Deploying Enterprise Caching and Content Distribution Technologies

NCM_230 © 2001, Cisco Systems, Inc. All rights reserved. 1 Deploying Network Caching Technologies Peter Long (plong@cisco.com) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 3 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 4 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 5 Content Delivery Networks An End-to-End Content Delivery System Leveraging Services in the IP Core Network and Content Aware Layer 4–7 Capabilities to Optimise End User Access to Content NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 6 5 Key Elements of Content Networking Content Distribution and Management Content Routing Content Edge Delivery Content Edge Delivery Intelligent Network Services NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. Content Switching 7 Layers upon Layers upon Layers App App Management and Origination Web Hosting Content Distribution and Management Streaming Video Content Edge Delivery ASP Services Content Routing Content Switching Infrastructure Infrastructure Intelligent Network Services QoS/VPN/Multicast (Layer 2/3) Highly Available, Scalable Network at Layer 2/3 High-Performance Layer-2 Network Mobile NCM-230 3046_05_2001_c1 Fixed Wireless Cable DSL Dedicated/ ATM/FR ISDN/Dial 8 © 2001, Cisco Systems, Inc. All rights reserved. It’s all about Turning This… NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 9 …into This NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 10 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) © 2001, Cisco Systems, Inc. All rightsUsing Layer 5–7 Information reserved. NCM-230 3046_05_2001_c1 11 Enterprise Edge Services Current Product Portfolio Content Edge Delivery Storage Content Distribution Mgmt Content Routing Content Acquisition SA12 CE-7320 CDM-4650 CE-5xx Series IPTV-343x-ARCH •Cache CE •ECDN CE Real, WMT VOD Stream Live Stream Content Push Content Replication TV Out (507/560 AV) SA6 •Storage Arrays Increases Perf. Increases Storage Capacity SCSI3-LVD CDM-4630 IPTV-3412-CTRL •ECDN CDM Central Mgmt Content Distrib. Mgmt Media Import Bandwidth Mgmt Policy Mgmt (channels) Log Aggregation CR-4430 •ECDN CR HTTP Redirection Fail over (CSS) IPTV-342xBCAST •IP/TV BCAST MPEG1,2 WMT Live Capture Live Stream •IP/TV CTRL Program scheduling Program Listing Multicast Mgmt •IP/TV ARCH MPEG1,2 VOD Stream NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 12 Application and Content Networking Software (ACNS) V4.0 Release Multi-purpose Intelligent Edge Device: Cache & CDN November CY01 Integration: • Cache 3.1.1 (all features) • ECDN 3.0 (all features) • Concurrent Cache and ECDN • Digital Fountain (Multicast Support) QoS: • ToS/DSCP to classify traffic: set by cache hit or miss via cache rules template Hardware Platform support: • CE507, CE560, CE590, CE 7320, CE507AV, CE560 AV Authentication: • Native NTLM Authentication • SSH V1 Management: • Native WMT Server • CiscoWorks 2000: CE appears on topology tree, RME, and report error and fault (via SNMP MIB) to CW2K management console • Upgrade Tool: upgrade from Cache 3.1 and ECDN 3.0 to CCNS V4.0 NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 13 NTLM • NT LAN Manager (NTLM) is Windows NT’s challenge/response authentication protocol used in IE browsers, proxies and web servers (IIS) • Cisco CE will support NTLM client in CCNS V4.0 release NTLM pass-through: all client requests served by original server instead of cache NTLM-object-caching: CE serves cached object if there is secured connection between client and server or established secured connection via IMS messages • NTLM sends password in encrypted format to server that originated the challenge • Users only log on to the NT network once in MS environment running IE browser and NT domain, and from there on, the username and token are automatically sent for any further NTLM authentication • End-to-end NTLM authentication over HTTP for protected web objects is supported only under transparent mode with CE as proxy NCM-230 3046_05_2001_c1 14 © 2001, Cisco Systems, Inc. All rights reserved. NTLM Request Authentication with Proxy CE Offices CE Corp. HQ NT Domain Controller WAN NT Web Server Client 1 CE GET 2 NT Server 401 Unauthorised “Proxy Authenticate: NTLM” 3 “Authorisation: NTLM ” 4 Connect Sends 8 byte challenge key 6 5 “Proxy-Authenticate: NTLM ” “Authorisation: NTLM : the credentials” OK/Deny 10 7 8 Forwards credentials OK/Deny 9 11. CE stores source IP address for future requests. NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 15 Cisco E-CDN with Digital Fountain Multicast Distribution of content & CDM 4650 DF-SRVR-4610 Content Engine • Integrated with ACNS4.0+ and ECDN 3.0.2+ for