. 2 Select arm, and press Enter. 3 Select bypass, and press Enter. 4 Select rules, and press Enter. 5 Select add rules, and press Enter. 6 Add a bypass rule, and press Enter.
The bypass rules have the following format: Rule Format source IP bypass bypass src src_IP Where src_IP can be: ❚ A simple IP address, such as 1.1.1.1 ❚ In Classless Inter-Domain Routing (CIDR) format, such as 1.1.1.0/24 ❚ A range of IP addresses separated by a dash, such as 1.1.1.1-2.2.2.2 ❚ Any combination of the above, separated by commas, such as 1.1.1.0/24, 25.25.25.25, 123.1.23.1 - 123.1.23.
3 Select bypass, and press Enter. 4 Select rules, and press Enter. 5 Select view rules, and press Enter. Doing so displays the file containing ARM bypass rules. Configuring load-shedding options When transparent proxy caching is enabled, the appliance handles overload conditions by forwarding new requests to origin servers. You can configure the appliance to automatically shed load if the cache-hit transaction times become too long.
5 Press CTRL-X to save your changes and return to the previous screen. The following table describes the options: Option Description Lookup Timeout Specifies the timeout period in seconds for the IP address lookup operation in the host database. Foreground Timeout Specifies how long DNS entries can remain in the database before they are flagged as stale.
Option Description DNS Resolve Timeout Specifies how long the appliance should wait for the DNS server to respond with an IP address, even if the client request has been cancelled. If the user abandons the request before this timeout expires, the appliance can still obtain the host’s IP address in order to cache it. The next time a user makes the same request, the address will be in the cache.
4 Supply a value for each field you want to change, and press Enter after filling in each field. 5 Press CTRL-X to save your changes and return to the previous screen. ▼ Viewing logging options 1 Select the config menu, and press Enter. 2 Select logging, and press Enter. 3 Select view, and press Enter.
Network Statistic (Continued) Description (Continued) Open Client Connections The number of currently open client connections. Cache Transfers in Progress The number of cache transfers (cache reads and writes) in progress. Client Throughput (Mbit/sec) The number of bytes per second through node (and cluster). Transactions Per Second The number of HTTP transactions per second.
Statistics Description (Continued) Errors ❚ Connect Failures—The percentage of connect errors and their average transaction times. ❚ Other Errors—The percentage of other errors and their average transaction times. Aborted Transactions ❚ Client Aborts—The percentage of client-aborted transactions, and their average transaction times. ❚ Questionable Client Aborts—The percentage of possibly client-aborted transactions, and their average transaction times.
Total Connections The total number of HTTP server connections since installation. Transactions In Progress The total number of HTTP server connections in progress. The following table describes the protocol for the NNTP protocol. Statistics and descriptions exist for Client, Server, and Operations. Client Server Operations 102 Statistics Description Open Connections The number of open NNTP connections. Bytes Read The number of NNTP client request bytes read since installation.
Post Bytes The number of total bytes posted through the traffic server. Poll Bytes The number of total bytes polled by the traffic server. Feed Bytes The number of total bytes fed to the traffic server. The following table describes the statistics for the FTP protocol: Statistics Description Open Connections The number of open FTP connections. PASV Connections Successes The number of successful PASV connections since installation.
Queries Originating from ICP Peers Total Responses Received The number of response messages received from ICP peers (siblings and parents). Average ICP Message Response Time The average time for an ICP peer to respond to an ICP query message from this node. This is a cumulative average value. Average ICP Request Time The average time for an HTTP request (that is sent to ICP) to receive an ICP response. This is a cumulative average value.
Statistics (Continued) Description (Continued) Cache Reads Failed The number of cache read misses since installation (NNTP, HTTP, and FTP). Cache Writes Completed The number of completed cache writes since installation (NNTP, HTTP, and FTP). Cache Writes Failed The number of cache write failures since installation (NNTP, HTTP, and FTP). Cache Updates Completed The number of cache HTTP updates completed since installation.
