SwiftCache User Manual v0.7.6-73
Contents
1. SwiftCache uses SNMPv2c community based authentication The default community string is public This can be modified on the General portion of the Advanced subsection of the Configltab in the GUI or by changing the snmp community configuration key using the CLI 0 11 2 1 Alert Framework The SwiftCache alert framework proactively monitors system health and identifies issues that require attention orl acknowledgement This means that the operator does not need to identify unusual behaviour by manually monitoring multiple log files system messages and performance statistics 0 The alert framework provides a consolidated view of all issues that require operator intervention on the local machine or across the entire cluster The framework provides a prioritised view of all alerts and collects similar issues together This avoids the operator from being overwhelmed by an alarm floodliwhere alerts are reported many times for the same issue Confidential page 97 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 11 Monitoring Issues that require operator attention or action can be notified SwiftCache supports multiple notificationU mechanisms that can easily be integrated into an existing network management system email SNMP trap HTTP web service and Syslog For more information please see the Alert Notificationsection below To ensure that operators are aware of alerts the GUI presents a count of the number of unack2. seek_range_param seek_strategy seek_time_factor Confidential SwiftCache User Manual v0 7 6 73 gf091255 string string int int bool bool multiline string bool int r80 65535 int r80 65535 bool string bool string string string combo float page 157 of 161 20 Appendix C Configuration Key Reference sent Specifies client connection throttling type ip connection Default ip per IPU throttling Redirect connection to this URL via 302 redirect The proxy will act a traffic bridge when in intercept transparent mode nol filtering server url policies will be applied 0 The proxy will act a traffic bridge when in intercept transparent mode nol filtering server url policies will be applied 0 Start relay mode if failed to parse client request Enable disable return to sender mode Static routing rules for the interface Use with caution Format is X X X X X via X X X X dev IFACE per line RTMP cache database pathname Dump RTMP data RTMP Proxy Port RTMP Stats Port Transparent Proxy Mode Filename with list of wildcard URLs allowed to be cached by rtmp proxy Disable this policy Key that contains video seek offset Some sites typically using flash send URL arguments that are to be treated asi HTTP range arguments This option allows to set custom Range value to address such cases The value can contain capture variables and should be evaluated to by
3. yourswiftcache gt cluster Cluster Status LHS IS LIL os status alive 2959 ms config md5 029b6af57e5a7d44a937759b2efd8088 age 337 LO 5 HA 202 5 SiG status alave 35 ms config md5 029b6af57e5a7d44a937759b2efd8088 age 330 best config is 029b6af57e5a7d44a937759b2efd8088 our config is 029b6af57e5a7d44a937759b2efd8088 Confidential page 109 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 13 Clustering 13 3 Superclusters A SwiftCache supercluster allows multiple SwiftCache clusters to communicate with each other to share reporting data This can be useful where an organisation has multiple distinct clusters on the network each with its own unique configuration This allows an operator to view how both clusters are performing from a singlel point For larger deployments it is recommended that SwiftSense reporting is used in preference to using a supercluster when possible For more detail please refer to the SwiftSense chapter in this manual Superclusters are a reporting interface only Configuration sharing Inter Cache Communication ICC and automated cluster upgrades do not operate in super clusters Supercluster reports are found within the GUI on the Home Dashboard and Reporting tabs 13 3 1 Supercluster Setup GUI To create a supercluster from the GUI two or more operational SwiftCache clusters are required The operator needs to log in to any machine in one of th
4. A table is shown of the top 100 clients according to the number of requests This shows which clients make the most requests Again many end users may in fact be behind a single client IP address as noted above Confidential page 66 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI System The System subsection shows information on the level of utilisation of hardware resources by SwiftCache It is divided into pages corresponding to Disk IO input output Disk Usage CPU and Memory Confidential page 67 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Disk IO admin 9G swiftcache me tname test swiftserve com Cluster Status g Reporting You have 3 Alerts that require attention Cache Disks Fast Disks Other Disks Cluster hourly daily weekly monthly yearly nas CSV Disks utilisation Traffic You can click and drag on the graph area to zoom in a sn 100 Top 100 ry System NS 80 Disk IO m Disk Usage g E 60 CPU Usage E g Memory Usage 3 x 40 E Q Performance nr SwiftSense 20 ry ASIANA ANNATA ANA rA NANN NAN INN LOLI YIVOWWIOWW 0 11 30 11 40 11 50 12 00 12 10 12 20 Fast Disks Cache Disks Other Disks min 31 38 max 44 92 mean 37 87 min 47 87 max 69 34 mean 57 87 min 2 00 max 4 00 mean 2 84 daily weekly monthly yearly gi oop LCcsv Disks Avg Wait Time You can c
5. 113 113 114 114 114 114 114 116 116 116 117 117 118 118 118 119 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 cache_async_refresh ignore_range 14 4 5 Video Seek 14 4 6 Safe Search Google Bing 15 Filtering 15 1 Overview 15 2 White Lists 15 3 Black Lists 15 4 Global Black and White Lists 15 4 1 Global White List 15 4 2 Global Black List 15 5 Filter Policies 15 5 1 Terminology 15 5 2 Configuration 15 5 3 Filter Status and Testing 15 6 Brightcloud Dynamic URL Classification 15 6 1 Categories 15 6 2 Status and Information 15 6 3 Usage 16 Advanced Features 16 1 Overview 16 2 DNS Resolver 16 3 Asymmetric Routing 16 3 1 Enabling Asymmetric Mode 16 4 Fast Disks 16 4 1 Improving Disk Seek Time 16 4 2 Enabling Fast Disks 16 5 Trust X Forwarded For HTTP Header 16 5 1 Enabling Trust X Forwarded For 16 6 Return to Sender 16 6 1 Enabling Return to Sender 16 7 IPv6 Support 16 8 Overload Protection 16 8 1 Bypass Mode 16 8 2 Relay Mode 16 9 SSL Support 16 9 1 SSL Proxy Mode Distribution of SSL Certificates Re establishing a Chain of Trust Valid Certificate Workflow Invalid Certificate Workflow Enabling SSL Proxy Mode SSL Proxy Mode and Overload Protection 16 9 2 SSL Relay Mode 16 10 Limiting Download Rates 16 10 1 Enabling Rate Limiting 17 SwiftSense 17 1 Overview 17 2 Security 17 3 Functions 17 4 SwiftSense User Interfaces 17 4 1 SwiftCache GUI 17 4 2 SwiftSense Web Inter
6. Bytes z 0 amp Download Manager Support Cache Partial Downloads amp Timeout Server Read Timeout r s 60 amp Server Write Timeout z 60 amp ICC is enabled via the GUI in the General portion of the Advanced Configurationlsubsection of the Configitab by ticking the Enable ICC box then clicking Update In the CLI use the command set icc enabled on To disable ICC use the command set icc enabled off 13 5 2 Request Workflow Without ICCO Without ICC bandwidth and storage resources are used inefficiently If ICC is disabled in the SwiftCache cluster e When a SwiftCache receives a client request for an object for the first time it requests the item from thel origin server and returns it to the client e Subsequent client requests for the same object may go to other SwiftCaches in the cluster e As the other nodes have not yet cached this object each SwiftCache would independently request and cache the object This results in multiple additional requests to the origin server from the SwiftCache cluster Each node will also store its own copy of the cached object on disk Confidential page 112 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 13 Clustering 13 5 3 Request Workflow With ICCO With ICC bandwidth and storage resources are conserved If ICC is enabled in the SwiftCache cluster e As before when a SwiftCache receives a client request for an object for the first time it reques
7. Schedule Confidential page 19 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide 3 4 3 Log Upload Optionally log files may be uploaded to a remote log server to free up space on the SwiftCache otherwise SwiftCache will delete the oldest archived log files if the log partition fills up 0 Confidential page 20 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide Enable Log Upload Logs To Upload Log Upload Protocol Log Upload Server Log Upload Path Log Upload User Log Upload Password Log Usage Warning Threshold Log Usage Warning Type Log Usage Limit Threshold Log Retention Period Log Retention Threshold Confidential Whether to upload log files to a remote log server immediately after they have been rotated and compressed Comma separated list of log filenames to upload Log filenames use the following format H lt logname gt lt hostname gt lt starttime gt lt endtime gt log gz An empty value means upload everything Filenames may also be specified using shell wildcards See below File transfer protocol to use when uploading log files either FTP SFTP or FTPs U Full hostname or IP address of log server Path to a folder on the log server to which the logs should be uploaded Username that SwiftCache should use to authenticate with log upload
8. button to leave that cluster When the machine leaves a cluster its shared configuration remains frozen at the last synchronised state Appliance configuration does not reset to default values on leaving a cluster Confidential page 108 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 13 Clustering admin 9G swiftcache IP 192 168 1 1 Hostname test swiftserve com Cluster Status Status Config Policies Filtering Reporting You have 3 Alerts that require attention Basic Configuration Cluster Logging In a cluster 176 9 244 238 Leave Cluster Super Cluster TCP Status Disks Host HTTP Throughout Rea sec Connections CPU Usage Rvte Hit Rate Reauest Hit Rate 13 2 3 Viewing Cluster Status The header of the GUI provides a visual representation of the current cluster status and health When a SwiftCache is synchronised with a cluster an icon is displayed with a link of chain in front admin P 192 168 1 1 me test swiftserve com Cluster Status When a SwiftCache is not joined to a cluster the icon is shown without the link of chain in front admin v IP 192 168 1 1 Hostname test swiftserve com Cluster Status From the CLI running the cluster command shows the status of all cluster members and their synchronisation status An MD5 hash of the configuration on each machine is used to verify that the machines are synchronised correctly
9. defer_accept Confidential SwiftCache User Manual v0 7 6 73 gf091255 int int bool bool int bool int iplist int bool int int bool int bool int int int int r1 5 bool int bool page 151 of 161 20 Appendix C Configuration Key Reference background cache content parser 1 will disable the background cache parsing Start offset for computing validation checksum for partial caching Valid range 0 32767 Chunk size for partial caching If set will allow caching partial requests and interrupted transfers Force caching of HTTP POST responses Force a TTL in seconds for the object before revalidation Cache non standard HTTP headers starting with X Chassis fan speed alert threshold rpm List of IP addresses in the cluster Number of failed cluster syncs to happen in a row before an alert is raised Complete download to cache even if client aborted it Complete download if request is seen at least specified number of times not applicable for sparse files and memory cache Setting it to 0 will disable thisH trigger Complete download if threshold is reached of full size Compute C32 checksum for access log field CU A connect might fail to a valid endpoint due to fast port reuse This setting allow a variable number of retries Support content based hashing to index content CPU fan speed alert threshold rpm CPU temperature alert threshold degrees CPU usage
10. min 2 161 ms max 7 523 ms mean 5 018 ms min 2 265 ms max 10 585 ms mean 5 383 ms Copyright SwiftServe 2013 This graph shows the average service time for client requests the time taken including sending all the data for both cache hits and cache misses The Cache Miss line shows the time to complete requests by connecting back to the origin server while the Cache Hit line shows the time to complete requests that are served from cache Time To First Byte Confidential page 78 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI admin 9G swiftcache T tname test swiftserve com Cluster Status b You have 3 Alerts that require attention oca Clust Hii Time To First Byte Last Hour tcv You can click and drag on the graph area to zoom in H 200 Traffic 000 Top 100 System 800 Performance Time ms Bandwidth Savings 600 Hit Rates Cache Status 400 Object Distribution i 200 Service Time Time To First Byte MAy Tunul lly oon 11 30 11 40 11 50 12 00 12 10 12 20 SwiftSense Cache Hits Cache Misses tae i get first byte of data min 1 ms max 95 ms mean 48 ms Measures the average time taken ti feasures the average time taken min 357 ms max 1 041 ms mean 751 ms Copyright SwiftServe 2013 This graph shows the average time for client requests to begin to be served namely the time taken for
11. o Y oOo e a a y y 4 Ay Object Distribution y a a o r On Ye x 60 40 20 l 4 ii O Z gt X 2 2 X 2 g s aY vA 4 a 4 7 o Oo Ay X Y os A e 7g w E 7X ay w 4 O gt Z Ag O D X pS S 4 gt O z gt ro A hy Ag Q A X 2 Service Time Time To First Byte Object Distribution Hitrate You can click and drag on the graph area to zoom in E A Ar 80 EE Hitrate Copyright SwiftServe 2013 These charts show the requests and hitrate percentages according to the profile of different sized objects in thell cache This graph is very useful for analysing the traffic distribution that the SwiftCache is serving Confidential page 77 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Service Time admin 9G swiftcache ees Hostname test swiftserve com Cluster Status b Reporting You have 3 Alerts that require attention Cluster HTTP RTMP Request Service Time Last Hour ea Traffic You can click and drag on the graph area to zoom in Top 100 System 10k Performance Bandwidth Savings Hit Rates Cache Status Time ms Object Distribution Service Time ST A ALL iT s M ANIN h mM pa Time To First Byte SwiftSense Z m ey w 11 40 11 50 12 00 12 10 12 20 Cache Hits Cache Misses time taken to serve requests including sending all da