content • • • NCM-230 3046_05_2001_c1 replication to remote locations Excellent for IP multicast and satellite distribution to multiple CEs (scales to over 1000) Digital Fountain appliance works with CDM4630 & CDM4650 Digital Fountain client is integrated into ACNS as a SW option class 16 © 2001, Cisco Systems, Inc. All rights reserved. Cisco E-CDN with Digital Fountain Multicast Distribution of content & Content Engine CDM 4650 DF-SVR-4610 Content Engine Content Engine NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 17 Value of Digital Fountain Solution • Seamless integration with Cisco-powered content distribution network • Unsurpassed scalability Ability to transmit up to 45 mbps Other “reliable multicast” schemes scale only to hundreds of clients • Dramatic bandwidth savings Reduces confirmation / acknowledgement traffic Removes need to carousel, or repeat transmission for reliability • Reduced transmission costs, or ability to raise utilization of expensive satellite transmission bandwidth NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 18 Application and Content Networking Software (ACNS) V4.1 Release Native WMT with improved performance, Real V8 Subscriber Target FCS December CY01 Streaming Media: • Native WMT Server • Native WMT Caching/Proxy • Native WMT Splitting • Native WMT Multicast Sourcing • Real V8 Subscriber Others: • L2 WCCP Earl-6 • Apache log file format • IF-Range • Radius Redirect Hardware Platform support: • CE507, CE560, CE590, CE 7320, CE507AV, CE560 AV Management: • License Key Management: ability to activate various 3rd party SW license keys • Note: All CE507-CDN, CE560• CiscoWorks 2000 CDN, CE507-AV-CDN, CE560-AVCDN part numbers will be Content Filtering: merged into the non ‘-CDN’ • N2H2 versions to ease orderability. NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 19 WMT Proxy vs. Native Server • WMT Proxy Server is a relay server for streaming requests Accepts incoming WMT streaming requests (MMS or HTTP) from clients and acts on behalf of clients talking to origin server Fetch (MMS-TCP, HTTP ) and caches the streaming content and serves the user request instead of the origin server Content can also be pre-positioned via policy from CDM Accept WCCP or L4 redirects as well as manual proxy requests (clients configured to use an upstream Proxy) Supports live stream splitting and IP multicast Supports authentication of clients against origin servers: Basic and NTLM user authentication • WMT Server has full functionality of origin server Delivers pre-positioned WMT content to requesting clients directly Unicast and Multicast of VOD and live streams Live stream splitting supported NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 20 Real Subscriber vs. Real Proxy Live Broadcast Distribution Proactive (Push) and Passive (Pull) Live Distribution In-stream Error Recovery Intelligence (Forward Error Correction) Satellite Transmission (Multicast) Broadcast Reliability Encoder Failover Protection (Broadcast Redundancy) Network Outage Protection (Live Stream Reconvergency) Configurable Live Packet Buffer Windows, Smooths out Transmission Latency Variances Unicast & Multicast Live Broadcast Distribution UDP/unicast Packet Transmission (Stateless) TCP/unicast Packet Transmission (Stateful) Server to Server Multicast Delivery Edge Archiving of Multicast Transmissions (Live Archiving) Scalability Multicast Delivery to Clients Server to Client Scalable Multicast Delivery Server to Client 'Backchannel' Multicast Delivery Dynamic Capacity Allocation Wide Audience Reach: Commercial Streaming Media Player Compatible RealPlayer G2 (6.0) and Later (RealPlayer 8) Legacy RealPlayer (5.0 - 1.0) Apple QuickTime Player NCM-230 Commerce of Media: Revenue Applications 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. Y Y Y Y Y Y Y Y Y Y N (Pull Only) N N N N N N Y N N Y Y Y Y Y Y N Y N Y Some Y 21 Support & Extensibility Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) © 2001, Cisco Systems, Inc. All rights reserved. Using Layer 5–7 Information NCM-230 3046_05_2001_c1 22 Transparent Caching Insertion/Operation Web Server Internet or WAN WCCP-Enabled Router Cisco Content Engine(s) Web Traffic Transparently Redirected NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 23 Transparent Caching Insertion/Operation Web Server Internet or WAN Content Engine Requests Content Cisco Content Engine(s) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 24 Transparent Caching Insertion/Operation Web Server Internet or WAN Cisco Content Engine(s) Content Engine Simultaneously Caches the Content and Delivers It to the Client NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 25 Transparent Caching Insertion/Operation Web Server Internet or WAN Internet Cisco Content Engine(s) NCM-230 3046_05_2001_c1 Content Engine Fulfills Subsequent Requests for Same Content © 2001, Cisco Systems, Inc. All rights reserved. 