Cisco ACNS Software Caching Configuration Guide, Release 4.2
Chapter 2: Content Engine Management Configuration and Features
Download this chapter
Chapter 2: Content Engine Management Configuration and Features Chapter 2: Content Engine Management Configuration and Features
Download the complete book
Cisco ACNS Software Caching Configuration Guide, Release 4.2Cisco ACNS Software Caching Configuration Guide, Release 4.2 (PDF - 3 MB)
give_us_feedback

Table Of Contents

Content Engine Management Configuration and Features

Content Engine Management Features

Logging On to the GUI

Administering Caching from the Cache Application GUI

Secure Shell Version 1 Support for Login

System Logging

Mapping Syslog Priority Levels to RealProxy Error Codes

Traceroute Support

Standby Interface Support

Cache Application Feature Set Table


Content Engine Management Configuration and Features

This chapter describes how to configure the Content Engine with the command-line interface (CLI) or graphical user interface (GUI). This chapter also provides a table with the list of the features supported by the Content Engine. This chapter contains the following sections:

Content Engine Management Features

Secure Shell Version 1 Support for Login

System Logging

Traceroute Support

Standby Interface Support

Cache Application Feature Set Table

Content Engine Management Features

You can configure the Cache application with the command-line interface (CLI) or with the Cache application graphical user interface (GUI). This guide contains mostly CLI configuration examples. However, GUI examples are shown whenever a feature requires them or to illustrate a feature through a screen capture.

For information on CLI commands, refer to the Cisco ACNS Software Command Reference, Release 4.2.

Logging On to the GUI

The GUI has separate online help for those Cache application features supported with the graphical management interface.

To connect to the GUI, perform the following steps.

Step 1 Start a web browser on a machine that has access to the network on which the Content Engine resides.

Note Be sure to enable Java, JavaScript, and Cascading Style Sheets on your Internet Explorer browser, or use the Netscape 4.0 or later browser.

Step 2 Open the URL with the cache IP address specified in the initial Cache application configuration. Append the default port number 8001. For example: 

http://172.16.13.8:8001

You are prompted for a username and password. (See Figure 2-1.)

Figure 2-1 Cache Application GUI—Authentication Challenge

Step 3 Enter a correct username and password. The Content Engine returns the GUI home page, as shown in Figure 2-2.

If you forget your password, you must have another administrator reset your password. The password for the user admin is specified in the initial system configuration dialog.

Figure 2-2 Cache Application GUI—Home Page

Administering Caching from the Cache Application GUI

Table 2-1 lists the Content Engine features that can be configured with the GUI (Figure 2-2).

Table 2-1 Content Engine GUI Tabs and Subtabs 

Tabs
Subtabs
Description

WCCP

Enable WCCP

Enables WCCP on the Content Engine.

Clustering

Sets parameters related to WCCP service clusters.

Custom Web Cache

Configures custom web cache traffic on the Content Engine.

Media Cache

Configures the Content Engine to cache HTTP traffic.

Reverse Proxy

Configures reverse proxy service.

Services

Configures multiple service groups.

Web-Cache

Configures the Content Engine to cache standard web traffic.

WMT-Streaming

Configures WMT streaming caching service.

Caching

Auth. cache

Configures cache authentication.

Bypass

Configures traffic bypass.

Cache on Abort

Configures cache on abort features when downloading is aborted.

Content Preload

Configures content preloading.

FTP Freshness

Configures FTP freshness factors.

FTP Proxy

Configures FTP incoming and outgoing proxies. Proxy mode enables the Content Engine to operate in environments where WCCP is not enabled, or where client browsers have previously been configured to use a legacy FTP proxy server

HTTP Freshness

Configures freshness factors for HTTP objects requested.

HTTP Proxy

Configures HTTP incoming and outgoing proxies.

HTTPS Proxy

Configures HTTPS incoming and outgoing proxies.

ICP Client

Configure a Content Engine cluster to generate ICP queries before retrieving requested objects from the Internet.

ICP Server

Configures a Content Engine to act as an ICP server.

LDAP

Configures the Content Engine to use an LDAP server for authentication purposes.

NTLM

Configures the Content Engine to use an NTLM server for authentication purposes.

Persist. Connect.

Configures persistent connections on the Content Engine.

Proxy Protocols

Configures the behavior of a Content Engine when it is intercepting requests sent to another proxy using WCCP in transparent mode.