12. o 11 Mar 2013 09 28 00 Disk s utilisation is higher than 80 sde 84 28 0 11 Mar 2N12 NGV1AAA Nickie titilicatinn ic hidhar than AMA cdar 22 PAH mM In the screenshot above the general swiftsense misconfiguration alert has been raised ten times By expanding the alert details the operator is able to see that each of these errors was triggered by a failure to connect to the SwiftSense update server The alert details also provide the exact connection error in each case and a timestamp for when the error occurred to allow appropriate log files to be pinpointed U Confidential page 101 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 11 Monitoring 11 2 6 Alert NotificationsO admin IP 192 168 1 1 test swiftserve com Cluster Status b 9G swiftcache Filtering Policies Reporting Alerts You have 3 Alerts that require attention View Alerts Manage Alert Notifications Action Enabled Severity Details Delete Email 4 1 trivial alert net ie 1 3 5 5 is the most severe one E mail address Email 3 EA 2 minor alert net ie 1 3 5 5 is the most severe one E mail address HTTP GET 4 3 http alert net notify ie 1 3 5 5 is the most severe one HTTP address port SNMP 3 4 4 trapsink alert net 162 ie 1 3 5 5 is the most severe one SNMP trap sink address port SysLog p a 5 trapsink alert net 162 ie 1 3 5 Sis the most severe one Syslog address je hostname port facility
13. 0 Confidential page 89 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 create lt policyname gt delete lt policyname gt edit lt policyname gt liee lt policy a gt move before lt policy b gt lt policy a gt move after lt policy b gt show lt policyname gt showall 9 SwiftCache CLI Create a policy called lt policyname gt Delete a policy Edit a policy List all policies Reorder a policy Show a policy Show all policies More detail is available in the Policies chapter of this manual 9 4 9 process The process command manages the processes on the SwiftCache The arguments for the command are the name of the process followed by an action The names of the processes are BESSY The main SwiftCache proxy process that handles HTTP traffic intercept Intercepts HTTP traffic on port 80 and passes it to the SwiftCache proxy process U taskmgr Handles log rotation and other admin processes alertd Handles creation and sending of alerts snmpagentd Provides SNMP information to external monitoring systems Sere sy SwiftCache RTMP proxy process for handling RTMP traffic 0 rtmp_intercept Intercepts RTMP traffic on port 1935 and passes it to the RTMP proxy process The available actions are reload Causes the process to reload its configuration 0 restart Restarts the process start Starts the process if stopped status Displays process status informatio
14. 1 451 856 59 0 000 0 006 112 78 33 24 347 78MB 223 57 MB 64 1 438 817 57 0 000 0 006 System 112 78 33 27 449 81MB 285 39 MB 63 1 429 817 57 0 000 0 008 112 78 33 6 358 49MB 224 47 MB 63 1 399 829 59 0 000 0 008 112 78 33 19 382 25MB 238 94 MB 63 1 397 864 62 0 000 0 006 ie 112 78 33 11 368 15MB 224 72 MB 61 1 386 786 57 0 000 0 007 112 78 33 20 485 88 MB 298 18 MB 61 1 380 788 57 0 000 0 006 112 78 33 7 464 26 MB 273 02 MB 59 1 360 815 60 0 000 0 011 112 78 33 4 381 55MB 224 59 MB 59 1 346 797 59 0 000 0 007 112 78 33 10 428 05 MB 266 56 MB 62 1 339 770 58 0 000 0 006 112 78 33 16 376 52 MB 239 15 MB 64 1 331 825 62 0 000 0 013 112 78 33 28 442 1 MB 268 81 MB 61 1 325 758 57 0 000 0 007 112 78 33 12 306 88 MB 189 51 MB 62 1 319 781 59 0 000 0 007 112 78 33 22 330 23MB 199 71 MB 60 1 316 762 58 0 000 0 008 112 78 33 25 449 02 MB 279 92 MB 62 1 307 752 58 0 000 0 008 112 78 33 18 441 83 MB 269 49 MB 61 1 297 776 60 0 000 0 008 112 78 33 8 422 15MB 271 99 MB 64 1 288 781 61 0 000 0 010 112 78 33 26 324 53MB 212 1 MB 65 1 286 m 60 0 000 0 011 112 78 33 5 345 43 MB 226 37 MB 66 1 278 751 59 0 000 0 010 112 78 33 3 450 61 MB 276 09 MB 61 1 270 77 61 0 000 0 005 112 78 33 2 472 68 MB 291 43 MB 62 1 236 731 59 0 000 0 013 112 78 33 14 539 22 MB 344 5 MB 64 1 211 732 60 0 000 0 012 112 78 33 15 425 42MB 252 07 MB 59 1 126 694 62 0 000 0 008 Export to csv Copyright SwiftServe 2013
15. 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios sharing websites may deliberately delay multiple simultaneous downloads from the same end user in a waiting room based on the client s IP address In a semi transparent deployment requests from multiple clients via the SwiftCache will all appear to be coming from the same IP address The origin server will interpret this as a single end user requesting many parallel downloads when in reality it is multiple end users and incorrectly slow down the connections 6 3 3 Fully Transparent Proxy Server 7 AA p GET HTTP 1 1 I Host www google com I LS l I I I I l l i l i j I I I SwiftCache a 7 GET HTTP 1 1 4 Host www google com Client Client is unaware of the existence of the SwiftCache SwiftCache spoofs the Client IP in the request to the Server Server sees the IP of the Client and responds to it Note A Router needs to intercept both the Client s HTTP request and the Server s HTTP response and redirect to the SwiftCache Confidential page 30 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios Using SwiftCache in a fully transparent mode of operation resolves the problem noted above in which the origin server sees requests coming from the IP address of SwiftCache rather than the client In this mode SwiftCache is now t
16. 591 931 59 0 000 0 009 Export to csv Copyright SwiftServe 2013 The table shows the top 100 clients according to the amount of network traffic for each This shows which clients are using the most bandwidth Note that it is possible that many end users may in fact be behind a single client IP address for example in a corporate environment where all client requests pass via a forwarding web proxy Confidential page 65 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI that is not operating fully transparently Top Clients Requests admin G swiftcache onan Hostname test swiftserve com Cluster Status b You have 3 Alerts that require attention Local Cluster Top 100 clients by requests z F AvgTime Ay Traffic Traffic Hit Rate Req Req Hit Rate E 8 Bool Total Cached gt bytes Total Cached bd req a Aat nS oon led Traffic q Byte s Time s a Top100 112 78 33 1 293 88 MB 187 22 MB 64 1 591 931 59 0 000 0 009 ry 112 78 33 17 309 31 MB 187 5 MB 61 1 547 937 61 0 000 0 006 Top Sites Traffic 112 78 33 23 477 33MB 306 29 MB 64 1 540 899 58 0 000 0 010 Top Sites Requests 112 78 33 21 359 01 MB 217 36 MB 61 1 498 907 61 0 000 0 011 112 78 33 13 318 18 MB 190 59 MB 60 1 466 870 59 0 000 0 006 Top Clients Traffic 112 78 33 29 378 64MB 236 78 MB 63 1 457 848 58 0 000 0 007 Top Clients Requests 112 78 33 9 411 67MB 261 09 MB 63
17. 85 20ms Disk Stats dev sdf cachef1 50 8 101 71ms System Info wit Log Copyright SwiftServe 2013 The Disk Stats subsection shows information on all the hard disks in the appliance the device nodes mount points usage and utilisation are shown along with the wait time in milliseconds This can be used to determine whether each disk is performing normally or is reaching the limit of its performance System Info admin 9G swiftcache O maan test swiftserve com Cluster Status Home Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention p Software Hardware RAM CPU rocesses Query Cache Version test build 12894ab TCP Stats NIC Stats Disk Stats Log Copyright SwiftServe 2013 Confidential page 50 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI The System Info subsection contains system information about the SwiftCache appliance The sub tabs contain specific detail on the software hardware RAM and CPU 1 Software Displays the SwiftCache software version This can be used to determine if the appliance is running the desired tested version of the software Hardware Displays device information of the hardware components of the appliance This can be used for example to determine the make and model of network interface card in case of problems with the connected switching hardware and or kernel driver module versi
18. Last The last date and time that the cache object was verified to be correct compared to the origin Validated server Created The date and time when the cache object was created Last The last date and time when the object was accessed by a client Accessed Expires The date and time when the cache object will be deemed to no longer be valid and will be removed from the cache Server The identifier of the origin server Last The date and time when the original file was created Modified ETag The hash of the object Location Whether the object is stored in memory or on disk Path The location of the object i e on which disk Content The MIME type of the object Type A cache index is generated by removing the protocol specifier e g http and adding the port to the request URL for example www mysite com 80 index html Please note however that the format of a cache index may be modified through the use of the cache index policy key Confidential page 47 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI TCP Stats admin 9G swiftcache O rnan test swiftserve com Cluster Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention Network Throughput 618 0 Mbps Processes HTTP Throughput 501 00 Mbps Query Cache RTMP Throughput 106 28 Mbps TCP Stats TCP Connections 9 380 NIC Stats
19. Mbps max 728 452 Mbps mean 613 380 Mbps Performance SwiftSense daily weekly monthly yearly bondo bond1 bro eth3 eth2 eth1 etho Packet Rate all interfaces combined Last Hour scl You can click and drag on the graph area to zoom in 60 000 20 000 INI DN II 0 000 pps 11 30 11 40 11 50 12 00 12 10 12 20 In Out min 13 486 959 pps max 19 399 718 pps mean 16 198 133 pps min 33 717 398 pps max 48 499 296 pps mean 40 495 332 pps Copyright SwiftServe 2013 The graphs show network throughput and packet rate for the total and for individual interfaces These graphs show the actual data that is seen on the wire including protocol overheads The difference between the in and Confidential page 59 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI out lines corresponds to the data that is served from cache namely the bandwidth saving Cache Throughput CLL Gswiftcache IP 192 168 1 1 Hostname test swiftserve com Cluster Status e Reporting You have 3 Alerts that require attention oca Clust aa Cache Throughput Last Hour SEN You can click and drag on the graph area to zoom in 1000 ee Network Throughput 800 Cache Throughput Request Rates 600 Connection Stats a 2a 95th Percentile 400 e 200 ea 0 SwiftSense 11 30 11 40 11 50 12 00 12 10 12 20 E HTTP Throughput WB RTMP Throughput W Bypassed HTTP Throughput 95t
20. N You can click and drag on the graph area to zoom in 11 30 11 40 11 50 12 00 12 10 12 20 Interrupt Processing E System MB Userspace min 2 17 max 3 18 mean 2 64 min 1 18 max 1 70 mean 1 43 min 2 37 max 3 44 mean 2 86 min 4 20 max 6 00 mean 5 01 Copyright SwiftServe 2013 This interactive graph shows the CPU usage across all cores of the SwiftCache CPUs for each of the Interrupt Processing IO Wait System and Userspace processes Note that the O Wait category is idle CPU time where there were jobs waiting for disk IO It does not indicate CPU usage and should be considered a subset of the free CPU capacity For this reason the parameter is disabled by default but can be enabled by clicking on it Confidential page 71 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Memory Usage admin 9G swiftcache a Hostname test swiftserve com Cluster Status You have 3 Alerts that require attention daily weekly monthly yearly Clust Memory Usage Last Hour rew You can click and drag on the graph area to zoom in 35 30 25 Disk IO 20 Gb Disk Usage CPU Usage 15 10 11 30 11 40 11 50 12 00 12 10 12 20 E Free MB Buffer Cache MB Used min 102 MB max 150 MB mean 124 MB min 26 036 MB max 27 591 MB mean 26 622 MB min 5 051 MB max 6 602 MB mean 6 022 MB Copyright SwiftServe 2013 This int
21. N A Disk Stats bro down N A N A 0 0b 0 0b N A N A N A System Info etho up N A N A 928 1 MiB 677 9 MiB N A A N A Log eth1 up N A N A 928 2 MiB 678 0 MiB N A N A N A eth2 up N A N A 8 5 MiB 5 4 MiB N A N A N A eth3 up N A N A 8 5 MiB 5 4 MiB N A N A N A sito down N A N A 0 0 b 0 0 b N A N A N A Low Level Statistics bondo Link encap Ett inet addr 17 et addr 2ADCAST RUNNING MASTER MULTICAST MTU 150 Metric 1 The NIC Stats subsection shows the state configured IP address and netmask of each network interface Other information for each interface is displayed including the current auto negotiation state speed and duplex settings and also the total amount of data transmitted and received since the last reboot Underneath some more detailed interface statistics are provided This portion of the report can be particularly useful to help experienced networking technicians to identify errors in the network Confidential page 49 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Disk Stats admin v 9G swiftcache as test swiftserve com Cluster Status Home Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention Processes Disk Stats Query Cache Device a Mount Points Utilization Avg Wait TCP Stats dev sda 30 6 53 9 103 17ms NIC Stats dev sdb mnt sdb 71 0 101 99ms dev sde cache 30 6 72 9
22. Req a Hit Rate sede oie Traffic panama Total Cached bytes Total Cached req 2 ear ea h Top100 netflix com 458 35MB 286 68 MB 63 1 492 910 61 0 000 0 010 EE Ow justin tv 395 83MB 247 43 MB 63 1 478 856 58 0 000 0 006 Top Sites Traffic hotfile com 547 61 MB 341 04 MB 62 1 470 887 60 0 000 0 007 Top Sites Requests metacafe com 356 66 MB 224 91 MB 63 1 443 842 58 0 000 0 004 Top Clients Traffic google com 366 79MB 229 26 MB 63 1 429 839 59 0 000 0 009 box net 295 22MB 183 83 MB 62 1 419 842 59 0 000 0 010 Top Clients Requests dailymotion com 480 15MB 303 26 MB 63 1 410 825 59 0 000 0 006 baidu com 445 12MB 278 46 MB 63 1 408 888 0 000 0 008 System facebook com 357 39MB 222 85 MB 62 1 407 864 61 0 000 0 004 a youtube com 476 79MB 291 73 MB 61 1 405 859 61 0 000 0 006 n video google com 523 88 MB 330 45 MB 63 1 388 837 60 0 000 0 007 eee ES twitter com 342 23MB 219 64 MB 64 1 388 862 62 0 000 0 008 rapidshare com 342 67MB 195 17 MB 57 1 385 814 59 0 000 0 006 mediafire com 437 52MB 272 9 MB 62 1 368 798 58 0 000 0 010 fileshare com 427 63MB 273 14 MB 64 1 353 834 62 0 000 0 008 2shared com 323 86 MB 204 88 MB 63 1 343 801 60 0 000 0 013 vids myspace com 382 64MB 234 75 MB 61 1 340 813 61 0 000 0 011 yahoo com 509 04MB 316 52 MB 62 1 340 806 60 0 000 0 008 hulu com 423 3MB 266 78 MB 63 1 322 801 61 0 000 0 008 break com 379 02MB 240 74 MB 64 1 317 794 60 0 000 0 012 deposit
23. Start Guide Logging Settings Enable Logging a Log Rotation Log Rotation Type 8 yP Rotate when log reaches Log Rotation Size El Log Rotation Max Size 100 7 Log Upload Enable Log Upload O m Logs To Upload amp Log Upload Protocol FTPs 7 amp Log Upload Server Log Upload Path amp Log Upload User admin amp Log Upload Password 08666660086 e Test Log Upload Test settings Log Thresholds Log Usage Warning Threshold 90 Log Usage Warning Type Delete old logs Log Usage Limit Threshold 99 a Log Retention Log Retention Period Log Retention Threshold 70 Update Reset SwiftCache provides powerful capabilities to manage the log files produced by the appliance Two types of logl files are produced 0 Confidential page 18 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide access log This file records all requests processed by the SwiftCache and contains additional information to record cache and filtering info Please refer to Appendix A for an overview of the SwiftCache access log format error log This file contains diagnostic information from the SwiftCache Please refer to the appendixU for a discussion of some of the key entries in this log file O The log settings used by the device are specified on the Logging subsection of the Configltab Enable Logging Whether to enable or disable all logging completely Debug Level Diagnostic level fro