26 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 27 Transparently Inserted into Network • Basic transparency Transparently redirect traffic on multiple ports to CE • Fault tolerance • Fault prevention: bypass • Scalable clustering NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 28 Fault Tolerance Automatic Redistribution Buckets 86–128 Buckets 1–85 Buckets 86–170 Buckets 129–170 Buckets 171–255 A X B C NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 29 Fault Tolerance Internet Web Server X NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. Automatic WCCP Shutdown 30 Fault Tolerance Internet Web Server MHSRP Router Pair X Cisco Content Engine Cluster NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 31 Fault Prevention: Overload Bypass Internet Origin Web Server Request Refused Client Requests URL Cisco Content Engine Cluster (Overloaded) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 32 Fault Prevention: Overload Bypass Internet Origin Web Server Cisco Content Engine Cluster (Overloaded) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 33 Fault Prevention: Dynamic Client Bypass Internet Origin Web Server Client Requests URL Cisco Content Engine Cluster NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 34 Fault Prevention: Dynamic Client Bypass Internet IP Authentication Failure Build a Bypass Pair Auto Retry Cisco Content Message Engine Cluster Origin Web Server NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 35 Fault Prevention: Dynamic Client Bypass Internet Origin Web Server Request Refused Bypass Pair Match Browser Retries Cisco Content Engine Cluster NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 36 Fault Prevention: Dynamic Client Bypass Internet Successful IP Authentication Origin Web Server Cisco Content Engine Cluster NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 37 Scalable Clustering • Load balancing by hashing on dest/source IP address • Linear, incremental scalability • Hot Insertion, Hot Removal • High availability, redundancy NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 38 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 39 Reverse Proxy Caching Network Design Co-lo ISP-2 Si Si Si Caching Works together with Switches and Routers to Scale this Single Site by Optimizing Web Server Hits NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 40 Reverse Proxy Caching “Cache Miss” Co-lo ISP-2 Si Si Si On a “Cache-Miss”, the Cache Simultaneously Caches the Content and Delivers It to the Client NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 41 Reverse Proxy Caching “Cache Hit” Co-lo ISP-2 Si Si Si On a “Cache Hit”, the Cache Services the Request without Having to Contact the Web-Server NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 42 Stages Associated in RPC www.site.com Load-Balancer Reverse Proxy Caches Load-Balancer (May Be the Same as Stage 1) Web Servers End User Server internet Server Stage 1: End-user initiates a request; Content Routing may be used to direct this request to the “best” edge-node location Stage 2: request from enduser comes in to one of the content hosting sites, addressed to a VIP on the load-balancer Stage 3: The Load-balancer redirects the request to a Reverse Proxy Cache (blue line) or bypasses the cache and sends flow direct to the origin webserver (dashed blue line), bypassing stage 4 Stage 4: The Cache either services content request (“cache-hit”) or forwards request on to load-balancer to send to origin webserver (“cache-miss”) (via a load-balancer) Stage 5: Load-Balancer forwards request on to Web Server; Web Server services request NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 43 Stages Associated in RPC Stage 1: Content Routing www.site.com Load-Balancer Reverse Proxy Caches Load-Balancer (May Be the Same as Stage 1) Web Servers End User Server internet Server Stage 1: End-user initiates a request; Content Routing may be used to direct this request to the “best” edge-node location Stage 2: request from enduser comes in to one of the content hosting sites, addressed to a VIP on the load-balancer Stage 3: The Load-balancer redirects the request to a Reverse Proxy Cache (blue line) or bypasses the cache and sends flow direct to the origin webserver (dashed blue line), bypassing stage 4 Stage 4: The Cache either services content request (“cache-hit”) or forwards request on to load-balancer to send to origin webserver (“cache-miss”) (via a load-balancer) Stage 5: Load-Balancer forwards