▼ Viewing DNS statistics 1 Select the monitor menu, and press Enter. 2 Select other, and press Enter. 3 Select dns, and press Enter. Doing so causes the statistics to display on the screen. The following table describes the statistics. Statistic Description Total Lookups The total number of DNS lookups (queries to name servers) since installation. Successes The total number of DNS lookup successes since installation. Average Lookup Time (msec) The average DNS lookup time.
▼ Viewing logging statistics 1 Select the monitor menu, and press Enter. 2 Select other, and press Enter. 3 Select logging, and press Enter. Doing so causes the statistics to display on the screen. The following table describes the statistics. Statistic Description Currently Open Log Files The number of access log files (formats) that are currently being written.
Using the save menu The save menu lets you save the current appliance configuration to a floppy disk. ▼ Saving the current configuration to a floppy disk Note 1 Select the save menu, and press Enter. Doing so causes the system to prompt you to insert a blank floppy disk. 2 Insert a floppy disk into the floppy disk drive, and press Enter. Doing so causes the appliance to copy all the current configuration settings to the floppy disk.
Chapter 6 Troubleshooting Problems When the system doesn’t seem to be operating correctly, you can use the information in this chapter to help you find a solution. If the information in this chapter doesn’t solve your problem, refer to the Intel NetStructure Caching Appliance Product Support booklet that came with your system.
Rebooting your system Rebooting the Intel NetStructure Cache Appliance causes the underlying operating system to reboot. Rebooting the appliance is not the same as starting and stopping the caching software on your system. For instructions on how to start and stop the caching software by using the command-line interface (CLI), refer to Starting the appliance‚ on page 55 and Stopping the appliance‚ on page 55.
Upgrading software Periodically the caching application that runs on the Intel NetStructure Cache Appliance might need upgrading or might need to have a patch applied. In this case, visit Intel’s ISP web site at http://www.intel.com/isp and go to the product page for your appliance. That page contains information on the latest software versions and patches that might apply.
Appendix A Caching Solutions and Performance This appendix is an overview of the Web caching capabilities and performance of the Intel NetStructure Cache Appliance. This chapter covers the following topics.
Web proxy caching The Intel NetStructure Cache Appliance is a high-performance caching proxy server. It is designed to efficiently handle multiple client connections simultaneously and supports HTTP, FTP, NNTP, ICP, and WCCP 2.0 protocols. Caching The idea behind Web caching is to store copies of frequently accessed documents close to users and serve this information to them on demand. Users get their information faster, and Internet bandwidth is freed up for other tasks.
Step 4 If the data in the cache is stale, the appliance connects to the origin server and asks if the document is still fresh. If the document is still fresh, the appliance sends the cached copy to the user immediately. Step 5 If the object is not in the cache (a cache miss) or the server indicates that the cached copy is no longer valid, the appliance gets the document from the Web server, simultaneously streaming it to the user and the cache (Figure 2).
HTTP Web documents support optional author-specified expiration dates. The appliance adheres to these expiration dates; otherwise it picks an expiration date based on how frequently the document is changing and on administrator-chosen freshness guidelines. In addition, documents can be revalidated, checking with the server if a document is still fresh. Revalidating objects If an HTTP object is stale, the Intel NetStructure Cache Appliance revalidates the object.
For example, if a document was last modified 32 days ago and was sent to the appliance two days ago, the document is considered fresh in cache for three days after it was sent. (This assumes a factor of 10%.) So for this situation, the document is considered fresh for one more day. Because this method could result in lengthy freshness times for documents that have not changed for long periods, cache administrators might want to place an upper boundary on the freshness limit.
✔ The min-fresh field, sent by clients, is an acceptable freshness tolerance. The client wants the object to be at least this fresh. If a cached document does not remain fresh at least this long in the future, it is revalidated. ✔ The max-stale field, sent by clients, permits the appliance to serve stale documents provided they are not too old. Some browsers might be willing to take stale documents in exchange for improved performance, especially during periods of poor Internet availability.