24. alert threshold The debug level 1 Errors 2 Warnings 3 Info 4 Debug 5 Full trace If set all requests will be blocked except those enabled by the bypass list Apply a TTL in seconds for responses without TTL properties Special values 1 do not cache such objects 0 always revalidate Enable disable tcp_defer_accept on the listening socket Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 20 Appendix C Configuration Key Reference delay_explicit_check bool Delay checking for explicit connection until client headers are read dhcp bool Enable DHCP disable_gzip_encoding bool If set will disable on the fly gzip content encoding for servers that send only0 identity encoding when the client supports gzip disable_gzip_rebuild bool If set will disable gzip encoding for content already stored as identity when client supporting gzip request it disable_swiftserve_auth bool Disable swiftserve auth disks_usage_threshold int Disks usage alert threshold disks_util_threshold int Disks utilisation alert threshold dns_servers iplist List of DNS nameservers to use dnscache_enabled bool Use a local DNS cache dnscache_resolve_timeout int The number of seconds after which a resolve is considered to have failed dnscache_size int The maximum number of entries we will keep in our own dns cache dscp_client_hit int DSCP bits to be used for proxy gt client hit traffic dscp_client_miss int DSCP bits to be used fo
25. an interactive shell on the appliance The shell command allows suitably experienced operators to run native Linux commands for advanced troubleshooting and diagnostics Under normal circumstances it should not be necessary to use this command Great care should be taken since as incorrect use of the shell can permanently disable the SwiftCache appliance and invalidate your warranty 9 4 13 ssl The ssl command can be used to generate a self signed SSL certificate to secure connections to the web U based GUI This is required if the admin _ss1 key is enabled in the configuration settings The command is also used to manage the SSL certificates used by the optional SSL caching module if it is installed The available actions are Confidential page 91 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 edit Edits an SSL certificate 0 keygen Generates SSL keys list Lists available SSL certificates 0 show Shows detail of a specific SSL certificate 0 9 4 14 stats 9 SwiftCache CLI The stats command displays real time statistics on a page that refreshes periodically Press the Esc key to return to the command prompt Sracs as ox ZOISI 03 26 I5sZssO0 lstlic mse we Sxalic current avg hit time TS avg_hit_ttfb Tein avg miss time 42 avg miss ttfb 42 avg ttfb 42 byte hit rate OF cached bytes rate OF Ellaleime aki O client_in overload 0 client oug OF client _o
26. be higher if filtering is enabled 0 depending on the complexity of the filtering chain 0 12 1 6 Policies Policies are applied to each incoming connection As the number of policies and the complexity of their match Confidential page 104 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 12 Performance Tuning rules increases the CPU usage will correspondingly increase for the same request rate 12 1 7 Disk IO The single biggest bottleneck that affects performance in typical caching scenarios is disk IO input output Disks in caches are subject to many random operations and non sequential reads For a typical cache disk under full load up to 80 percent of the disk time is spent seeking i e moving the disk head to read a new file 0 The performance of the disk will be substantially worse if the average file size is small This is because the ratioU of disk seek to read write time is much higher than with large files from which more data can read sequentiallyH between disk seeks The ideal traffic pattern for optimal SwiftCache performance is requests with a high cache hit rate for large files 0 from fast clients For example delivering Windows Update traffic would be an ideal traffic profile for SwiftCachell to improve through caching of content Conversely traffic consisting of requests with a low cache hit rate for small files from slow clients is harder tol improve through caching For example delive
27. cache it is necessary to retrieve it from the origin server It may optionally be saved for later use depending on the usage patterns and configured parameters as well as the server and client HTTP headers U 4 3 Hit Rates Hit rates are a measure of how successful a cache is being The request hit rate is the proportion of connections that result in a cache hit The byte hit rate is the proportion of the overall data traffic that is delivered by thel cache A higher hit rate is better 4 4 Cache Index SwiftCache keeps a list or cache index of all the objects that it has stored Client requests for content are compared against this list to determine if the item is available to be served from the local cache To ensure a high cache hit rate it is important to avoid the same object being indexed multiple times This may happen when different URLs are used to request the same object such as when an origin server dynamically adds unique session identifiers into the URL 0 4 5 License Options Confidential page 23 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 4 SwiftCache Concepts There are a number of optional add on modules available to the basic SwiftCache license Brightcloud Fast Disks RTMP SSL Proxy SwiftCDN Confidential Dynamically identifies the web category of content being requested See the Brightcloud Dynamic URL Classification ection in the Filtering section of this manual fo
28. cores is 20 percent at 1000 requests per second req sec it will be approximately 40 percent at 2000 req sec 12 1 2 Simultaneous Connections Each TCP connection that the cache has open consumes a certain amount of memory to maintain state The underlying operating system of the appliance also has limitations on the number of ports that are available 12 1 3 Cache Efficiency0 The average service time for cache hits is much lower than cache misses as the SwiftCache can avoid the round trip to the origin server This means that the SwiftCache is able to complete the requests resulting in cache hits more quickly When the cache is operating more efficiently the number of simultaneous connections will bel lower for a given request rate 12 1 4 Client Speed In a 2 5G mobile network the average client connection speed may be less than 100 kilobits per second kbps This contrasts with a fixed network where the average client throughput is typically greater than 1 megabit per second Mbps Slower client connection speeds result in a much longer service time for a given traffic pattern 0 This longer service time will result in more simultaneous connections in the mobile network than for the same request rate as a fixed network 12 1 5 Filtering If filtering rules are enabled on the SwiftCache this will consume additional resources to apply the filtering chainU to matching connections Hence for a given request rate CPU usage will
29. fulfil the original client s request with the range header intact SwiftCache will also simultaneously reissue the request without the range header to the origin server using the credentials from the original client request This will allow SwiftCache to download the entire object This is useful for objects that are commonly accessed via a range request and rarely downloaded as a complete object This behaviour can be enabled or disabled globally and within specific policies 0 cache_async_refresh Allows a SwiftCache to deliver cached content before checking if the item should have expired from the cache Normally SwiftCache will check the validity of an item with the origin server before returning it With cache _async_refresh enabled SwiftCache will deliver cached content immediately without first checkingH whether the object has expired SwiftCache will also simultaneously refresh the content in the background This can cause expired content to be served so cache async refresh should be used with caution ignore_range Allows SwiftCache to download an entire file requested with a range header while honouring the range request forl the original client With ignore range set when a user requests a file with a range header set SwiftCache will download thel complete file from the origin server but will then honour the client request and only return the part the user requested with the range header This can be usefu
30. ignored for non ethernet interfaces max_cache_object_size int Max response size to cache Larger responses will not be cached and will use the CLARGE flag in log entries0 max_ttl int Force revalidation after max_ttl seconds after the last validation Special values O disable Max TTL maxfd int Max number of file descriptors0 mb_temp_threshold int Motherboard temperature alert threshold degrees mem_buffers_threshold int Memory buffers alert threshold memory_usage_threshold int Memory usage alert threshold Confidential page 155 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 20 Appendix C Configuration Key Reference mgmt_module_logging string JSON encoded dictionary of logging levels for mgmt app Do not edit unless you know what you re doing monitor_password password Password for the monitor user netmask ipv4 Netmask ipv4 for the interface network_buffer_size int r1024 The network buffer size 131072 ntp_servers string Commaz separated list of NTP servers to use origin string Request host address will be substituted with this reverse proxy mode origin_bad_ssl_behavior string Defines the behavior when the origin endpoint doesn t provide a valid SSLO certificate Accepted values gateway_error drop_connection redirect ignore origin_host string Host header for reverse proxy requests packet_drop_received_threshold float r0 1000 Received packets drop threshold packet_drop_sent_
31. in memory cache 10 nanoseconds Disk write operations will also be slower on hard disks with moving parts This means that retrieving an object from memory is in the region of e 800 000 times faster than retrieving it from hard disk and e 10 000 times faster than from SSD This also means that a SSD has a seek time that is approximately 80 000 times faster than that of a hard disk SSD storage and in memory caches present a significant performance improvement 0 16 4 2 Enabling Fast Disks A SwiftCache license key enabling use of Fast Disks is required To use a disk as a fast disk enable the fast disks configuration key The fast disks key uses the same configuration syntax as the cache disks option taking a list of fast disk partitions as its value An operator can define the minimum size of a fast disk object with the configuration keyH cache fast disk object size 16 5 Trust X Forwarded For HTTP Header The trust_x forwarded configuration key is used to strip or keep X Forwarded For HTTP headers when used with the enable x forwarded setting It may be required depending on the type of Layer 4 7 switch or load balancer being used Please refer to the Deployment Scenarios chapter in this manual for more information on load balancers 16 5 1 Enabling Trust X Forwarded For If trust x forwarded is disabled then the client s untrusted x Forwarded For HTTP header is removed If enabled then the trusted X Forwarded For is pr
32. local setting in order to revert to using the shared setting For more information on how SwiftCache controls configuration when operating in a cluster please refer to thel Clustering section of this document Confidential page 82 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI 9 SwiftCache CLI 9 1 Overview SwiftCache has a command line interface CLI that can be accessed via SSH direct console login or serial line connection The CLI provides access to some advanced configuration options that are available only in the CLI and not in the web based GUI Only the admin user account may access the CLI 9 2 Applying Changes Configuration changes are picked up automatically by SwiftCache so there is no need to save or commit before closing the CLI session e When changes to configuration are made via the CLI then they are generally applied immediately 0 e When editing sections such as network settings policies or filters for example changes are applied only once the whole section has been completed and the exit command has been issued 9 3 CLI Usage 9 3 1 Running Commands When working with the CLI instructions to SwiftCache or commands are given run to display or achieve something Most commands require some specific detail arguments and these are typed after the command The command and arguments are typed at the CLI prompt and then the Enter key is press
33. matches the regularl expression example com When a client request matches a black list filter the operator has the option to specify a URL to redirect the request to This may be useful to explain to the end user why the page was blocked and who to contact for assistance Alternatively the request can simply be blocked with a server close on the connection 15 4 Global Black and White Lists Global black and white lists allow an operator to specify which sites should always be blocked or allowed The sites are specified using a simple list of hostnames against which each request is compared for a match Global lists are configured in the GUI using the Global Lists page of the Filtering subsection of the Filtering tab The Location can be specified as an HTTP URL or as a local path to a file on the appliance The Refresh Period Confidential page 121 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 15 Filtering defines how frequently it is updated and the Redirect Location indicates where denied requests are forwarded to if required 15 4 1 Global White List The Global White List specifies URLs that are always permitted irrespective of the settings in any more specifici filter policy Since it is applied first in the filtering logic any URL that matches this list is always allowed 15 4 2 Global Black List The Global Black List specifies URLs that are always blocked irrespective of the se
34. policies to improve cache hit ratesU Enable Policy Center policy upgrade feature This will upgrade all not modifiedI policies after update them from Policy Center Enable automatic fetching of available updates list This allows you to easily upgrade your SC installation cluster Policy Center server address Generated 15 03 2013 12 49 swiftsense_top100_enable swiftserve_enable swiftserve_enable_status swiftserve_log_location swiftserve_mode swiftserve_node_reporting_id taskmanager_control_sock_path tcp_orphans_threshold tcp_tw_buckets_threshold threads timeout_auth_daemon timeout_client_read timeout_client_start timeout_client_write timeout_connect timeout_filter timeout_keep_alive timeout_relay timeout_server_read timeout_server_write timeout_ss _handshake timezone top100_check_interval Confidential SwiftCache User Manual v0 7 6 73 gf091255 bool bool bool string bool string string int int int r0 128 int int int int int int int int int int int combo int page 160 of 161 20 Appendix C Configuration Key Reference Enable Policy Center top 100 reporting This will send top 100 report to the Policy Controller periodically so we can enhance policies basing on this data Enable the delivery of traffic on behalf of the SwiftServe Content Delivery Network Enable Swiftserve status page Directory for swift
