Cisco ACNS Software Caching and Streaming Configuration Guide, Release 5.1
Chapter 9: Configuring a Primary Proxy Server
Download this chapter
Chapter 9: Configuring a Primary Proxy ServerChapter 9: Configuring a Primary Proxy Server
Download the complete book
Full Book PDF FileFull Book PDF File (PDF - 15 MB)
give_us_feedback

Table Of Contents

Configuring a Primary Proxy Server

Configuring HTTP and HTTPS Outgoing Proxy Exclusion Settings

Configuring HTTP and HTTPS Outgoing Proxy Exclusion Settings Using the Content Engine GUI

Configuring HTTP and HTTPS Outgoing Proxy Exclusion Settings Using CLI Commands

Designating a Primary Proxy Server

Configuring Primary Proxy Failover

Configuring a WMT Outgoing Proxy

Configuring a Monitoring Interval

Configuration Examples


Configuring a Primary Proxy Server

This chapter provides an overview of how the Content Engine handles proxy-style requests, and describes how to configure primary and backup (failover) proxy servers.

This chapter contains the following sections:

Configuring HTTP and HTTPS Outgoing Proxy Exclusion Settings

Designating a Primary Proxy Server

Configuring Primary Proxy Failover

Configuring a WMT Outgoing Proxy

Configuring a Monitoring Interval

Configuration Examples

Note For complete syntax and usage information for the CLI commands used in this chapter, refer to the Cisco ACNS Software Command Reference, Release 5.1.

Configuring HTTP and HTTPS Outgoing Proxy Exclusion Settings

Certain scenarios involve the deployment of a Content Engine in proxy mode at company headquarters and Content Engines in transparent mode at remote locations in branch offices. In this scenario if a cache miss occurs at the remote Content Engine, company policy requires that the request be routed to the Content Engine at headquarters.

When an HTTP request intended for another proxy server is intercepted by the Content Engine in transparent mode, the Content Engine forwards the request to the intended proxy server if the proxy-protocols transparent original-proxy command was entered. If this command was not entered, then the Content Engine forwards the request to the origin server where the initial HTTP request was made.

When in transparent caching mode, the Content Engine can intercept requests sent to another proxy and send these requests to one of the following two destinations:

Default server—This is the default option. The Content Engine retrieves the objects from the web server itself, or if it is configured to use an outgoing proxy for this protocol, it forwards the request to its outgoing proxy. In this scenario, the client browser configuration is ignored, and the Content Engine configuration is used to retrieve the object from the server.

Original proxy—The Content Engine forwards the request to the proxy that the client originally addressed the request to. This may be different from the Content Engine's own outgoing proxy for the specified protocol.

ACNS 5.x software also has an option that allows you to specify a single domain name, host name, or IP address to be globally excluded from proxy forwarding.

Domains are entered as an ASCII string, separated by spaces.

The wildcard character * (asterisk) can be used for IP addresses (for instance, 172.16.*.*).

Note Requests with a destination specified with wildcard characters bypass the Content Engine proxy as well as the failover proxies.

the Content Engine addresses the request to the destination server directly and not to the client's intended proxy server.

When a Content  Engine intercepts a proxy request intended for another proxy server and there is no outgoing proxy configured for HTTPS, and the proxy-protocols transparent default-server command is invoked, the Content Engine addresses the request to the destination server directly and not to the client's intended proxy server.

However, all transparently intercepted requests sent by clients are returned to the client and requested objects are not delivered, if the following two conditions exist:

The proxy-protocols transparent reset command is configured on the Content Engine.

A cache miss occurs.

Configuring HTTP and HTTPS Outgoing Proxy Exclusion Settings Using the Content Engine GUI

To configure proxy protocol parameters on a locally deployed Content Engine, follow these steps:

Step 1 From the Content Engine GUI, choose Caching > Proxy Protocols. The Proxy Protocols window appears. (See Figure 9-1.)

Figure 9-1 Proxy Protocol Window

Note The Proxy Protocols window contains settings that apply to all the protocols supported by the Content Engine.

Step 2 Click the Default server or Original Proxy radio button. See Table 9-1 for an explanation of these choices.

Step 3 To enable the outgoing HTTP and HTTPS proxy exclusion feature on the Content Engine, follow these steps:

a. Check the Do not use Outgoing Proxy for the following domains check box to enable the outgoing HTTP and HTTPS proxy exclusion feature on the Content Engine.

b. In the Do not use Outgoing Proxy for the following domains field, enter the names of any domains that you can connect to directly, bypassing the outgoing proxy server. For example, if you enter cisco.com, then the configured outgoing proxy server will be bypassed each time the Content Engine tries to retrieve a web page from cisco.com. You can specify IP addresses instead of domain names. The wildcard character (*) can also be specified for IP addresses (for instance, 174.12.*.*). You must press the Enter key after entering each local domain.

Step 4 Click Update to save the settings.

Configuring HTTP and HTTPS Outgoing Proxy Exclusion Settings Using CLI Commands

You can also use the CLI to configure HTTP and HTTPS outgoing proxy exclusion settings (proxy protocols) on a locally deployed Content Engine.