RADIUS

Configures the Content Engine to use a RADIUS server for authentication purposes.

RealProxy

Enables RealProxy GUI Administration page.

 

Transaction Logs

Configures transaction logging.

URL Filtering

Configures URL filtering.

WMT-Streaming

Enables WMT and configures WMT streaming parameters.

System

Authentication

Configures the way that the Content Engine authenticates and authorizes administrative user access.

Basic Networking

Adjusts basic network settings for a Content Engine, such as default gateway and host name.

DNS

Modifies Domain Name System (DNS) settings.

Filesystem

Shows information about your currently configured file systems.

NTP

Configures the Content Engine's time and date settings.

Routing

Adds entries to the Content Engine's routing table.

Rules Template

Configures the Rules Template on the Content Engine.

SNMP

Configures SNMP parameters such as traps, host, and communities.

Syslog

Configures the Content Engine to send varying levels of event messages to a syslog host.

TACACS+

Configures the Content Engine to use a TACACS+ server for authentication purposes.

TCP

Configures TCP parameters.

Users

Adds, modifies, or deletes an administrative user.

Performance

Disk Stats

Displays general cache file system (cfs) disk statistics such as maximum disk storage and space used on disk.

IMS Stats

Displays if-modified-since (IMS) request activity.

Hardware Info

Displays hardware information on the Content Engine, such as model number, software version, and processing speed.

Java Monitor

Monitors Content Engine resources, such as uptime, requests, and percentage of cache-hits.

Performance

Displays Content Engine performance statistics, such as number of requests per second and object size.

Requests

Displays statistics on miscellaneous HTTP request data, such as forced requests and server errors.

Savings

Displays the number of requests that have been served by the Content Engine, and the savings incurred when the content is served from the Cache application.

TCP

Displays TCP statistics, such as server and client connection openings.

Usage

Displays Content Engine resource utilization statistics, such as CPU usage and number of HTTP requests.

WMT-Streaming

Displays WMT statistics, such as active streams and savings.


Access to the Cache application GUI can be controlled with multiple levels of username and password access, and access can be restricted to a subset of IP addresses (hosts). These access controls are configured with the user command and the trusted-host command, which are the same commands that you use to configure access to the CLI.

Note Be sure to enable Java, JavaScript, and Cascading Style Sheets on your Internet Explorer browser, or use the Netscape 4.0 or later browser.

Secure Shell Version 1 Support for Login

Secure Shell (SSH) enables login access to the Content Engine through a secure and encrypted channel. SSH consists of a server and a client program. Like Telnet, you can use the client program to remotely log on to a machine that is running the SSH server, but unlike Telnet, messages transported between the client and the server are encrypted. The functionality of SSH includes user authentication, message encryption, and message authentication.

Before you enable the sshd command, use the ssh-key-generate command to generate a private and a public host key, which the client programs use to verify server's identity.

When a user runs an SSH client and logs in to the Content Engine, the public key for the SSH daemon running on the Content Engine is recorded in the client machine known_hosts file in the user's home directory. If the Content Engine administrator subsequently regenerates the host key by issuing the ssh-key-generate command, the user must delete the old public key entry associated with the Content Engine in the known_hosts file before running the SSH client program to log in to the Content Engine. When the user runs the SSH client program after deleting the old entry, the known_hosts file is updated with the new SSH public key for the Content Engine.

Note The Telnet daemon can still be used with the Content Engine. SSH does not replace Telnet.

This example generates an SSH public key and then enables the SSH service. 

Console(config)# ssh-key-generate

Ssh host key generated successfully

Saving the host key to box ...

Host key saved successfully


Console(config)# sshd enable

Starting ssh daemon ...

Ssh daemon started successfully

System Logging

Use the logging command to set specific parameters for the system log file (syslog). This file contains authentication entries, settings of privilege levels and administrative details. System logging is always enabled internally. The system log file is located on the system file system (sysfs) partition as /local1/syslog.txt.

To configure the Content Engine to send varying levels of event messages to an external syslog host, use the logging host command. Logging can be configured to send various levels of messages to the console using the logging console priority option. (See Table 2-2.)

Table 2-2 Mapping of RealProxy Error Level to Syslog Priority Level 

RealProxy Error Code
RealProxy Condition
RealProxy Usage
syslog Priority Level

0

Panic

Error potentially causing a system failure. RealSystem takes actions necessary to correct the problem.