35. server Password that SwiftCache should use to authenticate with log upload server The percentage of log partition usage that will trigger an action The action to perform if the threshold is reached The percentage of log partition usage which will cause logging to be disabled The maximum age of retained log files days Zero means never delete Percentage of log partition size to retain log files 0 page 21 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide Specifying Log Filenames with Shell Wildcards Shell wildcards can be used to specify multiple log filenames Shell wildcards are seq seq For example access gz would specify that all log filenames starting with access and ending with gz should be uploaded 3 5 Starting and Stopping SwiftCache admin v 9G swiftcache OO a test swiftserve com Cluster Status Home Status Config Policies Filtering Reporting You have 3 Alerts that require attention Daemon Status Action Processes HTTP Proxy proxy pid 7084 7083 is running co Query Cache HTTP Intercepter HTTP Intercept is active ca TCP Stats Task Manager taskmgr pid 7289 is running E NIC Stats Alerts Reporter alertd pid 7250 is running 3 Disk Stats SNMP Agent snmpagentd pid 7270 is running t2 system Info RTMP Proxy rtmp_proxy is stopped RTMP Intercepter RTMP Intercept is disabled Log Syste
36. settings depending on the value that they are given Configuration keys may expect a certain type of value For example if the configuration key expects an IPO address as its value only a IP address may be provided Similarly if a configuration key expects a numerical Confidential page 39 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 7 SwiftCache User Interfaces value a text string may not be provided SwiftCache will check that configuration values are appropriate and willl not permit the wrong type of value to be configured You can find a list of possible configuration keys and values at Appendix C 7 4 1 Examples of Configuration Keys and Values0 cache teley 2 The cache delay option is set to a value of 2 icc_enabled no The icc enabled option is disabled i e set to no allow_explicit on The allow explicit proxy mode option is enabled i e set to on Common types expected for configuration values can be Boolean text string number and IP address Boolean values can be specified as yes on and true oras no off and false Confidential page 40 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI 8 SwiftCache GUI SwiftCache s graphical user interface GUI provides access to the most frequently used monitoring and configuration options of a SwiftCache appliance It is accessed using a web browser The GUI runs on po
37. ssl proxy on Other options for SSL connections are configured via the CLI To alter the time out for SSL connections operatorsU can change the default value of thirty seconds in timeout _ssl_handshake To control how many SSL certificates are stored in memory change the value of the ssl_ cache cert size configuration key To store SSL certificates on disk then operators will need to set a directory path using the ssl_cache cert path configuration key Confidential page 131 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 16 Advanced Features SSL Proxy Mode and Overload Protection If a SwiftCache enters Bypass or Relay Mode See Overload Protection above then this will disrupt normal SSL proxy operation Any client connections over SSL will receive the SSL certificate of the origin server until SwiftCache leaves Bypass and Relay Mode If the client already has an active SSL connection the web browser may detect the change in certificate as a potential security problem and may deliver a warning message to the end user 16 9 2 SSL Relay Mode In more usual operation e g an ISP environment a SwiftCache should not receive any SSL connections as it does not listen on port 443 the default port for HTTPS traffic 0 If a SwiftCache encounters HTTPS traffic on port 80 then it will handle that connection via relay mode and willl proxy the connection However as SwiftCache
38. string string bool string bool int bool page 153 of 161 20 Appendix C Configuration Key Reference If set sends a x forwarded for header to the server Enable the interface List of fast cache disk mount points for some content leave this blank if all the cache disks have the same speed Path where whitelist and blacklist filters storedU If one of the filters applied by the policy triggers a redirect rewrite the URLO instead of redirecting This means the cache will silently rewrite the URL instead of issuing a 302 redirect response Use this if you don t want the user to see the URL change in their browser Names to identify the filter sets to be applied in the policy if not present filteringO will be disabled If set forces the connection into relay mode Default network gateway ipv4 The proxy will allow explicit requests from ipv4 clients to ipv6 server and vice versa URL starts with http or local file path starts with to download list off global block redirect URLs from List refresh period Use 0 to disable auto refresh list loaded on proxy start only URL starts with http or local file path starts with to redirect on global block list hits if empty the request will be blocked URL starts with http or local file path starts with to download list off global bypass URLs from List refresh period Use 0 to disable auto refresh list loaded on proxy start only Group that pro
39. to set it to default public spm_agents_url string The url or file path where the user agent definitionlist is locatedU spm_enabled bool If set enabled som support spm_encryption_key string A 16 chars 128 bits secret key that will be used for encryptionwhen sending info to the redirect url spm_heartbeat_timeout int The maximum duration to receive a heartbeat message spm_policy_url string The url to retrive policy definsitions frommust start with http will be replaced with the actual policy id ie http spm server com policy code code2 spm_sessions_url string The url to retrieve the list of active sessions spm_stomp_pass string The password used to connect to the apachemq spm_stomp_url string The apachemq stomp address where the updates will be pushedin Confidential page 158 of 161 Generated 15 03 2013 12 49 spm_stomp_user ssl_ca_bundle_path ssl_cache_cert_path ssl_cache_cert_size ssl_use_existing_cert static_redirect_url super_cluster super_cluster_secret swap_usage_threshold swiftsense_alertsreport_enable swiftsense_auth_cookie swiftsense_configreporter_enablell swiftsense_enable swiftsense_licenseupdate_enable swiftsense_policies_set swiftsense_policyupdate_enable swiftsense_policyupdate_upgrade_enable swiftsense_romupdate_enable swiftsense_server Confidential SwiftCache User Manual v0 7 6 73 gf091255 string int string int string string ip
40. unavailable U In normal operation old items are automatically purged from the cache over time The actions info and remove followed by an URL are used to view information on objects cached on this appliance and delete them Note that long lines are wrapped in the example below yourswiftcache gt cache info http example com img jpg gzip properties index exampile com img jpg CE gzip path Not found properties index example com img jpg Content Length 2124 Last V alidated Tue 02 O0ct 2012 16 21 40 1349194900 Created Tue 02 0ct 201 2 16 21 40 1349194900 Last Accessed Tue 02 Oct 2012 16 21 40 13491949 O10 eee Expulices mena 27 Aig O AOS Ae eNOS 03552 hy Server sm pachet Last Modified Mon 06 Aug 2012 12 13 50 1344255230 location memory Cache Control max age 59508652 path N A Content Type image j peg The actions clusterinfo and clusterremove do the same but for the whole cluster 9 4 3 cluster The cluster command is used to manage clusters Available actions are join Current machine will join cluster of specified machine leave Current machine will exit the current cluster and no longer synchronise its configuration 0 show Displays current status of the cluster SAMS Forces a synchronisation of the configuration within the cluster 0 9 4 4 configO The config command is used to manage the appliance s configuration Available actions are 0 C
41. 001 MODULE_MASK_CACHE 0x00000002 MODULE_MASK_CACHECOM 0x00000004 MODULE_MASK_CONFIG 0x00000008 MODULE_MASK_DNS 0x00000010 MODULE_MASK_FILTER 0x00000020 MODULE_MASK_HTTP 0x00000040 MODULE_MASK_LICENSE 0x00000080 MODULE_MASK_LOGGING 0x00000100 MODULE_MASK_STREAMING 0x00000200 MODULE_MASK_NET 0x00000400 MODULE_MASK_PROXY 0x00000800 MODULE_MASK_SPM 0x00001000 MODULE_MASK_UTIL 0x00002000 MODULE_MASK_PROXY_MODES 0x00004000 MODULE_MASK_FILE_FORMAT 0x00008000 MODULE_MASK_SSL 0x00010000 MODULE_MASK_ALL OxFFFFFFFF Path to write logs to Size of log partition in Mbytes Negative means auto detect Maximum age of retained log files days Zero means never delete Percentage of log partition size to retain log filesU Maximum age of an individual log file after which it should be rotated hours 0 Log Rotation Schedule Format H M d d where H and M are hour and minute on day respectively to rotate logs on and d is day number to rotate on 1 is Monday So to rotate at 11 45 PM each day except Wednesday this field should have value 23 45 1 2 4 5 6 7 0 Maximum size of an individual log file after which it should be rotated MB 0 Type of log rotation schedule p for periodic s for size d for schedule Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 20 Appendix C Configuration Key Reference days log_upload_enable bool Flag to specify whether logs should be uploaded log_upload_filesH string Comma se
42. 149 of 161 20 Appendix C Configuration Key Reference Enables diverting only symmetric traffic requires divert_helper module installed 0 URL to download static filter URL list from List refresh period Use 0 to disable auto refresh list loaded on proxy start only If set block the connection Period in seconds to wait before querying the update service since last update URLs that are not yet categorised are classified Unkownl Brightcloud device Heartbeat period in seconds with category update service Whether requests to the update server should be formatted as an HTTP request List of categories to be filtered separated by space or commall Period in seconds to wait before forcing a category refresh since last update Brightcloud OEM The target port on the update server to connect to The outgoing requests queue size to the update service Period in seconds to wait before querying the update service when information was not available URL to redirect end users to if a URL matches a category in the dynamic filter list Period in seconds to wait before querying the update service for the same URL Host name or IP address of the category update server If the URL is not found in the local category database we wait until is retrived remotely timeout_filter controls for how long 0 New requests will have filtering and policies applied but will not use the cache New requests will have filtering and policies applied but
43. 2 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios 6 4 5 Internet Service Provider ISP ISP Setup SwiftCache Farm Core Router Core Router L4 7 Switch L4 7 Switch Edge Router Edge Router Client In a large ISP network with two international gateways it is recommended to deploy SwiftCache with a cluster at each gateway This simplifies the policy based routing required to direct traffic to the SwiftCache cluster withoutl introducing any asymmetry to the traffic flow 0 The diagram above shows e the SwiftCaches are deployed in two clusters that are dual homed to a pair of Layer 4 7 switches e each switch hangs off a leg to the edge router e the edge routers are configured with policy based routing on the north and southbound interfaces to directU web traffic to each SwiftCache cluster appropriately Avoiding Asymmetric Routing If there are local Content Delivery Network CDN servers in the network then it is important to avoid creating asymmetric routing paths For example a SwiftCache is operating in full transparency mode and is spoofing the client s IP address If it sends on the request to a local CDN server the response would return directly from the CDN server back to the client and not via the SwiftCache This would break the traffic path and cause the connection to fail 0 The request s network route out differs from the route back so this is known as asymmetr
44. 38988 Company Registration No 201019734M 1 2 Confidentiality Statement All information contained in this documentation is provided in commercial confidence for the sole purpose ofl adjudication by SwiftServe Pte Ltd and Customer Partner The pages of this document shall not be copied published or disclosed wholly or in part to any party without SwiftServe Pte Ltd prior permission in writing and shall be held in safe custody Confidential page 9 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 2 Introduction 2 Introduction 2 1 SwiftCache Overview SwiftCache is a high performance caching appliance that has been designed primarily for the carrier and ISP marketplace It has been built using a modular and flexible platform which means it can be deployed in varying scenarios such as ISP enterprise corporate or content delivery networks The SwiftCache architecture is optimised to cache all types of HTTP and web traffic including video andU multimedia content SwiftCache features a flexible configuration language allowing the definition of customisedH policies so that popular websites can take full advantage of the content caching SwiftCache has optional add ons available for caching and handling RTMP traffic and caching SSL HTTPS traffic in enterprise deployments Installing SwiftCache within a network will typically reduce the amount of transit or external bandwidth required by between 25 pe
45. 6 swiftserve SwiftCache User Manual 2013 03 15 v0 7 6 73 gf091255 SwiftCache User Manual v0 7 6 73 gf091255 Table of Contents Table of Contents 1 Copyright and Confidentiality 1 1 Copyright Statement 1 2 Confidentiality Statement 2 Introduction 2 1 SwiftCache Overview 2 2 Terminology 3 Quick Start Guide 3 1 Overview 3 2 Network Setup 3 2 1 General Settings 3 2 2 Basic Network Settings 3 2 3 Advanced Network Settings 3 3 SwiftCache Setup 3 3 1 Proxy Settings 3 3 2 Disk Settings 3 3 3 License Settings 3 4 Logging Setup 3 4 1 Debug Level 3 4 2 Log Rotation 3 4 3 Log Upload Specifying Log Filenames with Shell Wildcards 3 5 Starting and Stopping SwiftCache 3 6 Confirming Operation 4 SwiftCache Concepts 4 1 HTTP Caching 4 2 Hits and Misses 4 3 Hit Rates 4 4 Cache Index 4 5 License Options 5 Physical Installation 5 1 Technical Specifications 5 2 Racking Guidelines 6 Deployment Scenarios 6 1 Overview 6 2 Common Scenarios 6 2 1 Forward Proxy 6 2 2 Reverse Proxy 6 2 3 Important Considerations 6 3 Modes of Operation 6 3 1 Explicit Proxy Avoiding Open Proxies 6 3 2 Semi Transparent Proxy 6 3 3 Fully Transparent Proxy 6 4 Deployment Topologies 6 4 1 Inline Bridge Mode 6 4 2 Out of Path Router Mode 6 4 3 Load Balancer in Bridge Mode Confidential page 2 of 161 Table of Contents Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 4 4 Load Balancer in Router Mode 6 4 5 Intern
