A Content Engine can be configured for FTP caching in the following two usage modes:
- FTP-over-HTTP mode—The Content Engine (acting as a nontransparent forward proxy server) caches the contents of the specified FTP URLs that are sent to it directly by clients who are using the HTTP protocol. This mode allows users to use their browsers running the HTTP protocol to send and receive files on remote FTP servers. For more information, see the Cisco ACNS Software Configuration Guide for Locally Managed Deployments.
- Native FTP mode—The Content Engine caches the contents of the FTP request that are sent from clients in the native FTP protocol. In the ACNS 5.3 software and later releases, native FTP caching is supported in transparent and nontransparent proxy mode. (Native FTP caching was supported only in transparent proxy mode in the ACNS 5.1 and 5.2 software releases.) For more information, see the “ftp-native” section.
In both of these usage modes, the Content Engine uses FTP to retrieve and locally cache the content of the FTP requests. These two usage modes differ in the protocol used by the client to issue the FTP request. In FTP-over-HTTP mode, clients use their browsers (the HTTP protocol) to issue FTP requests. In native FTP mode, clients use native FTP to issue FTP requests, as shown in the following example:
ContentEngine# ftp server.cisco.com
Note For information on the usage modes and types of supported FTP caching, see Chapter 7 of the Cisco ACNS Software Configuration Guide for Locally Managed Deployments.
Note Transparent redirection of FTP requests is supported only by WCCP Version 2; transparent redirection through a Layer 4 switch is not supported.
In the ACNS 5.3 software release, the ftp keyword was replaced with the ftp-over-http and ftp-native keywords to clearly differentiate between FTP native caching and FTP-over-HTTP caching.
FTP-over-HTTP Caching Support
In the ACNS 5.0 software release, support for the proxying and caching of FTP-style requests over HTTP in proxy mode was added. When the Content Engine is configured in proxy mode, it can handle FTP-style requests over HTTP transport. When the Content Engine receives an FTP request from a client, it processes the request by searching its cache. If the object is not in its cache, it retrieves the object from an upstream FTP proxy server if this proxy server has been configured, or it retrieves the object directly from the origin FTP server.
With nontransparent FTP-over-HTTP caching, the Content Engine is functioning as a nontransparent forward proxy server for FTP-over-HTTP requests from client browsers. The ACNS 5.1 software and later releases support proxying and caching of FTP URL client requests using proxy-mode HTTP requests when URLs specify the FTP protocol (for example, ftp ://ftp.mycompany.com/ftpdir/ftp_file).
The following example of an FTP-over-HTTP request shows how the end user can use a browser to access public files from an FTP server:
For these requests, the client uses HTTP as the transport protocol with the Content Engine, and the Content Engine uses FTP with the FTP server. When the Content Engine receives an FTP request from the web client, it first looks in its cache. If the object is not in its cache, it fetches the object from an upstream FTP proxy server (if one is configured) or directly from the origin FTP server.
The FTP proxy supports anonymous and authenticated FTP requests. Only base64 encoding is supported for authentication. The FTP proxy accepts all FTP URL schemes defined in RFC 1738. In the case of a URL in the form ftp: //user@site/dir/file, the proxy sends back an authentication failure reply and the browser supplies a popup window for the user to enter login information.
The FTP proxy supports commonly used MIME types, attaches the corresponding header to the client, chooses the appropriate transfer type (binary or ASCII), and enables the browser to open the FTP file with the configured application. For unknown file types, the proxy uses binary transfer as the default and instructs the browser to save the download file instead of opening it. The FTP proxy returns a formatted directory listing to the client if the FTP server replies with a known format directory listing. The formatted directory listing has full information about the file or directory and provides the ability for users to choose the download transfer type.
Configure the port numbers for the incoming proxy-mode FTP-over-HTTP requests by entering the ftp-over-http proxy incoming ports global configuration command.
If you use the ftp-over-http proxy incoming command to configure the Content Engine to accept FTP-over-HTTP requests on a port other than port 80, you must also configure the client browsers to send their FTP-over-HTTP requests to that port.
You can configure FTP cache object freshness settings for FTP-over-HTTP caching. These parameters can be configured for either directory listings or particular objects in the cache.
Tip With the ACNS 5.x software, you can balance the HTTP and FTP object freshness with the cache hit rate. The ACNS software default parameters are weighted in favor of securing fresh content over maximizing the cache hit rate (to avoid increasing the cache hit rate by serving stale content). Text objects refer to HTML pages. Binary objects refer to all other web objects, such as GIFs and JPEGs.
