Transcript Shirish Sathaye Presentation

Web Cache Redirection
using a Layer-4 switch:
Architecture, issues, tradeoffs, and trends
Shirish Sathaye
Vice-President of Engineering
Outline
• Web-Cache deployment options - descriptions and tradeoffs
– Proxy caching
– Transparent proxy caching
– Transparent proxy with Web Cache Redirection
• Web-Cache-Redirectors - Why do I need yet another device
in my network?
–
–
–
–
Performance
Intelligence
Cache hit-rate
Availability
• Summary
Proxy caching
• Browser pointed at cache instead of origin server
• No impact on non-Web traffic
• Incremental hardware/software costs limited to cache
server and software
• Every browser needs to be re-configured
• Each client hits only one cache
– Can’t take advantage of data stored in other local caches, lowering
hit rate
– Lower hit rates mean user delays and unnecessary WAN traffic
– If cache is down, user loses web access until browser reconfigured
Transparent proxy caching
• Browser sends requests for web pages to origin server
• Impact on non-web traffic: Cache sits in data path,
examines all out-bound packets, intercepts and processes
web traffic
• No browser reconfiguration required
• Caches must be configured to do network address
translation
• Each client hits only one cache
– Difficult to take advantage of data stored in other local caches,
lowering hit rate
• If cache is down, user loses all Internet access until
alternate path operational
Transparent proxy caching with WCR
• Browser sends requests for web pages to origin server
• LAN switch (Cache Redirector) in data path examines all
packets and redirects web traffic to cache(s)
• Very little impact on non-web traffic
• No browser re-configuration required
• Cache need not do NAT, the redirector can offload this
function from the cache.
• Each client hits multiple caches
– Takes advantage of data stored in all local caches, raising hit rate
– Higher hit rates mean less user delay and less unnecessary WAN
traffic
– If any cache is down, traffic directed to other caches
Why do I need yet another device for
Web-Cache-Redirection?
• Performance: specialized device for high-performance
web-cache redirection
• Cache-hit rate: specialized device implements techniques
to maximize hit rate
• High availability: support for redundant caches and
redundant redirectors
• Intelligence: support for content-aware, content-specific,
and site-specific caching. Support for various data types
and protocols
Maximizing Performance
• Per-session:
– Every session must be mapped to a cache server
– Device must maintain state information in each direction
– Must consider special application requirements: eg FTP
caching, etc.
• Per-packet:
– Must substitute session address (NAT)
– May need to modify content (header fix-up)
– Needs to recompute protocol check-sums
• Background:
– Must perform server and service health check
– Must track load on a per-cache server basis
Redirector - Performance Requirements
• Scalable performance across all ports
• Ability to look arbitrarily deep into packet and rewrite
portions of packet content at wire-speed
• Ability to support a rich set of redirection rules
• Ability to have line-rate performance with richest
combination of redirection rules enabled
Traffic not subject to redirection experiences minimal
latency or throughput impact
Redirector Implementation
RISC RISC
4MB
SRAM
RISC HW
RISC assist
1MB
ports
RISC HW
RISC assist
1MB
ports
2MB
Flash
Switch
Modules
Management
Module
...
Multi-Gigabit
switch backplane
RISC HW
RISC assist
1MB
ports
• Hardware acceleration at each port for parsing packets at linerate and performing sophisticated transformations
• Distributed processing at each port for flexibility to add new
redirection rules with no performance impact
– ASIC integrates two 100 MIPS RISC processors, and 10/100/1000
Ethernet MAC per port
• Support for traditional L2 and L3 switching at wire-speed
• Separate processors for background management functions
Intelligence
• Network address translation:
– Offloads NAT from web-cache
• Authentication:
– Web-sites may use client source-IP address based authentication
– Redirector can be dynamically programmed to not redirect
connections for non-cacheable sites
• Content-driven caching:
– Some information is non-cacheable (eg: POSTs etc)
– Redirector can be programmed to not send this info to cache
– Redirector can be programmed to not redirect some content types
• Support for caching different application protocols
– FTP, NNTP, Streaming Audio, Video
Maximizing Cache Hit-rate
• Variety of content distribution algorithms for a cache array
• Balances load across caches using load-balancing
techniques
• Controls degree and placement of replicated information
depending on which cache selection algorithm is used.
• Allows tradeoff between hit-rate, performance, replication
and fault-tolerance.
• Examples of cache selection algorithms:
– Hashing on origin server IP address
– Transforming the origin-server IP address and some portion of
client address using a deterministic function
– Using a least-loaded-first scheme
– Using a round-robin scheme
High availability
Ne tw ork Ports
Se rve r Ports
AN
1
AS
1
Server
Active Sw itch
AN
2
AS
2
x
Client Netw ork
Server Netw ork
Failove r Link
SN
1
OFF
SS
1
Standby Sw itch
Client Netw ork
Server Netw ork
SN
2
Standb y Ports
SS
2
Server
• Redirector monitors cache
health
• Supports dynamic cache
addition and removal from
array
• Automatically redistributes
content between remaining
caches
• Supports redundant
switching topologies with no
single point of failure
Summary
• Transparent proxy with web-cache redirection is often the
preferred way to deploy a web-cache system
• A specialized Layer-4 switch (Redirector) offers significant
advantages compared to redirecting using traditional
networking devices:
–
–
–
–
Performance
Intelligence
Cache-hit rate
Availability