✔ Evaluate freshness as follows: 1 Use the Expires header test, if applicable, otherwise go to step 2. If the object is stale, revalidate. If it is fresh, check the Cache-Control headers. 2 Use the Last-Modified / Date header test, if applicable, otherwise go to step 3. If the object is fresh according to the Last-Modified / Date test, check the Cache-Control headers for any freshness restrictions. 3 Use the absolute freshness limit specified in the Freshness section of the Configure: Cache page.
The following table lists the HTTP caching directives that the appliance follows. Directive source Caching directives administration options ❚ Don’t cache objects with URL addresses containing ?, ;, /cgi or end in .asp. ❚ Don’t cache objects served in response to the Cookie: header. ❚ Set never-cache rules from the command-line interface. Refer to Configuring caching rules‚ on page 79. client Don’t cache objects with the following request headers.
✔ Information on how the ARM changes packet addresses. See ARM redirection‚ on page 125. ✔ A description of the appliance’s adaptive bypass scheme. See Appliance adaptive bypass‚ on page 126. Serving requests transparently Here’s how the Intel NetStructure Cache Appliance transparent interception works: Step 1 The appliance intercepts client requests to origin servers. Several appliance deployment methods exist so that interception can take place. See Interception strategies‚ on page 121 for details.
appliance, or routers or switches feeding it, is often deployed at a major artery or aggregation pipe to the Internet. The following sections provide more details about the Intel NetStructure Cache Appliance’s transparency routing solutions. Using a layer 4-aware switch to filter transparency requests Layer 4-aware switches can rapidly redirect supported protocols to the Intel NetStructure Cache Appliance, while passing all other Internet traffic through directly to its destination.
Using a WCCP-enabled router for transparency A WCCP 2.0-enabled router can send all port 80 (HTTP) traffic to the Intel NetStructure Cache Appliance, as shown in Figure 4. After the WCCP router sends port 80 traffic, the ARM readdresses port 80 to the appliance proxy port (by default, port 8080). Then the appliance processes the request as usual, retrieving the requested document from the cache if it is a hit and sending the response back to the client.
✔ The appliance handles node failure in WCCP cache farms. If one node goes down, its load is redistributed among the remaining nodes. ✔ In WCCP, you can use multiple routers. Traffic flowing through multiple routers can share the same pool of caches. In Figure 4, appliances 1, 2, and 3 form a WCCP cache farm. If the appliance in the WCCP-enabled routing scheme has an ARM bypass rule, the rule causes the appliance to forward particular client requests directly to the origin server, bypassing the appliance.
Figure 5 illustrates policy-based routing for HTTP objects. This routing scheme has the following characteristics: ✔ All client Internet traffic is sent to a router that feeds the appliance. ✔ The router sends port 80 (HTTP) traffic to the appliance and sends the remaining traffic to the next hop router. ✔ The ARM translates intercepted requests into appliance requests so they can be served. ✔ Translated requests are sent to the appliance.
✔ NNTP packet destination IPs are readdressed with the IP address of the appliance. If the appliance uses a port other than 119 for NNTP, the destination NNTP port is readdressed as well. Adaptive interception bypass The Intel NetStructure Cache Appliance contains an adaptive learning module that recognizes inter operability problems caused by transparent proxy caching and automatically bypasses the traffic around the proxy without operator intervention.
Static and dynamic (adaptive) bypass Bypass rules can be either static or adaptive. Adaptive bypass rules are dynamically generated if you configure the appliance to bypass in the case of non-HTTP port 80 traffic or HTTP errors. Static and dynamic rules Static and dynamic rules look exactly the same. However, the appliance creates dynamic rules when it encounters particular problems, such as non-HTTP port 80 traffic or HTTP errors.
Server acceleration In Web proxy caching, the Intel NetStructure Cache Appliance handles arbitrary Web requests to distant Web servers on behalf of a set of users. Server acceleration (also known as reverse proxy caching or virtual Web hosting) is slightly different. In server acceleration, the appliance is the Web server to which the user is trying to connect. The Web server host name resolves to the appliance, which is acting as the real Web server.
