The document discusses proxies and caching. Proxies act as intermediaries between local networks and external networks like the Internet. They can improve performance by caching frequently requested web pages. Squid is an open source proxy caching server that operates by checking its cache for requested objects, retrieving objects from origin servers if needed, and storing cacheable objects in its local cache.
1 of 31
More Related Content
Squid
1.
2. Topic to be covered: What is Proxy?? Purpose of using Proxy Improving performance using Proxy Filtering request using proxy Part I: Part II: How Proxy works?? (Animated presentation) Squid Other Proxies Squid Page Fetch Algorithm Cacheable Objects Non-cacheable Objects Transparent Proxies (Pros & Cons) Part III: Installation & Configuration Of Squid Demo
3. What is Proxy ? Proxy Proxy is hardware / software Proxy servers operate as an intermediary between a local network and services available on a larger one, such as the Internet. Indirect access to other networks e.g INTERNET. all computers on the local network have to go through it before accessing information on the Internet. Proxy share a connection to others Proxy act as gateway Proxy act as Cache Server/Firewall Organization , universities , companies use proxy systems LAN INTERNET
4. Main purpose of using proxies Improve Performance Act as Cache server Cache web pages & provide them back without requesting the page again from website server. Bandwidth control Reduces the Bandwidth requirements for an large Organization. Filter Requests Prevent access to some web sites!!! Prevent access to some protocols Prevent access of network on Time Basis. Surfing Anonymously Browsing the WWW without any identification!!!
5. Improving Performance Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers. Bandwidth control Policy-based Bandwidth Limits Deny by content type Caching Reduces latency (Sites takes less time to open) Reduces Network Traffic ( Reduces Data uses) INTERNET 64 Kbps 128 Kbps 512 Kbps 1 Mbps
6. Filtering Requests Prevent access to some web sites!!! Categories web sites Educational Advertisements & Pop-Ups Chat Games Hacking Peer-to-Peer Check by content type .Exe / .Com .Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm
7.
8. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 LAN INTERNET Proxy Server Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
9. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address LAN INTERNET Proxy Server Source IP 217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
10. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address & Destination IP Address IP : 172.16.0.2 Gw : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2
11. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Dest. IP Address IP : 172.16.0.2 Gw : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2 Source IP 209.191.93.52 Dest IP 172.16.0.2
12. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.2
13.
14. SQUID Squid is a free, open source, proxy caching server for Web clients It operates as an intermediary between the Web browsers (clients) and the servers they access. Technically, A proxy server can simply manage traffic between a Web server and the clients that want to communicate with it, without doing caching at all. Squid combines both capabilities as a server. Squid is supported and distributed under a GNU Public by the National Laboratory for Applied Network (NLANR) at the University of California, San Diego.
15. Squid supports following protocols: It supports Transparent proxying. It works on port no. 3128 Other works that a Proxy does. Protocol Description and Port HTTP Web pages, port 80 FTP FTP transfers through Web sites, port 21 ICP Internet Caching Protocol, port 3130 HTCP Hypertext Caching Protocol, port 4827 CARP Cache Array Routing Protocol SNMP Simple Network Management Protocol, port 3401 SSL Secure Socket Layer
16. Other proxies Free-ware Apache 1.2+ proxy support Commercial Netscape Proxy Microsoft Proxy Server NetAppliance’s NetCache CacheFlow Cisco Cache Engine
17. Squid’s page fetch algorithm Check cache for existing copy of object (lookup based on MD5 hash of URL) If it exists in cache Check object’s expire time; if expired, fall back to origin server If object still considered fresh, return cached object to requester
18. Squid’s page fetch algorithm If object is not in cache, expired, or otherwise invalidated Fetch object from origin server If 500 error from origin server, and expired object available, returns expired object Test object for cacheability; if cacheable, store local copy
19. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 Cached Pages: LAN INTERNET Proxy Server Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
20. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address Cached Pages: LAN INTERNET Proxy Server Source IP 217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52
21. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Source IP Address & Destination IP Address IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2
22. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Change Dest. IP Address IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 217.219.66.2 Source IP 209.191.93.52 Dest IP 172.16.0.2
23. IP : 172.16.0.2 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.2
24. IP : 172.16.0.3 Gw : 172.16.0.1 IP : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server Source IP 172.16.0.3 www.yahoo.com Dest IP 209.191.93.52
25. Cached Pages: www.yahoo.com IP : 172.16.0.3 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Check for cached page LAN INTERNET Proxy Server Source IP 172.16.0.3 www.yahoo.com Dest IP 209.191.93.52 Page Found
26. IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 Retrieve page from cache IP : 172.16.0.2 Gw : 172.16.0.1 Cached Pages: www.yahoo.com LAN INTERNET Proxy Server No Need to contact Yahoo server Source IP 209.191.93.52 Dest IP 172.16.0.3
27. IP : 172.16.0.3 Gw : 172.16.0.1 IP : 217.219.66.2 Gw : 217.219.66.1 IP : 172.16.0.1 LAN INTERNET Proxy Server Source IP 209.191.93.52 Dest IP 172.16.0.3
28. Cacheable objects HTTP Must have a Last-Modified: tag If origin server required HTTP authentication for request, must have Cache-Control: public tag Ideally also has an Expires or Cache-Control: max-age tag FTP Squid sets Expires time to fetch timestamp + 2 days
29. Non-cacheable objects HTTPS HTTP No Last-Modified: tag Authenticated objects URLs with cgi-bin or ? in them POST method (form submission)
30. Transparent Proxying Router forwards all traffic to port 80 to proxy machine using a route policy Pros Requires no explicit proxy configuration in the user’s browser Cons Route policies put excessive CPU load on routers on many (Cisco) platforms Often leads to mysterious page retrieval failures Only proxies HTTP traffic on port 80; not FTP or HTTP on other ports