Table 9-1 shows key Content Engine GUI parameters and CLI commands associated with proxy protocol features. The order in which the CLI commands are entered is not important.

Table 9-1 Proxy Protocols Key Parameters 

Key Parameter
Description
Command

Default server

Specifies that the Content Engine should retrieve objects from the web server itself. With this option, a proxy-style request can be sent to an outgoing proxy server if such a server is configured.

proxy-protocols transparent default-server

Original proxy

Specifies that the Content Engine should forward the request to the original proxy that the client addressed the request to.

proxy-protocols transparent original-proxy

Do not use Outgoing Proxy for the following domains

Excludes the domain name, host name, or IP address specified here from proxy forwarding.

proxy-protocols outgoing proxy-exclude


Use the proxy-protocols global configuration command tospecify a domain name, host name, or IP address to be excluded from proxy forwarding. To selectively turn off outgoing-proxy exclude lists or to force transparently received proxy-style requests to be fulfilled by the Content Engine, use the no form of this command.

proxy-protocols outgoing-proxy exclude {enable | list word}

proxy-protocols transparent {default-server | original-proxy | reset} 

Table 9-2 describes the parameters for the proxy-protocols command.

Table 9-2 Parameters for the proxy-protocols Command 

Parameter
Description

outgoing-proxy exclude

Sets global outgoing proxy exclude criteria.

enable

Enables global outgoing proxy exceptions.

list

Sets the global outgoing proxy exclude list.

word

Domain names, host names, or IP addresses to be excluded from proxy forwarding (supports 64 exclude list entries).

transparent

Sets transparent mode behavior for proxy requests.

default-server

Uses the Content Engine to go to the origin server or the outgoing proxy, if configured.

original-proxy

Uses the intended proxy server from the original request.

reset

Resets the incoming connection.


The proxy-protocols outgoing-proxy exclude option allows you to specify a single domain name, host name, or IP address to be globally excluded from proxy forwarding. Domains are entered as an ASCII string, separated by spaces. The wildcard character * (asterisk) can be used for IP addresses (for instance, 172.16.*.*). Only one exclusion can be entered per command line. Enter successive command lines to specify multiple exclusions. Requests with a destination specified in the proxy-protocols outgoing-proxy exclude command bypass the Content Engine proxy as well as the failover proxies.

When you enter the proxy-protocols transparent default-server global configuration command, the Content Engine forwards intercepted HTTP, HTTPS, and FTP proxy-style requests to the corresponding outgoing proxy server, if one is configured. If no outgoing proxy server is configured for the protocol, the request is serviced by the Content Engine and the origin server.

The proxy-protocols transparent original-proxy option specifies that requests sent by a web client to another proxy server, but intercepted by the Content Engine in transparent mode, be directed back to the intended proxy server.

The proxy-protocols transparent reset option specifies that requests sent by a web client to another proxy server, but intercepted by the Content Engine in transparent mode, be returned to the web client during a cache miss. The requested objects are not delivered.

The following example configures the Content Engine to forward intercepted HTTPS proxy-style requests to an outgoing proxy server. The domain name cruzio.com is excluded from proxy forwarding. The show proxy-protocols command verifies the configuration. 

ContentEngine(config)# https proxy outgoing host 172.16.10.10 266

ContentEngine(config)# proxy-protocols transparent default-server

ContentEngine(config)# proxy-protocols outgoing-proxy exclude cruzio.com 


ContentEngine# show proxy-protocols all 

Transparent mode forwarding policies: default-server

Outgoing exclude domain name: cruzio.com

The following example configures the Content Engine to forward intercepted HTTP proxy-style requests to the intended proxy server. 

ContentEngine(config)# proxy-protocols transparent original-proxy

Designating a Primary Proxy Server

To explicitly designate a proxy as the primary server, use the http proxy outgoing host ip-address port primary command. If several hosts are configured with the primary keyword, the last one configured becomes the primary failover host.

Note Only one of the outgoing proxy servers is available at a time. They cannot be used simultaneously.

Configuring Primary Proxy Failover

Note The primary proxy failover feature supports HTTP only, not HTTPS or FTP.

The http proxy outgoing option can configure up to eight backup Content Engines or any standard proxy servers for the HTTP proxy failover feature. One outgoing proxy server functions as the primary server to receive and process all cache miss traffic. If the primary outgoing proxy server fails to respond to the HTTP request, the server is noted as failed and the requests are redirected to the next outgoing proxy server until one of the proxies services the request. The no http proxy outgoing connection-timeout option causes the timeout to be set to the default value of 300 milliseconds.

Failover occurs in the order that the proxy servers were configured. If all of the configured proxy servers fail, the Content Engine can optionally redirect HTTP requests to the origin server specified in the HTTP header with the http proxy outgoing origin-server command. If the origin-server option is not enabled, the client receives an error message. Response errors and read errors are returned to the client, because it is not possible to detect whether these errors are generated at the origin server or at the proxy.