- Specify the maximum size of an FTP object that should be stored in the Content Engine cache for FTP-over-HTTP caching by entering the ftp-over-http object max-size global configuration command.
- Configure FTP-over-HTTP caching by entering the ftp-over-http age-multiplier, ftp-over-http max-ttl, ftp-over-http reval-each-request, and the ftp-over-http min-ttl global configuration commands.
- Force the Content Engine to revalidate all objects for each FTP-over-HTTP request by entering the ftp-over-http reval-each-request all global configuration command. In the ACNS 5.3 software release, the ftp keyword was replaced with the ftp-over-http and ftp-native keywords.
Use the ftp-over-http proxy outgoing host global configuration command to configure one or more outgoing FTP proxy servers for the Content Engine. Enter the hostname or IP address for the outgoing FTP proxy servers. The primary outgoing FTP proxy server is the parent cache (upstream FTP proxy server) to which you want this Content Engine to direct all of its missed FTP traffic without using ICP or WCCP.
Use the ftp-over-http proxy anonymous-pswd global configuration command to specify the password that has to be used during anonymous FTP-over-HTTP operation.
Use the ftp-over-http proxy active-mode enable global configuration command to enable active mode on this Content Engine for FTP-over-HTTP mode. In FTP-over-HTTP caching mode, if the ftp-over-http proxy active-mode global configuration command is used, the Content Engine first attempts to use active mode with the origin FTP server for the data connection. If the active mode fails, the Content Engine attempts to use passive mode for the data connection.
In FTP-over-HTTP mode, if the ftp-over-http proxy active-mode command is not used, the Content Engine first attempts to use passive mode with the FTP server for the data connection and automatically switches to active mode if passive mode is not supported by the FTP server.
Enter the show ftp-over-http EXEC command to view the current FTP-over-HTTP configuration on the Content Engine. Enter the show statistics ftp-over-http EXEC command to display statistics for the FTP-over-HTTP requests that this Content Engine has handled. For example, the command output shows the number of FTP-over-HTTP requests received by the Content Engine, the number of FTP-over-HTTP hits and misses, as well as the number of FTP-over-HTTP requests that the Content Engine has forwarded to the origin FTP server or to the specified outgoing proxy server. The command output also shows the number of FTP-over-HTTP errors.
To clear FTP-over-HTTP statistics on the Content Engine, enter the clear statistics ftp-over-http EXEC command.
Note In the ACNS 5.3 software release, the show ftp proxy EXEC command was replaced with the show ftp-over-http and show ftp-native EXEC commands.
In the ACNS 5.3 software release, the show statistics ftp EXEC command was replaced with the show statistics ftp-over-http and show statistics ftp-native EXEC commands. In the ACNS 5.3 software releases, the clear statistics ftp EXEC command was replaced with the clear statistics ftp-over-http and clear statistics ftp-native EXEC commands.
Designating a Primary Outgoing FTP Proxy Server
In the ACNS 5.2 software and later releases, you can configure up to eight proxy servers for FTP miss traffic (FTP-over-HTTP).
Note At any one time, the Content Engine uses only one of the configured outgoing FTP proxy servers. Proxy servers cannot be used simultaneously.
To configure a Content Engine to direct all FTP-over-HTTP miss traffic to a parent cache without using ICP or WCCP, you must explicitly designate the parent cache as the primary outgoing FTP proxy server for the Content Engine.
Use the ftp-over-http proxy outgoing host host port primary global configuration command to designate a proxy server as the primary outgoing FTP proxy server for the Content Engine, where the following is true:
- host is the hostname or IP address of the parent cache (the outgoing FTP proxy server) to which FTP-over-HTTP missed traffic is directed.
- port is the port number used by the parent cache to accept missed FTP-over-HTTP requests from the Content Engine.
Use the primary keyword to set the specified host as the primary outgoing FTP proxy server. If several servers (hosts) are configured with the primary keyword, the last one configured becomes the primary outgoing FTP proxy server for the Content Engine.
In the following example, host 10.1.1.1 on port 8088 is explicitly designated as the primary outgoing FTP proxy server for Content Engine A. Host 10.1.1.2 is configured as a backup outgoing FTP proxy server.
