Transparent Caching
The art of caching network traffic without requiring user / browser side configuration.
What is transparent caching?
Transparently proxying / caching network traffic without requiring user configuration or knowledge. A way to simplify caching for the end user Forces all users to use the cache.
Why use transparent caching? ď Ź
ď Ź
Ease of use. No configuration required by the end user. Catching all users. No users can bypass the cache.
What is involved?
TCP level routing Reverse NAT or related technology to hijack port 80 traffic. A cheap proxy with some knowledge of transparent proxying A cache
Tools available
TCP level Routing −
Policy routing / route maps
−
TCP / layer 4 switches with or without NAT
−
Cisco WCCP
Host level NAT −
Linux firewall code
−
FreeBSD firewall code
−
IP-Filter
Using policy routing to redirect traffic ď Ź
A standard router configured to route TCP port 80 to the cache Proxy services.
Internet
User 1 User 2 User 3 User ..
Policy routing (cont.)
Benefits −
Can usually be deployed without extra hardware
Drawbacks − − −
Only static routing No fault tolerance. Port 80 traffic disrupted if cache server fails. More CPU load on the router
Running the cache on a router ď Ź
Small network / firewall. Host used as router of elite private proxy. Router / Cache Server
Internet
User 1 User 2 User 3 User ..
Caching router / firewall
Benefits − −
Less hardware required Well suited for small to medium sized firewalls.
Drawbacks − −
Stability / reliability. Can disrupt all communication. If running on a firewall: make sure the firewall protects the cache software.
Cisco Web Cache Control Protocol (WCCP)
Developed by Cisco for Cisco Automated configuration. Proxy servers announce their presence to the router. Load balancing Fault recovery Commercial Licensing required. Not currently an option for free software.
TCP switch benefits − − − − −
Can bypass the cache if it malfunctions Good reliability Can distribute the load on multiple cache servers Can do the required NAT, allowing the use of any OS on the cache server. Some do HTTP proxy translation, allowing the use of any proxy software.
TCP switch drawbacks − −
One more expensive box to purchase Using NAT requires switch vendor support in the proxy software to support old browsers of SEO proxies.
Problems related to request formats
A transparent proxy must reconstruct the URL of the request. Host: headers not always available. HTTP/1.1 feature or 1.0 add-on. IP address from NAT translation.
What happens at the TCP level?
Normal communication / Private proxy provider − IP based routing − TCP is end-to-end − One IP address, one Host Transparent proxying − TCP based routing − TCP is no longer end-to-end − One IP address, “multiple hosts”
Problems at the TCP level
TCP normally relies on two IP protocols. TCP and ICMP. Of these only TCP can be reliably redirected. ICMP is required for Path MTU discovery. TCP resets if a single packet travels another path bypassing the redirection.
Things to consider when configuring OS level NAT
Try not to disturb traffic to/from the cache server host. Make sure that the Private proxy server traffic is not redirected back to the proxy. Be prepared to do packet level traces, preferably from a separate box.
Recommended steps when building a transparent proxy
Think it over. Is it really required? Build and test the proxy server Configure NAT on the proxy server Test it using a local LAN client Set up TCP level routing.
Common problems
Communication hangs for some users −
Connection reset errors −
Most likely caused by MTU related problems. Usually misconfigured and private proxy provides NAT or TCP routing.
Bad performance −
Possibly CPU bottleneck in the router.
Summary
Transparent caching is a good tool in most configurations to ease user side configuration. It has some important limitations. Not a full replacement for standard proxying. For many automatic instructions on how to configure proxy settings achieves the same goals.
Thanking you... For more info log on too... http://proxiesforent.com