Priority 0—LOG_EMERG,
Emergency. System is unusable.

1

Severe

Error requiring immediate user intervention to prevent a problem.

Priority 1—LOG_ALERT,
Alert. Immediate action needed.

2

Critical

Error that may require user intervention to correct.

Priority 2—LOG_CRI,
Critical. Critical conditions.

3

General

Error that does not cause a significant problem with normal system operation.

Priority 3—LOG_ERR,
Error. Error conditions.

4

Warning

Warning about a condition that does not cause system problems but may require attention.

Priority 4—LOG_WARNING
Warning. Warning conditions.

5

Notice

Notice about a condition that does not cause system problems but should be noted.

5—LOG_NOTICE
Notice. Normal but significant conditions.

6

Informational

Informational message only.

6—LOG_INFO
Information. Informational messages.

7

Debug

Information of use only when debugging a program.

7—LOG_DEBUG
Debug. Debugging messages.


Note In ACNS 4.2 software, syslog messages from the Content Engine to a remote host are sourced from port 10000 rather than port 514.

This example shows the last few lines of the syslog.txt file using the type-tail command, which only lists the last few lines of text in a file. 

ContentEngine# type-tail syslog.txt

Jan 18 17:50:03 ContentEngine Host[3766]: authentication failure; (uid=0) -> aaHH for 
content_engine_config service

Jan 18 17:50:05 ContentEngine login[3766]: Failed login session from 172.16.1.1 for user 
aaHH:  Authentication service cannot retrieve authentication info.

Jan 18 18:39:05 ContentEngine Host[6787]: set privilege level to `0'

Jan 18 18:39:05 ContentEngine login: user login on 1 from 172.16.66.148

ContentEngine#

Mapping Syslog Priority Levels to RealProxy Error Codes

The RealProxy generates error messages and writes them to the RealProxy log file. (See the "Using the RealProxy Streaming Solution" section.) These error messages are captured by the Cache software and passed to the system log file. There is a one-to-one mapping correspondence between the RealProxy error codes and the syslog priority levels, as shown in Table 2-2.

Traceroute Support

Traceroute is a widely available utility on most operating systems today. Much like ping, it is a valuable tool for determining connectivity in a network. Ping allows the user to find out if there is a connection between two end systems. Traceroute does this as well, but additionally lists the intermediate routers between the two systems. Users can therefore see the routes that packets can take from one system to another.

Use the traceroute EXEC command to find the route to a remote host, where either the host name or IP address is known. 

ContentEngine# traceroute yahoo.com 

traceroute to 66.218.71.113 (66.218.71.113), 30 hops max, 38 byte packets

***

***

***

***

10  p3-3.paloalto-cr2.bbnplanet.net (4.0.26.13)  3.219 ms  2.001 ms  2.097 ms

11  p7-1.paloalto-nbr2.bbnplanet.net (4.0.6.77)  3.133 ms  1.949 ms  2.076 ms

12  p4-0.paloalto-nbr1.bbnplanet.net (4.0.5.65)  2.755 ms  2.204 ms  2.037 ms

13  p1-0.paix-bi2.bbnplanet.net (4.0.6.98)  2.928 ms  2.146 ms  2.334 ms

14  p1-0.xpaix17-level3.bbnplanet.net (4.0.1.70)  3.397 ms  3.631 ms  3.081 ms

15  gige10-0.ipcolo4.SanJose1.Level3.net (64.159.2.42)  3.334 ms  2.999 ms  2.388 ms

16  cust-int.level3.net (64.152.69.18)  3.871 ms  3.031 ms *

17  ge-3-3-0.msr1.pao.yahoo.com (216.115.101.42)  3.695 ms ge-2-3-0.msr2.pao.yahoo.com 
(216.115.101.46)  6.998 ms *

18  vl16.bas1.scd.yahoo.com (66.218.64.146)  6.282 ms  5.091 ms  5.162 ms

19  w2.rc.scd.yahoo.com (66.218.71.113)  6.028 ms  5.782 ms  5.544 ms

ContentEngine#

Standby Interface Support

When an active network interface fails (because of cable trouble, Layer 2 switch failure, high error count, and so forth), and that interface is part of a standby group, a standby interface can become active and take the load off the failed interface.

To configure an interface to be a backup for another interface, use the standby command in interface configuration mode. Use the no form of the command to restore the default configuration of the interface.