Advantages of server acceleration Server acceleration advantages are similar to Web proxy caching: ✔ The appliance is optimized for speed and multiple user connections and can be deployed close to users. ✔ Serving cached documents saves network bandwidth. Server acceleration offers the following server advantages: ✔ Web servers can be off-loaded, providing overload insurance. An appliance cluster dynamically mirrors content from heavily loaded Web servers. ✔ Web administration is centralized.
Whereas the corresponding proxy request would look like this: GET http://real.janes_books.com/index.html HTTP/1.0 HOST: real.janes_books.com The appliance can construct a proxy request from a server request by using the server information in the host header. You might have noticed a small problem. The correct proxy request must contain the host name of the origin server, not the advertised host name that names servers associated to the appliance. The advertised host name is what appears in the host header.
This map rule specifies the path /jazz for jazz.flute.org on the server big.server.net. Generally, you use reverse proxy mode to support more than one origin server. In this case, all of the advertised host names resolve to the IP address or virtual IP address of the appliance (see Figure 6). Using host headers, the appliance is able to translate server requests for any number of servers into proxy requests for those servers.
Understanding server acceleration mapping rules Rewrite rules each consist of three space-delimited fields: type, target, and replacement. ✔ Type indicates the type of rule. ✔ Target specifies the URL from which the request originates. ✔ Replacement specifies the URL the appliance uses in place of the target URL. Using map rules When the appliance receives a request as a server accelerator, it first constructs a complete request URL from the relative URL and its headers.
In a typical Server Accelerator configuration, there should be a reverse-map rule for every map rule, with the origin URL and replacement URL of the map rule reversed. Examples of rules and translations The following examples illustrate several important cases of rewrite rules. Example 1 This map rule does not specify a path prefix in the target or replacement: map http://www.x.com/ http:/server.hoster.
In these examples, the second rule is never applied because all URL addresses that match the second rule also match the first rule. The first rule takes precedence because it appears earlier in the remap.config file. Example 4 A mapping with a path prefix specified in the target and replacement: map http://www.h.com/a/b http://server.h.com/customers/x/y This rule results in the following translation: Example 5 User Request Translated Request http://www.h.com/a/b/c/d/ doc.html http://server.h.
Understanding cache hierarchies Cache hierarchies consist of levels of caches that communicate with each other. Hierarchical caching can give you information about the local access requirements of your users; this information might not appear in a large central cache. The Intel NetStructure Cache Appliance supports several types of cache hierarchies, but all cache hierarchies recognize the concepts of parent and child caches.
For information on how to enable parent caching from the Manager UI, see the parent caching section on the Configure: Routing page (see Setting HTTP parent caching options‚ on page 40). For information on how to enable parent failover using the command-line interface, see Controlling parent proxy caching‚ on page 89.
How an ICP hit can be a miss If the appliance receives a hit message from an ICP peer, then it sends the HTTP request to that peer. It might turn out to be an actual miss, because the original HTTP request contains header information that is not communicated by the ICP query. For example, the hit might not be the requested alternate. If an ICP hit turns out to be a miss, the appliance forwards the request to either its HTTP parent caches or to the origin server.
News article caching The Intel NetStructure Cache Appliance can function as a news server or a caching news server. News, also known as USENET and discussions, is a system of online discussion groups. NNTP is the protocol used to retrieve and distribute these discussion groups. The appliance supports NNTP as specified in RFC 977 and many common and proposed extensions. To read news articles, users need a news reader, such as Netscape Communicator or Microsoft Internet Explorer, and access to a news server.