46. 9G swiftcache E Host test swiftserve com Cluster Status b Policies Filtering Reporting You have 3 Alerts that require attention Add Filter Enter url to test www google com Test Filtering Checking filter sets for URL www google com Status Dynamic Filters Test URL Last Updated Thu 24 Jan 2013 04 09 02 0000 Brightcloud Enabled yes Global Lists Categories 99 Search Engines Filter Policies Global Bypass Result undecided Logging Info MLM Redirect URL Filter Sets be Result redirect Logging Info DFH bc 50 99 Search Engines Redirect URL http ya ru Copyright SwiftServe 2013 An operator can enter a URL and validate it against the full filtering chain in order to determine what action would be taken This is performed on the Test URL page of the Filtering subsection of the Filtering tab in the GUI Information is returned about all types of filtering O 15 6 Brightcloud Dynamic URL Classification 0 Dynamic URL classification is a real time service used to identify the type of content that is being requested This allows the operator to restrict access based on the nature of the content requested rather than by manually maintaining a list of sites that should be blocked This is an optional add on feature to SwiftCache and is available via subscription Access to the service is controlled through the SwiftCache license SwiftCache has partnered with Brightcloud http www brightcloud com to gain
47. Add Row Save Changes Copyright SwiftServe 2013 SwiftCache supports four types of notification that may be raised for any alert instance Confidential page 102 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 11 Monitoring Email An email will be sent to the specified email address with the alert instance details For emails to be sent a valid SMTP relay must be defined with the following configuration keys H e smtp_host e smtp_port smtp username e smtp password and smtposs See Appendix C for more details of these configuration keys SNMP An SNMP Trap will be sent to the specified sink address with the alert details encoded into the Trap trap payload For more details of trap OIDs please refer to Appendix B HTTP An HTTP GET request will be made to the specified URL with the following query parameters U Web Sonics e Alert The alert type e g general swiftsense misconfiguration e Timestamp The alert timestamp in ddmmyy HHMMSS format e Server The IP address of the cache generating the alert e Arg The alert argument containing the alert details Syslog SwiftCache can be configured to report key error messages to a central syslog server that can be monitored by the network operator Alert notifications are configured in the GUI from the Manage NotificationsSubsection of the Alerts tab One or more actions may be co
48. Keep Alive 6 206 Established 2 981 Disk Stats Client In Progress 63 System Info Server In Progress 62 Log Closed 67 Low Level TCP IP Statistics total ived valid he if arded ming packets discarded 13511035 0 incoming packets deli ud 1350471171 request t 32 dropped beca mi g t gment ri gment ted Icmp 93 ICMP messages received j input ICMP message failed The TCP Stats subsection shows the current throughput of the SwiftCache appliance Separate figures arel displayed for network HTTP and RTMP throughput the total number of TCP connections and the number of connections in each state Keep Alive Established Client In Progress Server In Progress and Closed Underneath some more detailed networking statistics of the SwiftCache are provided This portion of the report can be particularly useful to help experienced networking technicians to identify errors in the TCP IP stack Confidential page 48 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI NIC Stats admin 9G swiftcache meme tna test swiftserve com Cluster Status Home Status Config Policies Filtering You have 3 Alerts that require attention Processes NIC Statistics Query Cache Auto Interface State IP Netmask Received Sent AT Speed Duplex Negotiation TCP Stats bondo up 176 9 244 238 255 255 255 224 1 8 GiB 1 3 GiB N A N A N A NIC Stats bond1 up 10 8 8 1 255 255 255 0 8 5 MiB 5 4 MiB N A N A
49. RL has all params Checks if the URL has all the parameters Named Captures Regex matches can be used to capture parts or strings of policy parameters typically the URL parameter These strings can then be used as substitution variables in the settings within that policy Although all strings allowed in policies can be rewritten in this way this syntax is particularly useful when setting the cache index By default the cache index uses the URL to reference the stored object on disk However with many sites where the URLs are semi dynamic we need identify the static component of the URL and use that to key the cache index The following example shows how the cache_index is defined for the Filesonic site 0 upstream policy filesonic match url regex http s d filesonic com download lt file gt wt cache index filesonic com file The syntax lt file gt is used to define the named capture The resulting string is referenced within the scope ofl that policy as file 14 4 4 Common Settings cache_partial_download Allows caching of partial download content for items stored on disk This can be useful when clients only request partial ranges instead of complete items e g download managers some video clients etc If the cache partial download option is set it will allow caching of partial requests or responses and interrupted transfers When a partial response is received it will be written to a single disk file i
50. Scenarios chapter Proxy Port IP Spoofing Allow Explicit Trust X Forwarded TCP port that the proxy process should bind to and listen for incoming HTTP requests Default 8080 Controls whether the SwiftCache should spoof the client IP address when deployed in a fully transparent mode of operation Controls whether the SwiftCache should allow explicit direct connections Controls whether the SwiftCache should trust the x Forwarded For HTTP request header and use it as the client IP address for the purposes of evaluating policies and IP spoofing To avoid SwiftCache being used as an open proxy it is strongly recommended that the Allow Explicit setting is disabled in any production environment or that explicit mode is only used when access is restricted only to authorised client IP addresses Confidential page 15 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide 3 3 2 Disk Settings Cache Disks cachet cache2 Fast Cache Disks Cache Disk Usage 90 a Update Reset The cache disks used by the device are specified on the Disks subsection of the Configitab Here the operator can control the disks used and configure the proportion of the available disk space to use for cached content 0 Cache A list of mount points for the cache disks within the Swiftcache Typically these are named Disks cachel to cachel0 Fast A list of fast cache disk
51. SwiftCache User Manual v0 7 6 73 gf091255 11 Monitoring Local Cluster Alert Count Severity Actions Help system disk util 370 9 proxy alerts action 467 A o Q general swiftsense communication_failed 235 A cache config reload 9 e Q Showing alerts for the last 7 days Acknowledge All If an alert is expanded to show the details then each instance of an alert may be acknowledged separately Acknowledged alerts are deleted from the SwiftCache after seven days 11 2 3 Alert Suppression To ensure that SwiftCache does not flood the operator with issues SwiftCache manages the information that is presented to the operator in two ways e Alerts of exactly the same type are suppressed for ten minutes This means that if a condition such as high CPU usage persists for a long duration an alert will only be generated once every ten minutes This removes redundant information from the interface that would simply confirm that a known condition still exists e Alerts of the same type are grouped in the interface and a count of the instances of each type presented This grouping means that issues that are likely to have the same cause are listed as a single entry in the interface This also presents a more compact view of the alerts allowing an operator to quickly identify important and urgent alerts without being swamped by noise 11 2 4 Alert Priorities Each alert is assigned a priority which corresponds to the seve
52. Table RTMP HTTP Prox CPU Prs Request Projected Proxy y Req sec Connections i i z Software Proxy Intercept Throughput Usage Rate Hit Rate Capacity Running Stopped Active 529 8 Mbps 2 054 20 186 12 68 0 63 1 990 3 Version Mbps test build 12894ab This last section of the dashboard provides a table of more detailed status breakdown for each appliance within the cluster This information includes the proxy and intercept status IP address hostname throughput health hit rates projected capacity and software versions Confidential page 44 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI 8 4 2 Status Tab The Status tab provides a more detailed overview of the current performance and status of the SwiftCache appliance It includes a number of low level networking and operating system statistics that are useful for troubleshooting It is divided into subsections Processes admin 9G swiftcache OO eaan test swiftserve com Cluster Status Filtering Reporting Alerts You have 3 Alerts that require attention Daemon Status Action HTTP Proxy proxy pid 7084 7083 is running ca Query Cache HTTP Intercepter HTTP Intercept is active 3 TCP Stats Task Manager taskmgr pid 7289 is running t2 NIC Stats Alerts Reporter alertd pid 7250 is running 3 Disk Stats SNMP Agent snmpagentd pid 7270 is running 3 System Info RTMP Proxy rtmp_proxy
53. U future updates to the configuration Joining a machine to a cluster also grants permission to the other nodes tol gather reporting statistics from this new cache and vice versa This is achieved via the GUI with the Cluster subsection of the Configltab Confidential page 107 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 13 Clustering admin v 9G swiftcache menses Hostname test swiftserve com Cluster Status b Home Status Config You have 3 Alerts that require attention Basic Configuration a Cluster Logging In a cluster 176 9 244 238 Cluster Leave Cluster Super Cluster TCP Status Disks RTMP Network Backups Advanced Configuration Copyright SwiftServe 2013 To join a new SwiftCache to a cluster the operator needs to enter the IP address of any machine in the existing cluster The operator also needs to provide an authentication credential to join that cluster This can be either the admin user password or the secret passphrase stored in the admin secret configuration key Once the new node has joined the cluster the GUI will update to reflect that the machine is now a member of the cluster The Cluster subsection of the Configitab will now show the IP addresses of the other cluster nodes 13 2 2 Removing a Node from a Cluster When a SwiftCache appliance is part of a cluster the Cluster subsection of the Configitab in the GUI will show a
54. a request each policy is applied in the order configured If the samel configuration key has different values defined in those policies the value in the final matching policy will bel applied The order of policies is important to ensure that final behaviour is as expected Policies can be reordered in the GUI by dragging their names From the CLI operators can use the commands e policy lt policy_a gt move after lt policy b gt and e policy lt policy_a gt move before lt policy b gt where lt policy a gt and lt policy b gt are names of policies 14 4 3 Match Rules Every policy must have at least one match rule The match rule is used to determine the requests for which the policy should be applied Where multiple matches are specified within a policy they are applied with the logicalU AND operator This restricts the number of matching requests as all match rules must be met to trigger the policy A match rule is defined as match lt parameter gt negate lt operator gt lt value gt lt parameter gt specifies the aspect of the client request to test for a match The possible parameters arel described in the table below method The HTTP request method Possible values are GET PUT POST DELETE HEAD etc client The IPv4 or IPv6 address of the client or the netblock from which the client request originated Soves The IPv4 or IPv6 address of the origin server or the netblock in which the server i
55. access to the most authoritative and comprehensive source for URL classification URLs are classified into a series of categories that an operatorl may choose to block individually Dynamic URL classification is typically used by operators to block access to known malware or spyware sites to protect end users from online threats It can also be offered as a personalisation service to consumers allowing them to define what content they want to block on their own connections This type of personalisation service requires the SwiftPolicy Manager to control the filtering policies on the SwiftCache Please contact your vendor for more information 0 Confidential page 125 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 15 Filtering 15 6 1 Categories The most recent list of categories and their descriptions is available from http www brightcloud com support catdescription php 15 6 2 Status and Information Brightcloud will be enabled automatically if the SwiftCache license includes it An operator may verify that it has been activated by viewing the Brightcloud page of the Filtering subsection of the Filtering tab in the GUI It is also possible to check the classification category associated with a particular domain on this page 15 6 3 Usage Once the Brightcloud filtering module is enabled it is possible to include dynamic URL classification categoriesU within policies Please see the Policies c
56. ad approximately 10 percent Confidential page 73 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Hit Rates admin 9G swiftcache asa e test swiftserve com Cluster Status gb Reporting You have 3 Alerts that require attention Cluster HTTP RTMP Cache Hit Rate Last Hour FES Traffic You can click and drag on the graph area to zoom in aam Top 100 System a 100 Performance a Cache Status Object Distribution Service Time Time To First Byte SwiftSense 11 30 11 40 11 50 12 00 12 10 12 20 Byte Hit Rate Request Hit Rate Graph shows of requests and bytes served from the cache min 52 4 max 82 3 mean 66 4 min 48 0 max 105 9 mean 76 8 Copyright SwiftServe 2013 This interactive graph shows the percentage byte and request hit rates achieved by the SwiftCache appliance The hit rates are particularly useful indicators of the efficiency of SwiftCache 0 Byte Hit Records the overall percentage of application traffic that has been served from the cachel Rate where application traffic excludes the protocol overheads 0 Request Shows the percentage of requests that are served from cache Hit Rate Confidential page 74 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Cache Status admin v Gswiftcache TN Hostname test swiftserve com Cluster Status b Reporti