To configure standby interfaces, interfaces are logically assigned to standby groups. The following rules define the standby group relationships:

A standby group comprises two or more interfaces.

The maximum number of standby groups on a Content Engine is four.

Each interface is assigned a unique IP address, and each standby group is assigned a unique standby IP address, shared by all members of the group.

Configure the duplex and speed settings of the standby group member interfaces for better reliability.

Each interface in a standby group is assigned a priority. The operational interface with the highest priority in a standby group is the active interface. Only the active interface uses the group IP address.

If the active interface fails, the operational interface in its standby group that is assigned the next highest priority becomes active.

If all the members of a standby group fail and then one recovers, the ACNS software brings up the standby group on the operational interface.

The priority of an interface in a standby group can be changed at runtime. The member interface that has the highest priority after this change becomes the new active interface (the default action is to preempt the currently active interface if an interface with higher priority exists).

The maximum number of errors allowed on the active interface before the interface is shut down and the standby is brought up is configured with the errors option, which is disabled by default.

Note Interface IP addresses and standby group IP addresses must be on different subnets to ensure reliable operation. You can use a dummy IP addresses in the private address space to serve as interface primary IP addresses, and use the real Content Engine IP address to serve as the standby group IP address in a different subnet to satisfy this requirement.

Note Make sure to configure the primary interface default gateway using the ip default-gateway global configuration command instead of the ip route command.

This example configures three interfaces to be part of the same standby group, with interface 3/0 as the active interface. 

Console(config)# interface fastEthernet 3/0 standby 1 ip 172.16.10.10 255.255.254.0

Console(config)# interface fastEthernet 3/1 standby 1 ip 172.16.10.10 255.255.254.0

Console(config)# interface fastEthernet 3/2 standby 1 ip 172.16.10.10 255.255.254.0

Console(config)# interface fastEthernet 3/0 standby 1 priority 300

Console(config)# interface fastEthernet 3/1 standby 1 priority 200

Console(config)# interface fastEthernet 3/2 standby 1 priority 100

Console(config)# interface fastEthernet 3/0 standby 1 errors 10000

Console(config)# interface fastEthernet 3/1 standby 1 errors 10000

Console(config)# interface fastEthernet 3/2 standby 1 errors 10000

Cache Application Feature Set Table

Table 2-3 lists the principal features of the ACNS software Cache application, with the associated command-line interface (CLI) commands. Release notes may contain updates to this information.

Table 2-3 Cisco Cache Application Feature Set 

Cisco Cache Software, Release 4.2 Feature
Related CLI Commands
Section and Page
Cache parameter settings

Caching of authenticated content

http cache-authenticated

Caching of Authenticated Content

Cache freshness

http min-ttl

http max-ttl

http age-multiplier

http reval-each-request

Cache Freshness

Caching of binary content with cookies

http cache-cookies

Caching of Binary Content with Cookies

Object size capping

http object

Maximum Object Size

Selective abort of object downloading on client-abort (also called "quick_abort")

http cache-on-abort

Aborting Selected Objects

HTTP Range request caching

http cache-on-abort

Caching of HTTP Range Requests

Caching entire objects under Range requests

http smart-range

Caching Entire Objects Under Range Requests

Transparent caching

Transparency through WCCP

wccp version 2

wccp router-list

Transparent Caching Through WCCP

Authentication bypass

bypass auth-traffic

bypass timer

Authentication Traffic Bypass

Dynamic bypass

bypass auth-traffic

bypass timer

Dynamic Traffic Bypass

Overload bypass

bypass load

Overload Bypass

Static bypass

bypass static

Static Bypass

Multiport transparent redirection

proxy-protocols

wccp port-list

wccp service-number

Multiport Transparent Redirection

WCCP flow protection

wccp slow-start

wccp flow-redirect

WCCP Flow Protection

IP spoofing

wccp spoof-client-ip enable

IP Spoofing

Accelerated WCCP Layer 2 support

wccp custom-web-cache

wccp media-cache

wccp reverse-proxy

wccp service-number

wccp web-cache

Accelerated WCCP Layer 2 Support

Transparent caching with the
Cisco CSS 11000 series switch

http l4-switch enable

Configuring Transparent Caching with the Cisco CSS 11000 Series Switch

Proxy-style caching (nontransparent operation)