The appliance as a news server As a news server, the Intel NetStructure Cache Appliance does the following: ✔ Maintains lists of supported news groups ✔ Accepts news feeds for each supported news group ✔ Serves requested articles to users ✔ Accepts and numbers user postings to the supported news groups The appliance as a caching proxy news server As a caching proxy news server for a particular news server, the Intel NetStructure Cache Appliance does the following: ✔ Maintains lists of the news groups on it
Some of the possible parent configurations that the appliance supports are as listed below: Several news servers supplying the same groups: Several news servers can be configured to redundantly serve the same groups, providing enhanced reliability.
Two types of clusters are supported: soft clusters and management-only clusters. A soft cluster consists of multiple appliances that use an external clustering device such as an L4 Switch or router to handle load balancing and routing responsibilities. A management-only cluster also consists of multiple appliances whose functions are managed through a proprietary communications protocol accessible through the Manager UI. A management-only cluster does not use an external clustering device.
Pull the articles for specified groups: For all groups designated as pull, the appliance will retrieve the articles automatically and periodically. Pulling groups is useful when you do not want to or cannot set up a full or partial feed. Dynamically subscribe to specified groups: The appliance can monitor the usage pattern for groups, and those for which the overview database is very frequently accessed can be treated as pullover groups.
Obeying NNTP control messages By default, the Intel NetStructure Cache Appliance periodically checks the parent server for new groups, cancelled articles, and new articles for nonfeed news groups. If you have enabled these periodic checks in the Configure: Protocols page, you do not need to configure the appliance to obey NNTP control messages. See Configuring NNTP‚ on page 31 for more information. However, you can configure the appliance to obey NNTP control messages.
Fine-grained parallelism The appliance uses a highly parallel application that can manage hundreds of thousands of concurrent activities by combining kernel multithreading with an internal scheduling system called Nanothreading. Raw-disk object store The appliance stores all cached documents in a custom, high-speed database called the object store. The object store is a streaming database that supports storing alternate versions of the same object, varying on spoken language or browser type.
Advanced protocol features The appliance supports ✔ Performance features of the emerging HTTP 1.1 protocol, such as persistent connections, request pipelining, and cache-control features. ✔ A rich set of commands to optimize the performance of NNTP browsing, including support for RFC 977, such as the OVER, PAT, XREPLIC and NEXT/PREV commands, and all common extensions. ✔ Caching of all NNTP data types and reception of news article feeds. See News article caching‚ on page 138.
Figure 10 The Monitor Dashboard The appliance also supports email notification for alarms. You set the email address to which alarms are sent from the command-line interface. Virtual IP failover The virtual IP failover option is available to clustered Intel NetStructure Cache Appliances. When virtual IP failover is enabled, the appliance maintains a pool of virtual IP addresses that it assigns to the nodes in the cluster.
Load shedding Overload conditions, such as network outages, misconfigured routers, or security attacks, can slow down the Intel NetStructure Cache Appliance’s response time. In transparent configurations, the appliance can use its ARM bypass functionality to forward overload requests directly to origin servers, bypassing the cache. When the overload condition dissipates, the appliance automatically returns to full caching mode.
Centralized administration The Intel NetStructure Cache Appliance incorporates many native command and control features for carrier-class system management and administration. The following list provides an overview of these features: Single system image The appliance maintains a single system image for every node configured into the appliance cluster. Multicast management protocol The appliance uses a multicast management protocol to manage the cluster’s single system image.
enable SNMP access to either one or both of these MIBS on your Intel NetStructure Cache Appliance. See Enabling SNMP agents‚ on page 29. If a device fails, it can send a warning message or an SNMP trap to the SNMP monitoring station. All SNMP agents require you to configure the trap destination IP address before they can send traps. This configuration varies among agent implementations. It can also depend on the MIB.
Appendix B Error Messages This appendix contains the following sections: ◆ HTML messages sent to clients‚ on page 152 describes the HTML error messages that the Intel NetStructure Cache Appliance sends to browser clients (not to be confused with standard HTTP response codes) ◆ Standard HTTP response messages‚ on page 154 describes the standard HTTP response codes that web servers send to browser clients 151
HTML messages sent to clients The appliance returns detailed error messages to browser clients when there are problems with the HTTP transactions requested by the browser. These response messages correspond to standard HTTP response codes, but provide more information. A list of the more frequently encountered HTTP response codes is provided on page 154. The following table lists the appliance’s hard-coded HTTP messages and their corresponding HTTP response codes.