57. ainst the full filtering chain in order to determine what action would be taken Information is provided about all types of filtering Brightcloud This page allows the operator to see if the Brightcloud module is active and if so to check the category associated with a hostname domain The Brightcloud filtering module will be enabled automatically if the SwiftCache license includes it For more information on Brightcloud please refer to the Brightcloud Dynamic Confidential page 57 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI URL Classification ection in the Filtering chapter in this manual Global Lists This page allows the operator to define the global black and white lists The Location can be specified as anU HTTP URL or a local path to a file on the appliance The Refresh Period defines how frequently it is updated and the Redirect Location indicates where denied requests are forwarded to if applicable 8 4 6 Reporting The Reporting tab shows graphs and statistics based on the historical performance of the SwiftCache appliance and cluster which are continuously updated in real time SwiftCache will aggregate and display statistics from across the cluster as well as from the local device Selection of the report scope is enabled through tab controls Local Cluster Super Cluster Reports are divided in to subsections corresp
58. allbacks Count Pending Requests 0 0 0 0 Filtering pe be Test URL Allowed 0 Brightcloud Denied 0 Global Lists oil ala 2 test Filter Policies Enabled yes Allowed 0 Denied 0 Undecided 0 Copyright SwiftServe 2013 The Filtering tab allows operators to define a set of sites that are either blocked or allowed The highest level off filtering is the global white and black lists that are configured on this tab It is also possible to use dynamic URLO classification where decisions are made on a site depending on the content as identified by Brightcloud 0 Filter Policies are also configured here but for them to take effect it is also necessary to create one or more policies defined under the Policies tab that will apply them The navigation menu on the left of the page allows access to the different aspects of Filtering configuration with two subsections Filtering and Filter Policies Above these is an Add Filter button which allows operators to add a new filter policy 0 Please refer to the Filters section of this manual for more detailed configuration information The Filtering subsection has four pages Status Test URL Brightcloud and Global Lists Status This page shows the current total filter statistics in terms of the requests allowed and blocked and underneath some statistics for the individual filter policies U Test URL This page allows an operator to enter a URL and validate it ag
59. annot deduce the host information for an explicit connection 2 3 LHHR we have Host localhost header or similar we use the original endpoint and ignore the header entry 2 3 LRGCHDR large client headers 2 3 LRGSHDR large server headers 2 3 NIMPLERR not implemented we send a 501 response 2 3 Confidential page 143 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 NIP IIP REQT RFDSK SPARSEERR TCP_RNC_MISS TRUNC WFDSK URELINTR PURGE CNC IPRATE CRATE FRIO FRI1 FRI2 FRI3 SEEKRNGE STALE FETCH RFETCH ICC ICH ICM ICSM Confidential client sent request to a different IP than the one proxy resolved see also IIP client sent request to the same IP as proxy resolved see also NIP client timeout on the first byte of the request usually encountered in server speaks first protocols 0 a fast disk was used for read should occur along RIDX strings corupted sparse object encountered re applying the config on an existing cache object using the cached headers caused the cache_neverll to get set corrupted truncated cache object encountered renamed to INVTRUNC in 2 4 7 a fast disk was used for write should occur along WIDX strings request was blocked as unwanted relay Cache object was purged due to config purge_older_than option renamed to INVPURGE in 2 4 70 Client sent no cache headers Rate limiting by IP is enabled Rate limiti
60. are running on SwiftCache The person viewing the web content served via SwiftCache from the origin server e g a customer of an ISP The software or application used by the end user to request and view web content e g a web browser The administrator of the SwiftCache appliance A group of SwiftCache appliances configured to communicate and operate together as a single unit A single SwiftCache appliance within a cluster of SwiftCaches page 11 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide 3 Quick Start Guide This chapter describes the typical steps to take for the initial setup of a SwiftCache appliance It is intended as a quick reference guide for operators already familiar with SwiftCache If you are not familiar with SwiftCache operation please read the chapter on SwiftCache Concepts and following chapters first 0 Depending on your vendor your SwiftCache may be delivered with the network already configured otherwise itO will be in the default DHCP mode To begin configuring the SwiftCache you will need to know its initial assigned IP address If preconfigured by your vendor please consult their documentation If SwiftCache is running in DHCP mode please establish its assigned IP address by querying the DHCP server on your network or by consulting your network administrator Open a web browser on a device connected to the same network as the SwiftCach
61. ase send an email to support swiftserve com Confidential page 137 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 19 Appendix A Log File Format 19 Appendix A Log File Format Last updated up to version 2 4 6 rc We support a customizable log file format The format can be configured with the config optionH access_log_format The default value if missing is n x T d t a c m Wi Mu Wl Wf Each of the letters prefixed by will be replaced with the relevant info as explained below Everything else inU the log format string will be ignored and output as is Confidential page 138 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 Placeholder wma b c C d D Ke f h i l m n 0 p P r R s t T u W Confidential Description http status code numeric user agent length total bytes sent to client C32 sum of response not always available request duration seconds date in proxy own format as in error log MIME Type filtering info see below U request completion date time human readable format local timezone client ip log info contains various string separated by see below http method request completion date time in timestamp format the number of seconds since the epoch original endpoint IP address client was connecting to How much bytes were served from
62. automatically provides tailored policy updates to live SwiftCaches Please refer to the Policies and SwiftSense chapters in this manual for more detail Confidential page 106 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 13 Clustering 13 Clustering The management of many servers in a large infrastructure deployment can be time consuming and prone to human error To solve this problem multiple SwiftCache appliances can be configured and managed as a singlel entity or cluster 13 1 Overview SwiftCache s cluster management features allow operators to e propagate configuration changes across an entire cluster with a single action please refer to the Cluster ConfigurationBection below e review the performance of the entire cluster through a single interface please refer to the Reporting section in the SwiftCache GUI chapter of this manual e run SwiftCache appliances with no single points of failure in a master master architecture enabling maximum scalability and stability by avoiding split network or consistency issues e define superclusters to aggregate reporting data from multiple clusters each with their own distinctl configurations see the Superclusters section below e upgrade appliances in a cluster sequentially please refer to the Automated Cluster Upgrades section later in this chapter and e make additional performance bandwidth and disk space savings through Inter Cache Communicatio
63. be both a Local tab and a Cluster tab the Local tab provides information about this appliance the cluster tab shows information about all the nodes in the cluster The dashboard is broken into three major components an alert summary performance information and the status table Alert Summary You have 3 Alerts that require attention Alert Count Severity Actions Help system disk util 10 proxy alerts action 49 general swiftsense communication_failed 44 A Showing alerts for the last 7 days The first section of the dashboard provides a count of unacknowledged alerts which can be expanded tol display summaries of each type of alert The alert summary is available in the header of all pages within the GUI for easy access to unacknowledged alerts Confidential page 43 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Performance Information Local Cluster CPU Usage Byte Hitrate Disks Utilisation Network Throughput vs Bandwidth Savings Last Day You can click and drag on the graph area to zoom in 1000 750 Mbps uw 5 Mar 16 00 5 Mar 20 00 6 Mar 6 Mar 04 00 6 Mar 08 00 6 Mar 12 0 Network Throughput Bandwidth Savings The next section of the dashboard shows performance information including CPU usage and disk utilisation as well as network throughput versus bandwidth savings from the last twenty four hours Status
64. cannot inspect the encrypted payload it will not cache the traffic 0 Note that relaying SSL will consume CPU and network resources available to SwiftCache and will have no corresponding benefit through caching of content 0 It is possible to limit the download rate of client connections within SwiftCache However this feature does not allow limiting of the number of connections opened by a client An operator can limit the download rate of either an individual HTTP connection from a client or apply the download rate limit as a total maximum allowance per client IP address Limits can be applied globally to all clients or under specific conditions using a policy This can be useful when an operator wants to limit the download rate for specific clients for specific sites or by server 0 There is an option availablle for burst mode so that an operator can allow a specified amount of data to be transferred at full speed before the rate limiting begins Note that burst mode is only applied to each connection and is not applied per IP address This means that multiple short requests will not be limited This option is useful if an operator does not want to affect normal web browsing but wants to limit large downloads from consuming a large proportion of available bandwidth 16 10 1 Enabling Rate Limiting Download rate limits are configured via the CLI Some configuration examples are provided below set ratelimit type ip Apply rate l
65. ch alert the number of times it has occurred and the severity are displayed in a table To display a tooltip describing the alert in more detail and suggesting remedial actions hover over the blue circle next to each alert To expand the table and show the individual occurrences click on the name of the alert or the arrow in the Actions column To acknowledge an individual occurrence of an alert click on the green tick Clicking on the green tick in the header will acknowledge all the alerts of that type Acknowledged alerts are hidden from the default view The operator can acknowledge all current alerts by clicking on Acknowledge All in the bottom right hand corner It is possible to display acknowledged alerts and the entire alert archive by using the checkboxes on the left hand side Free text filtering can be achieved by typing into the text box above these options To remove all current alert filters click on the red circle 0 Managing NotificationsO Alert notifications can optionally be configured to be delivered via SNMP HTTP GET SysLog and Email SMTP 0 Confidential page 80 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI The default view of this is a table showing those notifications already configured 0 Existing notifications can be enabled or disabled by toggling the checkbox in the Enabled column To delete an individual notification click on the red circle at the fa
66. clients to receive the first byte of data for both cache hits and cache misses Confidential page 79 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI SwiftSense admin v 9G swiftcache OO pman test swiftserve com Cluster Status You have 3 Alerts that require attention SwiftSense is a cloud service which allows you to view different business level reports for an arbitrary group oca of caches you own This includes but not limited to Cluster Performance statistics of cache group Top sites Top videos Top categories Traffic sources jaie Site hit rates dynamics over time Many more Top 100 Please contact support if you need an account System Log in to SwiftSense Performance SwiftSense Access SwiftSense Copyright SwiftServe 2013 SwiftSense is a separate component to SwiftCache This subsection outlines the information available in SwiftSense and provides a link to login Please see the SwiftSense section later in this manual for more detail 8 4 7 Alerts The Alerts tab allows operators to view alerts and manage notifications For more information on alerts and notification please refer to the Alerts section in the Monitoring chapter of this manual Viewing and Acknowledging Alerts By default the Alerts tab shows unacknowledged alerts for the appliance and cluster if applicable from the last seven days For ea
67. configured to use SSL encrypted should it be required SwiftCache s SSH interface is on port 22 Direct console logins can be achieved by either logging in via a serial port connection or using a keyboard and monitor directly connected to the SwiftCache appliance For more information on the GUI please refer to the SwiftCache GUI chapter later in this manual For more information on the CLI please see the SwiftCache CLI chapter 7 2 User Accounts By default there are two user accounts that an operator can use to login to a SwiftCache These are e the admin user who may monitor the SwiftCache and has the ability to make changes to configurationU options including shutdown and restart and e the monitor user who can only see reporting information statistics and alerts and cannot view or change the configuration of the SwiftCache appliance The monitor user can only connect to the SwiftCache using the GUI T 3 Configuration Daemon A daemon is a software program that runs as a background process Access to the configuration database isO handled by a component of SwiftCache called configa the configuration daemon Both the CLI and GUID communicate with configd in order to read the configuration to display it to the operator and to update thell configuration when a value is changed 0 7 4 Configuration Keys0O SwiftCache is configured using Bonfiguration keysLand their corresponding values These configuration keys define different