ContentEngineA(config)# ftp-over-http proxy outgoing host 10.1.1.1 8088 primary
ContentEngineA(config)# ftp-over-http proxy outgoing host 10.1.1.2 220
FTP-over-HTTP Proxy Failover
For FTP-over-HTTP proxy caching, there is a primary proxy failover option that you can configure on Content Engines. This feature, which is referred to as the HTTP proxy failover feature, configures the forward proxy server to contact up to eight other proxy servers (outgoing proxy servers) when an FTP-over-HTTP cache miss occurs (when the requested FTP content is not already stored locally in the Content Engine cache).
You can use the ftp-over-http proxy outgoing global configuration command to configure up to eight backup Content Engines or any standard proxy servers for the FTP-over-HTTP proxy failover feature. These outgoing proxy servers can be other Content Engines or standard proxy servers that can be contacted to process FTP-over-HTTP cache misses without using ICP or WCCP. The function of these outgoing proxy servers is to process the FTP-over-HTTP cache misses that have been forwarded to them by the forwarding proxy server. One outgoing proxy server functions as the primary server to receive and process all cache miss traffic.
If the primary outgoing proxy server fails to respond to the FTP-over-HTTP request, the server is noted as failed and the requests are redirected to the next outgoing proxy server until one of the proxies services the request.
A failover occurs in the order that the proxy servers were configured. If all of the configured proxy servers fail, the Content Engine can optionally redirect FTP-over-HTTP requests to the origin server specified in the HTTP header if you have used the ftp-over-http proxy outgoing origin-server global configuration command. If the origin-server option is not enabled, the client receives an error message. Response errors and read errors are returned to the client, because it is not possible to detect whether these errors are generated at the origin server or at the proxy.
Note At any one time, the Content Engine uses only one of the configured outgoing proxy servers. The outgoing proxy servers cannot be used simultaneously. You can view the state of the outgoing FTP-over-HTTP proxy servers in syslog NOTICE messages and with the show ftp-over-http proxy EXEC command.
By default, the Content Engine strips the hop-to-hop 407 (Proxy Authentication Required) error code sent by the Internet proxy. If you enter the ftp-over-http proxy outgoing preserve-407 global configuration command on a Content Engine, the Content Engine sends the 407 error code to the requesting client browser, and the Internet proxy authenticates the client.
Requests with a destination specified in the proxy-protocols outgoing-proxy exclude global configuration command bypass the primary outgoing proxy server and the failover proxy servers.
If all of the outgoing proxy servers fail to process the FTP-over-HTTP cache miss, the following occurs:
- If the ftp-over-http proxy outgoing origin-server option is enabled, then the Content Engine (forward proxy server) forwards the FTP-over-HTTP cache miss request to the origin server that was specified in the original FTP-over-HTTP request from the client browser.
- If the ftp-over-http proxy outgoing origin-server option is not enabled, an error is sent to the requesting client browser. Response errors and read errors are returned to the requesting client browser, because it is not possible to detect whether these errors are generated at the origin server or at the proxy server.
Note In the ACNS 5.1 software and earlier releases, the primary proxy failover feature supported HTTP only, not FTP. In the ACNS 5.2 software and later releases, FTP-over-HTTP support is available.
The no ftp-over-http proxy outgoing connection-timeout option causes the timeout to be set to the default value of 300 milliseconds.
In the following example, the Content Engine is configured to redirect FTP-over-HTTP requests directly to the origin server if all of the proxy servers fail:
ContentEngine(config)# ftp-over-http proxy outgoing origin-server
Requests with a destination specified in the proxy-protocols outgoing-proxy exclude global configuration command bypass the primary outgoing proxy and the failover proxy servers.
Monitoring Outgoing Proxy Servers and Statistics
A background process on the Content Engine monitors the state of the configured outgoing proxy servers. You can configure the Content Engine to poll the specified outgoing proxy servers at a specific interval in order to monitor their availability.
This monitor interval is the frequency at which the proxy servers are polled. The monitoring interval is specified in seconds and can be from 10 to 300 seconds. The default monitoring interval is 60 seconds. If one of the outgoing proxy servers is unavailable, the polling mechanism waits for the connect timeout (300000 microseconds) before polling the next outgoing proxy server. Use the ftp-over-http proxy outgoing monitor command to specify how frequently the Content Engine polls the specified outgoing FTP proxy servers.
In the following example, the Content Engine is configured to monitor the outgoing FTP-over-HTTP proxy servers every 120 seconds:
ContentEngine(config)# ftp-over-http proxy outgoing monitor 120
You can also monitor outgoing proxy servers by checking the syslog NOTICE messages on the Content Engine.