request on to Web Server; Web Server services request • Content routing NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 44 Stages Associated in RPC Stage 2/3: LoadBalancing Requests to Cache and Web-Server www.site.com Load-Balancer Reverse Proxy Caches Load-Balancer (May Be the Same as Stage 1) Web Servers End User Server internet Server Stage 1: End-user initiates a request; Content Routing may be used to direct this request to the “best” edge-node location Stage 2: request from enduser comes in to one of the content hosting sites, addressed to a VIP on the load-balancer Stage 3: The Load-balancer redirects the request to a Reverse Proxy Cache (blue line) or bypasses the cache and sends flow direct to the origin webserver (dashed blue line), bypassing stage 4 Stage 4: The Cache either services content request (“cache-hit”) or forwards request on to load-balancer to send to origin webserver (“cache-miss”) (via a load-balancer) Stage 5: Load-Balancer forwards request on to Web Server; Web Server services request • Load-balancing NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 45 Stages Associated in RPC Stage 4: Redirecting Cache-Misses Back to the Load-Balancer www.site.com Load-Balancer Reverse Proxy Caches Load-Balancer (May Be the Same as Stage 1) Web Servers End User Server internet Server Stage 1: End-user initiates a request; Content Routing may be used to direct this request to the “best” edge-node location Stage 2: request from enduser comes in to one of the content hosting sites, addressed to a VIP on the load-balancer Stage 3: The Load-balancer redirects the request to a Reverse Proxy Cache (blue line) or bypasses the cache and sends flow direct to the origin webserver (dashed blue line), bypassing stage 4 Stage 4: The Cache either services content request (“cache-hit”) or forwards request on to load-balancer to send to origin webserver (“cache-miss”) (via a load-balancer) Stage 5: Load-Balancer forwards request on to Web Server; Web Server services request • Cache-miss redirection: NCM-230 3046_05_2001_c1 Rules templates split DNS © 2001, Cisco Systems, Inc. All rights reserved. 46 Stages Associated in RPC Stage 5: Web-Server Services Content Request www.site.com Load-Balancer Reverse Proxy Caches Load-Balancer (May Be the Same as Stage 1) Web Servers End User Server internet Server Stage 1: End-user initiates a request; Content Routing may be used to direct this request to the “best” edge-node location Stage 2: request from enduser comes in to one of the content hosting sites, addressed to a VIP on the load-balancer Stage 3: The Load-balancer redirects the request to a Reverse Proxy Cache (blue line) or bypasses the cache and sends flow direct to the origin webserver (dashed blue line), bypassing stage 4 Stage 4: The Cache either services content request (“cache-hit”) or forwards request on to load-balancer to send to origin webserver (“cache-miss”) (via a load-balancer) Stage 5: Load-Balancer forwards request on to Web Server; Web Server services request • Only occurs on a “cachemiss” or for dynamic content request NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 47 Reverse Proxy Caching Using Layer-5 Intelligence to Load-Balance Requests Co-lo Static Content Static Content Si ISP-2 Static Content Static Content Dynamic Content Dynamic Content Dynamic Content Dynamic Content Static Content Is Usually 70% or More of a Web Page This Is because a Web Page May Be dynamically generated, but the ‘Thick’ objects usually aren’t dynamic i.e. GIF, JPG, MPG, etc… Si NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 48 Geographically-Distributed Content NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 49 Geographically-Distributed Content NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 50 Does RPC Actually Work? “The reliability of CCO improved considerably. Precisely when we turned on the cache engines, the server loads decreased to less than 20% of previous levels. The webmasters/sysadmins downstairs can now concentrate on improving other aspects of CCO than worrying about [previous P1] scaling issues.” NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 51 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 52 Employee Internet Management Implementation Optimal Implementation: • Configure with logging, authentication or WebSense site filtering Internet Core Regional/ Distribution Branch/ Edge NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 53 Extensive Reporting NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 54 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 55 Cisco Content Engine Hardware Content Engine 500 Series: CE 507, CE 560, CE 590 Content Engine 7300 Series: CE 7320 Storage Array 6 (SA6) Storage Array 12 (SA12) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 56 Content Engine Product Line (TPC) Ultra High (155+ Mbps) CE 7320 + SA12 3 x CE 590 + 3 x SA6 High End (45–75 Mbps) CE 590 + SA6 2 x CE 560 + 1 x SA6 Mid Range (10–20 Mbps) Low End (1–2 Mbps) CE 560 + ½SA6 CE 507 Price NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 57 Content Engine Product Line (RPC) Ultra High (350+ Mbps) CE 7320 + SA12 3 x CE 590 + 3 x SA6 High End (100+ Mbps) CE 590 + SA6 2 x CE 560 + 1 x SA6 Mid Range (45+ Mbps) Low End (10+ Mbps) CE 560 + ½SA6 CE 507 Price NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 58 Content Engine Product Line (Streaming) Ultra High (350+ Mbps) CE 7320 + SA12 3 x CE 590 + 3 x SA6 High End (100+ Mbps) CE 590 + SA6 2 x CE 560 + 1 x SA6 Mid Range (45+ Mbps) Low End (10+ Mbps) CE 560 + ½SA6 CE 507 Price NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 59 Content Engine Product Line Product Range Ultra-High End Products Content Engine 7320 + Storage Array 12 (a) Content Engine 590 + Storage Array 6 (a) Content Engine 560 + Storage Array 6 (a) Content Engine 507 Part Numbers CE-7320 + SA12-SHF-12DISK-AC CE-590 + SA6-SHF-6DISK-AC CE-560 + SA6-SHF-6DISK-AC CE-507 Base List Price $90,000 + $21,500 = $111,500 $30,000 + $13,000 = $43,000 $15,000 + $13,000 = $28,000 $5,500 High End Mid Range Low End • All CE models have (2) 10BaseT/100BaseTX interfaces; CE 7320 also has (2) GigE (fiber) ports • AC and DC versions will be offered for the CE 590 and CE 7320 • (a) An external Cisco Storage Array is required for optimal performance Cisco Storage Array 6: 6x18=108 GB: $13,000 (3 RU) Cisco Storage Array 12: 12x18=216 GB: $21,500 (3 RU) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 60 Sizing Correct Product Ultra High (155+ Mbps) CE 7320 + SA12 3 x CE 590 + 3 x SA6 CE 590 + SA6 2 x CE 560 + 1 x SA6 CE 560 + ½SA6 CE 507 • 3 important parameters for sizing a cache: Transactions/sec (aka req/sec, URLs/sec) Concurrent # TCP conns. Cache disk capacity All are sized appropriately in CE560/590/7320 for typical “service provider” traffic High End (45–75 Mbps) Mid Range (10–20 Mbps) Low End (1–2 Mbps) Price Link Utilization Time of Day NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 61 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 62 Sample Page NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 63 Objects Are Cached, Not Pages cisco_connection.html menu_bar.gif cco_header.gif cisco_powered.gif logo2.gif button1.gif NCM-230 3046_05_2001_c1 button2.gif button3.gif © 2001, Cisco Systems, Inc. All rights reserved. 64 Dynamic Content • Banner ads, stock quotes Marked as noncachable to overcome every browser’s cache • Active server pages (.asp) Dynamically builds a web page of objects Index file is noncachable But most objects will be static NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 65 Content Freshness • HTTP 1.0: cache/no cache header • HTTP 1.1: expiration tag header • If no expiration exists then Time to Live (TTL) value = • (Date—modified) x freshness factor NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 66 Content Freshness • Revalidate content freshness with if-modified-since (IMS) feature Issued upon a request for expired content or when client browser issues an IMS (to web-server) GET /index.html HTTP/1.1 Server: www.cisco.com Connection: keep-alive If-Modified-Since: Tue 12 Sep 2000 10:07:04 GMT Accept: */* (web-server response) 304 Not Modified OR (end-of-request) 200 OK (response headers) (data) (end-of-request) 67 NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. Local Cache on Browser (IE) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 68 Local Cache on Browser (Netscape) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 69 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 70 Core Influences to Network Design • Modular design • Functional design • Tiered/hierarchical design • Multiple levels of redundancy • Routing protocol hierarchy • Build for IP forwarding first—then add services NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 71 Transparent Network Caching Guidelines • Don’t break an existing network topology Asymmetric Traffic may exist • Don’t decrease the redundancy of the network • Don’t allow overloading to cause a denial-of-service NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 72 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 73 WCCP Web Cache Coordination Protocol • Content routing technology first introduced in 1997 • Provides mechanism to redirect traffic flows [to caches] in real-time • Has in-built load-balancing mechanism and service-assurance (failsafe) mechanisms NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 74 WCCPv2 Enhancements • Announced late 1998, integrated into IOS 12.0(3)T • Major enhancement over WCCPv1 is that anything can be intercepted/redirected Router is instructed what to intercept and how to load-balance it • Major enhancement is that many routers/switches are supported Up to 32 routers/switches and up to 32 caches • Supports flows being re-inserted back into original traffic path NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 75 Many Variants of WCCP • WCCPv1 vs WCCPv2 • Platform-specific WCCP implementations Hardware vs software implementations • Switching path CEF, dCEF, fast, process,…? • Ingress vs egress interception Intercept on input or on output interface • GRE redirect vs L2 rewrite Send packets to cache via GRE tunnel or to directly-attached cache via L2 rewrite NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 76 WCCPv1 vs WCCPv2 • Always use WCCPv2 over WCCPv1 where-ever possible Up to 32 routers and 32 caches in the same “service” with WCCPv2; WCCPv1 supports only 1 router WCCPv2 supports any protocol/port WCCPv2 enables “advanced transparency” methods WCCPv2 supports negotiated hash and forward methods NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 77 [Software] Switching Paths • • WCCP exists in CEF, dCEF, fast and process-switching paths WCCP won’t cause the switching level to be decreased to “next slowest” level (but other features may) dCEF (distributed Cisco express forwarding) is preferable (on 75xx routers only), CEF on all other platforms WCCP in dCEF on IOS 12.0S/12.0SC/12.0ST only WCCP in CEF on 12.0 mainline, 12.0T, 12.1 mainline, 12.1T • • • NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 78 Ingress vs Egress Interception • Ingress vs egress interception WCCP can intercept on input-interface into router or output-interface out of router Input-based WCCP has less CPU impact—packet doesn’t need to be switched “twice” Router supports explicit inclusion/exclusion from intercept based on input i/face NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 79 WCCP Switching: Ingress Interception Router Main CPU Use WCCP Here Interface 2/0/0 Router Switch Fabric Interface 1/0/0 NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 80 WCCP Switching: Egress Interception Router Main CPU Not Here! Interface 2/0/0 Router Switch Fabric Interface 1/0/0 NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 81 GRE Redirect vs L2 Rewrite • WCCP can send packets to cache via GRE tunnel or via L2 rewrite GRE tunnel allows cache to be IP hops away (analogous to NAT peering) L2 rewrite requires caches layer-2 connected to WCCP device L2-redirect preferable NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 82 Platform-Specific WCCP Implementations • Catalyst 6000/Cisco 7600 OSR supports WCCP in hardware Supervisor 1 With GRE redirect, WCCP-redirected flows stay in software on MSFC; max performance <1 gbit/s With L2 redirect, WCCP-redirected flows are h/w accelerated; estimated max performance 4 gbit/s Supervisor 2 GRE redirect: same as sup1 L2-redirect + XOR method: estimated at 4 gbit/s L2-redirect + hash mask method: line-rate (30M PPS, 256gbit/s) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 83 WCCP Forwarding Methods • Hashing scheme • Masking scheme HASHING XOR (IP_DA IP_SA port_DA port_SA) Hash CE1 CE2 CE3 CE4 0…011 xxxx00 xxxx01 xxxx10 xxxx11 MASKING IP_DA IP_SA L4_proto port_DA port_SA 0…...0 1……….1 1.……….1 0..……..0 xxxx TCP 80 xxxx xxxx TCP 80 xxxx xxxx TCP 80 xxxx xxxx TCP 80 xxxx CE1 CE2 CE3 CE4 index NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 84 BGP Policy Propagation for WCCP • Problem: Caching is an operational savings • Problem: How to maintain ACLs and routemaps for replication and premium cache customers? NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 85 BGP Policy Propagation for WCCP • Answer: Use BGP communities to propagate policy across the network (and internet) Very powerful–—provides for selective inclusion in cache eligibility ‘Premium’ hosting Service providers can offer transparent backbone caching; peers/customers can choose to participate by setting bgp community/MED Cache-only-dial-pool Provider only wants to cache dial or DSL pool, yet address space is segregated Selective intercept-based on administrative pref Only cache traffic which is due to go out an expensive path (eg. international) NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 86 BGP Policy Propagation for WCCP • The following example shows only “premium” traffic being cached Premium" traffic is defined as traffic which has: The policy defined below is: Any traffic with community 4433:1050 set Any traffic with community 