68. d allow_explicit bool Allow direct connections from browsers that have an explicit proxy setting allow_loop_connections bool Allow connections to proxy box DANGEROUS allow_netscaler bool Allow direct connections from NS load balancers allow_open_relay bool Allow connections to ports other than 80 443 DANGEROUS allow_rest_query bool Allows proxy queries DANGEROUS always_do_dns bool Always do our own DNS lookup even if we could avoid it by trusting the client append_query_params string Append or update if already exist specified query params to each request Format key1 val1 amp key2 val2 Confidential page 148 of 161 Generated 15 03 2013 12 49 asymmetric_mode blacklist_location blacklist_refresh block_connection brightcloud_category_refresh brightcloud_deny_unknown brightcloud_device brightcloud_heartbeat brightcloud_http_wrapper brightcloud_list brightcloud_max_validity brightcloud_oem brightcloud_port brightcloud_queue_size brightcloud_recheck_timeout brightcloud_redirect_url brightcloud_retry_timeout brightcloud_server brightcloud_wait_remote bypass_connection_count bypass_cpu_level cache_always cache_async_fetch Confidential SwiftCache User Manual v0 7 6 73 gf091255 bool string int bool int bool string int bool checklist int string int r80 65535 int int string int string bool int int bool bool page
69. d the rest of the filtering chain is ignored The precedence of filters is as follows 0 Global Lists gt Filter Policy Lists gt Filter Policy Dynamic URL ClassificationO A decision of Undecided is returned when the filter does not match the request Processing then continues tol the next filter in the chain 0 Filtering provides the operator with the ability to restrict block or otherwise modify access to a particular site or sites Most filtering is applied through the use of policies This provides the operator with fine grained controll over which filtering rules are applied to which of their subscribers 0 15 2 White Lists A white list defines a set of URLs that should never be filtered Typically this would be used for the operator s own site and any content partners that the operator wants to ensure are never blocked Default Deny mode will block access to any URL that is not included on a white list This is a very restrictive mode of operation that may be suitable for certain enterprise environments however it is not typically recommended for normal usage Please see later in this chapter under Filter Policies for more information on configuring Default Deny mode 15 3 Black Lists A black list defines a set of URLs that should be blocked by SwiftCache If the root of a URL is specified on the black list it will also match more specific URLs For example adding example com to the black list would filter any URL requested that
70. de is determined by CPU load or simultaneous connections thresholds After either of these thresholds is breached new requests will be handled in Bypass Mode Existing requests will be unaffected Whilst a connection is in Bypass Mode the cache will not attempt to read or write objects to or from disk irrespective of any other policy settings This behaviour is very similar to the cache never configuration key U except that it is applied dynamically when under exceptionally high load However SwiftCache will continue to apply policies filters and other connection logic as per normal in Bypass Mode This ensures that configured business rules continue to be enforced even during exceptionally high load U 16 8 2 Relay Mode Relay Mode is applied as a last resort when the load on the cache is so severe that the amount of processing needs to be drastically reduced Relay Mode is complementary to Bypass Mode and is similarly activated by CPU or simultaneous connection thresholds Whilst in Relay Mode SwiftCache acts as a traffic router It not only avoids any disk access but also most connection processing This means that policies filtering and other connection logic is not applied until the loadU decreases again Swiftcache has several different levels of support for SSL For SSL traffic there are two options available 0 SSL This enables caching of objects that are requested and served via SSL connections This is an proxy opti
71. e Confidential page 145 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 19 Appendix A Log File Format e LSI local filter set has an invalid name set checks are skipped e MWH meta whitelist hit allow the request replaces WFH META e MBH meta blacklist hit block redirect added in 2 3 7 e MLM meta lists miss continue down the chain added in 2 3 7 replaces MWM e SFH static filter hit followed by filter name U e SFM static filter miss e SPD spm disabled e SPSI spm static invalid dynamic spm check skiped replaces ST_INV SPM e SPBI spm bc invalid replaced BC_INV SPM e WFH white filter hit e WFM white filter miss e BP bypass used only the global lists were checked e FRO the cookie was invalid we aborted the cookie redirects e FR1 first step cookie redirectO e FR2 second step cookie redirect Confidential page 146 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 20 Appendix C Configuration Key Reference 20 Appendix C Configuration Key Reference Below is a table listing all the configuration keys U Confidential page 147 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 20 Appendix C Configuration Key Reference Name Type Description access_log_format string a status code b user agent browser information c client content length C C32 sum of the respons
72. e if available d request duration t status text D timestamp in error log format e mime type f filtering info h human readable timestamp i client ip l log info m method n unix timestamp o original_endpoint p partial server in P matched policies r requested content range R cache read index s server ip t log status W cache write index T time to first byte u 0 url x connection tracking id NOTE b and non space delimiters missing delimiterscan lead to performance drawbacks admin_password string Password for admin user admin_port int r80 Port that web admin interface listens on 65535 admin_secret password Secret used for internal communication Must be the same on all machines in the cluster admin_ssl bool Should admin use SSL TLS alert_filter_time_deltall int Time delta in seconds to not show alerts in GUI that older then current time minus time delta not showing alerts older then 7 days by default Set to 0 to turn filtering off 0 alert_notification_bar_min_severityH int Minimal severity to show alerts in notification areal alert_notificationsU string A JSON encoded list of alert notifications in the format of alert os io cpu 0 severity high action_type mailto data admin example com alerts_retention_period int Maximum age of retained alerts days Zero means never delete allow_connect bool Allow clients to use CONNECT metho
73. e appliance and go to http lt cacheip gt 8500 replacing lt cacheip gt with the IP address of your appliance Enter the username admin and the password supplied by your vendor to log in For more details on connecting to the GUI please refer to the SwiftServe GUI chapter of this document Click on the Configltab and then the Network subsection to view and edit the current settings Note that network settings are applied immediately after clicking Update It may take a few moments for new network settings to take effect while the networking subsystem is restarted on the SwiftCache appliance Care should be taken when adjusting network settings to avoid losing contact with the device Confidential page 12 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide Network Settings Hostname apollo20a test swiftserve com Default gateway interface None K DNS Servers 213 133 98 98 213 133 99 99 213 133 100 100 2a01 4f8 141 13 x NTP Servers O centos pool ntp org 1 centos pool ntp org 127 127 1 0 2 ce ig Interface bondO Enabled Dhcp O IPv4 Address 176 9 244 238 Netmask 255 255 255 224 Gateway 176 9 244 225 Enable IPv6 Support IPv6 Address 2a01 4f8 141 1381 1000 IPv6 Netmask 64 IPv6 Gateway Routing Rules Network settings are grouped into three areas General These are the basic settings that are not specific to any individual network interface Bridged Interface A bridged inte
74. e client to the real SSL origin server using its encrypted connection to the origin server SwiftCache delivers any content from the origin server back to the client via its separate encrypted connection to the client Invalid Certificate Workflow0 If the origin server s SSL certificate is invalid for any reason e g it is self signed has expired etc thenU SwiftCache will deliberately generate a bad certificate to encrypt the connection back to the client This willl cause the client web browser to generate a SSL certificate warning in much the same way as if the client had connected directly to the origin server If the end user observes the warning the connection will be terminated If not then Swiftcache will pass back encrypted content to the client as described above Note that if an end user carefully examines the SSL certificates generated by SwiftCache then the end user could become aware that the certificate has been signed by the SwiftCache Certificate Authority rather than the origin server Enabling SSL Proxy Mode A SwiftCache license key enabling use of SSL Proxy Mode is required SSL Proxy Mode is enabled in the GUI in the SSL part of the Advanced Configurationsubsection of the Configitab This will only be visible if the feature is enabled in the license key To display the good SSL CA cert and key you can click the notepad icon on this screen SSL Proxy Mode is enabled in the CLI with the command set enable
75. e clusters The operator then needs to enter the IP address of any machine in the other cluster and to provide an authentication credential to create the supercluster This can be either the admin user password or the secret passphrase stored in the admin _ secret configuration key for the other cluster The supercluster is created by clicking the Join Supercluster button CLI To create a supercluster from the CLI the operator uses the supercluster join command When prompted enter the IP address of the remote machine and the admin user password Operators can view the status of the supercluster in the CLI with the command supercluster show To remove the current clusters from a supercluster use the command supercluster leave 13 4 Automated Cluster Upgrades Automated cluster upgrades are performance using the CLI only The process allows an operator to deploy a new SwiftCache software release across a cluster while providing information on the status of the upgrade The upgrades are performed sequentially by SwiftCache one node at a time so that the performance of the cluster is maintained while the upgrade takes place An operator may also revert an upgrade downgrade the SwiftCache software to a known good software release should a problem be encountered during the upgrade SwiftCache will keep backup copies of the SwiftCache software only if installed by the automated upgrades feature Manual software upgrades will not crea
76. ease refer to Appendix C 16 3 Asymmetric Routing It is important that any traffic sent from the SwiftCache appliance is routed back via the cache If not the resulting asymmetric routing will disrupt client connections Typically this can occur when SwiftCache is deployed into an ISP network where a local CDN may be installed There may be multiple internal routes back from the local CDN servers where the return path will bypass the cache In this scenario it is important that asymmetric mode is configured and enabled For more information on avoiding asymmetric routing please refer to the Deployment Scenarios chapter in this manual 16 3 1 Enabling Asymmetric Mode This is done by enabling the configuration key asymmetric mode SwiftCache will also require the divert helper module to be installed for this functionality to work Confidential page 127 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 16 Advanced Features 16 4 Fast Disks Fast Disks is an optional add on feature to SwiftCache that needs to be enabled in the license key Please contact your vendor if you require this feature 16 4 1 Improving Disk Seek Time Fast Disks allows an operator to use solid state disk SSD storage with a fast seek time to improve cache performance A traditional server grade spinning hard disk i e has moving parts has a high seek latency 8 milliseconds in comparison with SSD storage 0 1ms or an
77. ed to run the command The CLI prompt will be the hostname of your SwiftCache followed by a gt for example yourswiftcache gt Note that in the following examples it is not needed to type the yourswiftcache gt prompt itself just the command and arguments that follow it For example typing yourswiftcache gt show allow explicit and then pressing Enter will run the show command with the argument allow explicit The show command will display the value of the SwiftCache configuration key you specify as the argument In this0 example it would display the value of the configuration key called allow explicit 9 3 2 Tab Completion The SwiftCache CLI has a tab completion function to save time when entering commands After typing the firsti letters of a command or argument pressing the Tab key will cause the CLI to try and complete the rest This will succeed if there is only one possible valid command or argument starting with those letters For example typing Confidential page 83 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI yourswiftcache gt sho followed by the Tab key will complete the command to read show This can be particularly useful with longer commands Pressing the Tab key twice at any point will display a list of the possible commands or arguments that can be completed This can be useful in the event that an operator is familiar with the device but is n
78. efore 2 3 CLARGE content was too large to be saved see max_cache_object_size Before 2 3 CLTRNGE range request served from cache Before 2 3 CNVR the request hit a cache_never rule Before 2 3 CRCBP cpu level bypass mode enabled cache read operation ignored Before 2 3 CSEEK video seek request policy used Before 2 3 CSTERR custom error response Before 2 3 CWCBP cpu level bypass mode enabled cache write operation ignored Before 2 3 EXCO explicit type connection request direct connection absolute url Before 2 3 EXRNG Client s request range was extended before passing to server cache_partial_extend_range on 2 4 9 F4VSEEK seek request in a f4v served from cache Before 2 3 FLVSEEK seek request in a flv served from cachell Before 2 3 Confidential page 141 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 19 Appendix A Log File Format FNWR Writer creation disabled because the related background shared server fetch 2 4 5 share_server_connection on could not create the writer E g cache_delay not reached etc ICAP the request went to an ICAP server for response modificationU Before 2 3 INCO intercepted connection request Before 2 3 INVCS32 32KB prefix checksum validation failed for partially cached file which caused file invalidationU As of 2 4 1 INVTRUNC corrupted truncated cache object encountered and is invalidated just TRUNC before 2 4 7 2 4 7 INVMETH cache item was invalidated because non GET request to t