By default, the Content Engine strips the hop-to-hop 407 (Proxy Authentication Required) error code sent by the Internet proxy. If the http proxy outgoing preserve-407 command is invoked, the Content Engine sends the 407 error code to the client, and the Internet proxy authenticates the client.

Requests with a destination specified in the proxy-protocols outgoing-proxy exclude command bypass the primary outgoing proxy and the failover proxies.

Configuring a WMT Outgoing Proxy

ACNS 5.x software supports an outgoing HTTP proxy server for streaming media in MMS format. Use the wmt proxy outgoing http host global configuration command to configure the outgoing proxy for this format. This configuration allows the forwarding of MMS data over HTTP to a standard 8080 proxy port.

You can also use the wmt proxy outgoing mms host global configuration command to forward MMS data to another host at its default MMS port 1755.

In the following example, a Content Engine at a branch office has been configured to send all its outgoing traffic to a central Content Engine at 172.16.30.30 through port 8080. 

ContentEngine(config)# wmt proxy outgoing http host 172.16.30.30 8080

In the following example, a Content Engine at a branch office has been configured to send all its outgoing traffic to a central Content Engine at 172.16.30.31 through port 1755. 

ContentEngine(config)# wmt proxy outgoing http host 172.16.30.31 1755

Note The MMS protocol can run on top of three different data protocols: MMS over TCP, MMS over UDP, and MMS over HTTP.

Configuring a Monitoring Interval

A background process monitors the state of the proxy servers. A monitoring interval is configured with the http proxy outgoing monitor command. This monitor interval is the interval of time over which the proxy servers are polled. If one of the proxy servers is unavailable, the polling mechanism waits for the connect timeout (300 milliseconds) before polling the next server. The state of the proxy servers can be viewed in syslog NOTICE messages and with the show http proxy command.

Configuration Examples

This section provides examples of how to use the CLI to configure a primary proxy server and backup servers, and how to obtain some related statistics.

In this example, the host 10.1.1.1 on port 8088 is designated the primary outgoing proxy server, and host 10.1.1.2 is a backup proxy server. 

ContentEngine(config)# http proxy outgoing host 10.1.1.1 8088 primary 

ContentEngine(config)# http proxy outgoing host 10.1.1.2 220

In this example, the Content Engine is configured to redirect requests directly to the origin server if all of the proxy servers fail. 

ContentEngine(config)# http proxy outgoing origin-server

In this example, the Content Engine is configured to monitor the proxy servers every 120 seconds. 

ContentEngine(config)# http proxy outgoing monitor 120

In this example, the show http proxy command is used to obtain http proxy statistics including proxy failover statistics. 

ContentEngine# show http proxy 

Incoming Proxy-Mode: 

  Servicing Proxy mode HTTP connections on ports:   8080 


Outgoing Proxy-Mode: 

  Primary proxy server: 172.16.63.150   port 1 Failed 

  Backup proxy servers: 172.16.236.151  port 8005 

                        172.16.236.152  port 123 

                        172.16.236.153  port 65535 Failed 

                        172.16.236.154  port 10 

Monitor Interval for Outgoing Proxy Servers is 60 seconds

Timeout period for probing Outgoing Proxy Servers is 300000 microseconds

Use of Origin Server upon Proxy Failures is disabled.

In this example, the show statistics http requests command is used to obtain statistics about HTTP requests. 

ContentEngine# show statistics http requests

Statistics - Requests

                                                Total             % of Requests

                            ---------------------------------------------------

     Total Received Requests:                   49103                         -

              Forced Reloads:                     109                       0.2

               Client Errors:                      23                       0.0

               Server Errors:                     348                       0.7

                 URL Blocked:                       0                       0.0

      Sent to Outgoing Proxy:                       0                       0.0

Failures from Outgoing Proxy:                       0                       0.0

Excluded from Outgoing Proxy:                       0                       0.0

             ICP Client Hits:                       0                       0.0

             ICP Server Hits:                       0                       0.0

           HTTP 0.9 Requests:                       2                       0.0

           HTTP 1.0 Requests:                   49101                     100.0

           HTTP 1.1 Requests:                       0                       0.0

       HTTP Unknown Requests:                       0                       0.0

           Non HTTP Requests:                       0                       0.0

          Non HTTP Responses:                      46                       0.1

      Chunked HTTP Responses:                       0                       0.0

        Http Miss Due To DNS:                       0                       0.0

     Http Deletes Due To DNS:                       0                       0.0

  Objects cached for min ttl:                    2674                       5.

Tip You can also obtain statistics about HTTP requests by choosing Reporting > Requests from the Content Engine GUI.

In this example, the show statistics http proxy outgoing command is used to obtain HTTP outgoing proxy statistics. 

ContentEngine# show statistics http proxy outgoing 


HTTP Outgoing Proxy Statistics 

IP               PORT    ATTEMPTS   FAILURES 

---------------------------------------------------

172.16.23.150    8000    0          0 

172.16.23.151    8080    0          0 

172.16.23.152    9000    0          0 

172.16.23.153    9001    0          0 

172.16.23.154    9005    0          0



 Requests when all proxies were failed: 0