4433:1055 set Any traffic originating from directly-connected AS 65521 Any traffic passing thru directly-connected AS 65522 Any traffic passing thru AS 65523 Is eligible for intercept Standard “web-cache” service is use—which is a standard assignment of 'match tcp destination port 80', distribute traffic among participating caches as hashed by destination ip address NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 87 BGP Policy Propagation for WCCP ! ip cef distributed # ensure Distributed CEF is enabled ! ip wccp version 2 # enable WCCPv2 ip wccp web-cache password policy source 50 # enable WCCP standard web-cache # service, apply policy "source"# match on WCCP route-tag 50 ! interface # incoming i/face ip wccp web-cache redirect in # redirect on input traffic ! ip bgp-community new-format ip community-list 3 permit 4433:1050 # AS4433 community 1050 is premium ip community-list 3 permit 4433:1055 # AS4433 community 1055 is premium ! ip as-path access-list 121 permit ^65521$ # only traffic from AS65521 is premium ip as-path access-list 121 permit ^65522 # any traffic thru AS65522 premium ! route-map neighbor-xyz-in permit 10 # incoming route filter on match as-path 121 set ip wccp 50 ! route-map neighbor-xyz-in permit 15 match community 3 set ip wccp 50 NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 88 WCCP Deployment Summary Recommendations • Deploy across edge in preference to core (utilise distributed nature) • Use ingress-based WCCP in preference to egress-based (halves WCCP router cpu %) • Use L2-redirect in preference to GRE (~ 5% less cpu) • Use hardware-supported methods where possible Other WCCP CPU-related factors • Caching may mean less packets thru router (as a result of cache-hits) • Place caches on “client” side of network to minimise packets thru router NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 89 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 90 Intelligent Cache Bypass Reverse-Proxy Caching with Intelligent Bypass Internet Connections/Sec $2,000 $1,500 $1,000 $500 $0 0% Cisco CSS 11000 Series Layer 4 Switch 30% Dynamic Content (Non-Cacheable) 50% NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 91 Reverse Proxy Caching Using Layer-5 Intelligence to Load-Balance Requests Co-lo Static Content Static Content Si ISP-2 Static Content Static Content Dynamic Content Dynamic Content Dynamic Content Dynamic Content Static Content Is Usually 70% or More of a Web Page This Is because a Web Page May Be dynamically generated, but the ‘Thick’ objects usually aren’t dynamic i.e. GIF, JPG, MPG, etc… Si NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 92 Agenda • Introduction • Products and Roadmap – ACNS 4.0 features • NTLM • Multicast Delivery • Applications – Transparent Caching How It Works, Packet Flows “Advanced” Transparency – Other Applications of Edge Content Delivery Reverse Proxy Caching Employee Internet Management (EIM) • Deployment – Sizing the correct product – Content Freshness – Traffic Interception Techniques WCCP (at Layer 3 and 4) Using Layer 5–7 Information © 2001, Cisco Systems, Inc. All rights reserved. NCM-230 3046_05_2001_c1 93 Traffic Interception Recommendations • Transparent network caching: (service provider and enterprise deployment) WCCP solution recommended Intercepted/redirected traffic flows can be asymmetric Interception/redirection can occur on multiple devices (eg. network-edge interception) Allows for “advanced transparency features” with Cisco caching solutions Service providers may use BGP policy propagation • Reverse proxy caching: CSS11K-based solution recommended where L5–7 intelligence is a significant advantage NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 94 In Summary.. NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 95 Types of Caching, Reasons for Caching • Transparent network caching and proxy caching (non-transparent) Content acceleration Content and user prioritisation Store frequently accessed content locally closer to the end-user, saving bandwidth and accelerating content delivery Typically deployed by both service providers and enterprises NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 96 Types of Caching, Reasons for Caching • Reverse proxy caching (RPC) Flash crowd insurance Overflow services Geographically dispersed content (when coupled with content routing) Accelerate web-server performance and scale web-server capacity by offloading common (static) pages from the web-server Deployed in front of web-servers typically by content hosters or as a value-add by colo providers NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 97 NCM-230 3046_05_2001_c1 © 2001, Cisco Systems, Inc. All rights reserved. 98