HTTP proxy caching

http proxy incoming

HTTP Proxy Caching

FTP proxy caching

ftp proxy incoming

FTP Proxy Caching

SSL tunneling

https proxy incoming

SSL Tunneling

Reverse proxy caching

Reverse proxy through WCCP

wccp reverse-proxy

Configuring Reverse Proxy Service Based on WCCP

Reverse proxy based on Layer 4 switch

http l4-switch enable

Configuring Reverse Proxy Service Based on a Layer 4 Switch

Cache hierarchy

Parent proxy failover

http proxy outgoing

Configuring Primary Proxy Failover

Handling proxy-style requests

http proxy outgoing

proxy-protocols

Handling Proxy-Style Requests

ICP

icp client

icp server

Internet Cache Protocol

Streaming media splitting and caching

Transparent caching and Microsoft Windows Media Technologies (WMT) 7.01

disk config sysfs partitionsize mediafs partitionsize

wmt enable

Enabling Transparent WMT Service Using WCCP-Enabled Routers

Proxy caching and Microsoft Windows Media Technologies (WMT) 7.01

disk config sysfs partitionsize mediafs partitionsize

wmt enable

Enabling Conventional WMT Proxy Service

WMT multicasting

wmt multicast

wmt broadcast

Configuring WMT Multicasting

Transparent caching and RealProxy 8.01 support

disk config sysfs partitionsize mediafs partitionsize

rtsp proxymedia-real enable

Enabling Transparent Caching of RTSP Traffic Using WCCP-Enabled Routers

Proxy caching and RealProxy 8.01 support

disk config sysfs partitionsize mediafs partitionsize

rtsp proxy sysfs partitionsize media-real enable

Enabling Conventional Proxy Caching of RTSP Traffic

Employee Internet management

URL filtering

url-filter

url-filter bad-sites-deny

URL Filtering Overview

N2H2 filtering

url-filter N2H2 server

url-filter N2H2 allowmode

URL Filtering with the N2H2 Server

Websense enterprise server filtering

url-filter websense enable

url-filter websense server

URL Filtering with the Websense Enterprise Server

SmartFilter filtering

url-filter smartfilter

URL Filtering with SmartFilter Software

Rules Template

Rules Template

rule enable

Rules Template Overview

User authentication

User authentication configuration

authentication login

authentication configuration

User Authentication and Authorization

TACACS+ authentication

authentication login

authentication configuration

tacacs

TACACS+ Authentication

Microsoft NT LAN Manager (NTLM) authentication

http cache-authenticated

ntlm server

http authenticate-strip-ntlm

NTLM Authentication

RADIUS authentication

authentication login

authentication configuration

http authentication cache

http authentication header

radius-server

RADIUS HTTP Request Authentication

LDAP authentication

http authentication cache

http authentication header

ldap server

LDAP HTTP Request Authentication

Using access lists

access-lists enable

Group Authentication Using Access Control Lists

Logging

Squid-style transaction logging

transaction-logs format squid

Squid-Style Transaction Logging

Extended Squid transaction logging

transaction-logs format extended-squid

Extended Squid-Style Transaction Logging

Apache-style transaction logging

transaction-logs format apache

Apache-Style Transaction Logging

Sanitized transaction logs

transaction-logs sanitize

Sanitized Transaction Logs

Exporting log files

transaction-logs export enable

transaction-logs export ftp-server

Exporting Log Files

Network management

SNMP agent support

snmp-server community

Key SNMP CLI Commands

SNMP traps

snmp-server enable traps

snmp-server host

Configuring SNMP Traps

CiscoWorks2000 syslog format

logging cw2k

Using CiscoWorks2000

Cisco Discovery Protocol

interface FastEthernet 0/0 cdp enable

Using Cisco Discovery Protocol

TCP stack parameters

User-configurable TCP parameters

tcp

Configuring TCP Parameters Using the Content Engine GUI and CLI

TCP-over-satellite extensions

tcp client-satellite
tcp server-satellite

TCP-Over-Satellite Extensions

Miscellaneous features

Boomerang agent

boomerang dns enable

Configuring the Content Engine as a Content Routing Agent

Browser autoconfiguration

proxy-auto-config

Browser Autoconfiguration

Healing mode

http cluster

http cluster misses

http cluster max-delay

http cluster http-port

Configuring Healing Mode

Content preloading

pre-load enable

pre-load url-list-file

pre-load resume

pre-load max-bandwidth

Content Preloading