Title HTTP code Host Header Required 400 Description An attempt was made to transparently proxy your request, but this attempt failed because your browser did not send an HTTP “Host” header. Please manually configure your browser to use http:// : as an HTTP proxy. Please refer to your browser’s documentation for details. Alternatively, end users can upgrade to a browser that supports the HTTP “Host” header field.
Title HTTP code Description Proxy Authentication Required 407 Please login with username and password. Server Hangup 502 The server closed the connection before the transaction was completed. Temporarily Moved 302 The document you requested, , has moved to a new location. The new location is . Transcoding Not Available 406 Unable to provide the document in the format requested by your browser.
Message Description 400 Bad Request 401 Unauthorized; retry 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not acceptable 408 Request Timeout 500 Internal server error 501 Not Implemented 502 Bad Gateway 504 Gateway Timeout Appendix B Error Messages 155
Glossary Alternates Different versions of the same web object. Some web servers answer requests to the same URL with a variety of objects. The content of these objects can vary widely, depending on whether a server delivers content for different languages, targets different browsers with different presentation styles, or delivers variable content at different times of the day. ARM Adaptive Redirection Module.
Cluster A group of the Intel NetStructure Cache Appliance nodes that are configured to act as a single large virtual cache. For information on the supported cluster schemes, see Management-only clustering and Soft Cluster. Configure mode One of two modes in the Intel NetStructure Cache Appliance Manager. Configure mode lets you configure the Intel NetStructure Cache Appliance from a web browser. See also Monitor mode.
ISP Internet Service Provider. An organization that provides access to the Internet. JavaScript A network-oriented programming language specifically designed for writing programs that can be safely downloaded to your computer through the Internet. L4 switch An ethernet switch that can control network traffic flow using Level 4 rules. The switch can intercept desired client protocol packets and direct them to a proxy for transparent operation.
Parent cache A cache higher up in a Cache hierarchy, to which the Intel NetStructure Cache Appliance can send requests. POP 1. Point of Presence. Usually a city or location to which a network can be connected, often with dial up phone lines. 2. Post Office Protocol. The basic protocols for addressing e-mail. Proxy server See Web proxy server. Reverse proxy A option that allows the Intel NetStructure Cache Appliance to be configured as a web server for convenient geographical distribution of server content.
Virtual IP failover An option available to clustered Intel NetStructure Cache Appliances, where the appliance maintains a pool of virtual IP addresses that it assigns to the nodes of a cluster. If a node fails, the remaining nodes mask the fault and take over the failed node’s virtual interface. WCCP Web Cache Control Protocol. A protocol used by Cisco IOS-based routers to redirect traffic during transparent proxy caching. Web server A computer that provides World Wide Web services on the Internet.
Index A F adaptive bypass 126 Adaptive Redirection Module about 145 what it does 121 alternates 119 ARM about 145 WCCP and 124 what it does 121 feed group 142 freshness ensuring 115 HTTP 116 B bypass options 127 bypass rules dynamic 127 static 127 C cache affinity 122 Cache-Control headers 117 child cache 135 clustering management-only 141 Configuring HTTP 30 Configuring Protocols 30 Configuring SNMP agents 29 content fingerprinting 144 G garbage collect 144 H host database about 144 configuring 44 H
N S news server features 138 NNTP access control 32 caching 139 configuring 31 dynamic subscription 142 feed groups 32 object freshness 141 push groups 32 security NNTP access control 32 server accelerator about 128 configuring 43 Setting Virtual IP addressing 26 snapshots configuring 47 SNMP enabling 29 O T object store 144 online help 15 origin server 114 transparency about 120 checking 44 policy-based router 124 switch supported 122 P parent cache 135 configuring HTTP 40 HTTP 135 parent failover