79. enabled graphs of RTMP throughput are also shown The HTTP request rate is one of the most reliable indicators of load on SwiftCache as it equates almost directly to Disk Input Output IO which is one of the resource limitations of the SwiftCache Confidential page 61 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Connection Stats admin Gswiftcache IP 192 168 1 1 Hostname test swiftserve com Cluster Status b Reporting You have 3 Alerts that require attention oca Cluster 3 Lcsv Simultaneous Connections Last Hour You can click and drag on the graph area to zoom in 15 000 Traffic 12 500 Network Throughput Cache Throughput 10 000 Request Rates Connection Stats 7 500 95th Percentile 5 000 ur 100 2 500 een Performance o 11 30 11 40 11 50 12 00 12 10 12 20 SwiftSense Sl E closed MB keepalive MB established W server in progress W client in progress E rtmp server in progress W rtmp client in progress server in progess attempts to connect to a server or wait for initial response client in progress reading processing client headers min 56 58 max 81 34 mean 68 38 min 5 339 51 max 7 651 76 mean 6 441 50 min 2 555 19 max 3 595 40 mean 3 038 74 min 53 82 max 76 52 mean 64 14 min 52 64 max 76 93 mean 64 07 min 533 78 max 774 31 mean 643 47 min 579 20 max 818 97 mean 691 08 Copyright SwiftServe 2013 T
80. ense 80 8 4 7 Alerts 80 Viewing and Acknowledging Alerts 80 Managing Notifications 80 8 5 Cluster Settings 81 8 5 1 Shared and Local Settings 81 8 5 2 Example 81 9 SwiftCache CLI 83 9 1 Overview 83 9 2 Applying Changes 83 9 3 CLI Usage 83 9 3 1 Running Commands 83 9 3 2 Tab Completion 83 9 3 3 CLI Help 84 9 3 4 Checking Configuration 85 Default Values 85 9 3 5 get and set Commands 85 9 3 6 add and remove Commands 85 9 3 7 Configuration Sections and Scope 86 9 3 8 create and no Commands 86 filter Sections 86 interface Sections 86 policy Sections 87 upstream_policy Sections 87 shared Section 87 local Section 87 9 4 Other CLI Commands 87 9 4 1 brightcloud 87 9 4 2 cache 88 9 4 3 cluster 88 9 4 4 config 88 9 4 5 edit 89 9 4 6 exit 89 9 4 7 idata 89 9 4 8 policy 89 9 4 9 process 90 9 4 10 raid show 91 9 4 11 reboot and shutdown 91 9 4 12 shell 91 9 4 13 ssl 91 9 4 14 stats 92 9 4 15 supercluster 92 9 4 16 test 93 9 4 17 top100 93 9 4 18 upgrade 93 9 4 19 upstream_policy 93 10 Operations Guide 95 10 1 Securing SwiftCache 95 10 1 1 User Administration 95 10 1 2 Best Practice Recommendations 96 10 2 Disk Replacement 96 10 3 Configuration Backup 96 10 3 1 GUI 96 10 3 2 CLI 96 11 Monitoring 97 11 1 Reporting 97 11 1 1 GUI 97 11 1 2 CLI 97 Confidential page 4 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 11 1 3 SNMP 11 2 Alerts 11 2 1 Alert Framework 11 2 2 Alert Workflow 11 2 3 Alert Su
81. ent The ability to supply SSL certificates to clients is necessary because to operate SwiftCache as a SSL cache clients must trust the SSL server certificates generated dynamically by SwiftCache This in turn means that thel SSL Certificate Authority CA certificate used to sign the server certificates must be installed onto any client that0 will be routed via SwiftCache Re establishing a Chain of Trust When in SSL Proxy Mode SwiftCache pretends to be the origin server to the client by issuing itself a SSL server certificate for the origin server s domain It signs the server certificate using the CA certificate 0 Ordinarily this would not be trusted by the client However because the client has also installed and trusts the same CA certificate the chain of trust is re established Valid Certificate Workflow When a client requests content over HTTPS Swiftcache creates a new connection to the requested site and checks the SSL certificate provided by the origin server If the SSL certificate from the origin server is valid thenU SwiftCache will generate a good SSL certificate for the origin server s domain SwiftCache then uses this tol encrypt its own connection to the client The client trusts the CA that SwiftServe has used to create the certificate and the certificate matches the domainU name the client originally requested so the client does not generate any web browser warnings Swiftcache then will pass any requests from th
82. eractive graph shows the memory Used Free and Buffer Cache Any memory that is not used by the SwiftCache processes is typically allocated to the disk buffer cache Performance This subsection shows information on the performance of the SwiftCache appliance it is divided into pages corresponding to Bandwidth Savings Hit Rates Cache Status Object Distribution Service Time Time To First Byte and Cache Acceleration Confidential page 72 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Bandwidth Savings admin Gswiftcache mee Hostname test swiftserve com Cluster Status b Reporting You have 3 Alerts that require attention Local houriy daily weekly monthly yearly oca Clust ai Bandwidth Saving Last Hour SEN You can click and drag on the graph area to zoom in 700 600 500 i 400 v a Bandwidth Savings 300 Hit Rates Cache Status 200 Object Distribution Service Time 100 Time To First Byte 0 11 20 11 30 11 40 11 50 12 00 12 10 12 20 Swiftsense EB HTTP E RMTP Graph Shows Bandwidth Cache is Saving min 227 Mbps max 510 Mbps mean 349 Mbps min 48 Mbps max 111 Mbps mean 74 Mbps Copyright SwiftServe 2013 This graph shows the amount of the HTTP bandwidth saved Bandwidth saved is calculated as the difference between the amount of network traffic sent to clients and traffic received from the origin servers less thel protocol overhe
83. eration 2 3 11 2 4 1 TOCO Connect timeout 2 3 11 2 4 1 TOKA Keep Alive timeout we don t have an access log entry for this request 2 3 11 2 4 1 TOFT Filter timeout we proceed with the request processing 2 3 11 2 4 1 TORE Relay timeout 2 3 11 2 4 1 TOIO Disk I O timeout 2 3 11 2 4 1 TOUN Unspecified timeout followed by the numeric value 0 2 3 11 2 4 1 RSSLDG Connection dropped reverse ssl proxy invalid origin certificate 0 2 4 1 RSSLRD 302 redirect response reverse ssl proxy invalid origin certificate 0 2 4 1 RSSLGE Gateway Error response reverse ssl proxy invalid origin certificate U 2 4 1 RSSLIG The invalid origin certificate is ignored reverse ssl proxy U 2 4 1 e BCD bc disabled e DEF default decision allow end of decision chain e DFH cat_id score category name dynamic hit category id score and name included e DFM cat_id score category name 1 or more categories dynamic miss along the url associated categories and score e DFN dynamic category new we never seen this before a request for brightcloud category info was initiated e DFU dynamic category unknown brightcloud can t classify it e DFI dynamic category ignored brightcloud doesn t classify it and we don t query the live service or store it in the local database Added in 2 3 9 currently used only for ipv6 addresses e FD filtering disabled e FTO filtering module timeout request processing forced without waiting for filtering anymor
84. eriodically contact SwiftSense and request Update new policies If new policies exist they will be downloaded to the SwiftCache Alerts When alerts report update is enabled the SwiftCache will send all new alerts to SwiftSense in Report order to enable centralised monitoring Confidential page 133 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 17 SwiftSense 17 4 1 SwiftCache GUI admin v 9G swiftcache pan Hostname test swiftserve com Cluster Status Home Status Config You have 3 Alerts that require attention Basic Configuration SwiftSense Settings a Enable SwiftSense e3 5 Advanced Configuration amp SwiftSense Server n test swiftsense net amp General Enable License Keys Update amp Passwords aS a nable SwiftSense To P a License Reports Enable SwiftSense Policy Swifts 7 Overload Protection Enable SwiftSense Alerts amp Report System Enable Automatic Updates amp SSL Proxy List Fetching Cache Limits Update Reset Copyright SwiftServe 2013 SwiftSense settings are controlled from the SwiftSense part of the Advanced Configurationl ubsection of the Configitab in the GUI 17 4 2 SwiftSense Web Interface The SwiftSense web interface consists of the following tabs across the top Dashboard Caches Organisations Reporting System and Admin These are described in more detail below At the top right there is a link to the My account page where an operato
85. es More detail is available in the Policies chapter of this manual Confidential page 94 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 10 Operations Guide 10 Operations Guide This chapter provides guidance on common operational tasks Access to the SwiftCache GUI and CLI are protected by username and password Additionally communications with the web interface may be SSL encrypted To enable this run the command set admin_ssl on in the CLI yourswiftcache gt set admin _ssl on ok It is additionally recommended that an external security device or access control list is applied to the GUI to prevent access from unauthorised or external users 10 1 1 User Administration admin 9G swiftcache mE Hostname test swiftserve com Cluster Status b Config You have 3 Alerts that require attention Basic Configuration Admin Password m New Password Advanced Configuration Enter new password for admin user The EE eee i admin user has full read write access to all Tenera Confirm Password configuration License Update SwiftSense Monitor Password Overload Protection New Password Enter new password for monitor user The System monitor user has read only access to the GUI to enable them to monitor the cache without making any configuration changes SSL Proxy Confirm Password Cache Limits Update Copyright SwiftServe 2013 Two users exist within the SwiftCache GUI e The admin u
86. es or initiating an appliance reboot or shutdown Query Cache admin v 9G swiftcache ens test swiftserve com Cluster Status b Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention Enter the cache index or URL of an object you want to to lookup in the cache Unless overridden by a policy rule the Processes cache index by default is normally of the form www mysite com 80 index html Local iad Lookup Delete TCP Stats NIC Stats Disk Stats System Info Log Copyright SwiftServe 2013 The Query Cache subsection allows the operator to determine if a particular object is Known to the proxy and if so some information about the way it is stored and has been accessed This page also allows operators to purge objects from the cache manually if they specifically need to be made unavailable In normal operation old items are automatically purged from the cache over time The search box allows operators to query the cache to view the status of an object Queries are performed by entering the URL of an object or its cache index The response will display the following details for objects cached both normally and compressed gzip Confidential page 46 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Index The unique cache identifier for the object 0 Content The size in bytes of the object Length
87. es that were created or edited locally Upstream policies are for internal SwiftCache use only and should not be modified by operators 0 shared Section The shared section contains the configuration sections and keys that are shared across the cluster Shared configuration settings are copied to other SwiftCaches by the cluster synchronisation process local Section In contrast with the shared section the local section defines the configuration keys and sections that override thel shared cluster values and apply only to this SwiftCache appliance For example hostname is a configuration key specific to an appliance and may only appear within the bca section For more information on shared and local settings please refer to Cluster Settings in the SwiftCache GUI chapter in this manual 9 4 1 brightcloud The command brightcloud status reports on the current status of the Brightcloud module For more information on Brightcloud please refer to the Brightcloud Dynamic URL Classification ection in the Filtering chapter of this manual Confidential page 87 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI 9 4 2 cache The cache command allows the operator to determine if a particular object is known to the proxy and if so some information about the way it is stored and has been accessed It is also possible to remove objects from the cache manually if they specifically need to be made
88. eserved If the enable _x forwarded configuration key is enabled then the client s IP address is appended to thel X Forwarded For HTTP header if already present If the x Forwarded For header is not present it will be added using the client s IP address as the value 16 6 Return to Sender In some deployments a single SwiftCache may have two or more physical network interfaces connected to a single Layer 4 7 switch or load balancer In this scenario each network interface will have its own distinct IP address To the Layer 4 7 switch or load balancer it will appear that it is delivering connections to two separate web caches It is therefore important that SwiftCache replies to the load balancer via the same physical network Confidential page 128 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 16 Advanced Features interface as the original request If not the load balancer will drop return packets because the reply has returned via wrong interface 16 6 1 Enabling Return to Sender The return _to_ sender configuration key ensures that associated requests and replies use the same networki interface This has the added benefit of also supporting the scenario of a single SwiftCache being deployed withU each physical network interface connected to a different load balancer 16 7 IPv6 Support SwiftCache supports deployment on an IPv6 network All network configuration allows IPv4 and IPv6 addressi specificat
89. et Service Provider ISP Avoiding Asymmetric Routing 6 4 6 Reverse Proxy 6 5 Practical Deployment Considerations 6 5 1 Physical Connections 6 5 2 Pilot and Rollout 6 5 3 Sizing 6 5 4 Load Balancing Compatible Layer 4 7 Switches and Load Balancers Direct Connections from Load Balancers 7 SwiftCache User Interfaces 7 1 Overview 7 2 User Accounts 7 3 Configuration Daemon 7 4 Configuration Keys 7 4 1 Examples of Configuration Keys and Values 8 SwiftCache GUI 8 1 GUI Access 8 2 Logging In 8 2 1 SSL Warnings on GUI Login 8 3 Finding Help in the GUI 8 3 1 Contextual Help 8 4 Sections of the GUI 8 4 1 Home Tab Dashboard Alert Summary Performance Information Status Table 8 4 2 Status Tab Processes Query Cache TCP Stats NIC Stats Disk Stats System Info Cluster Log 8 4 3 Config Tab Changing Settings 8 4 4 Policies Tab 8 4 5 Filtering Status Test URL Brightcloud Global Lists 8 4 6 Reporting Interacting with Graphs Traffic Network Throughput Cache Throughput Request Rates Connection Stats Top 100 Top Sites Traffic Top Sites Requests Top Clients Traffic Top Clients Requests System Disk IO Disk Usage CPU Usage Memory Usage Performance Bandwidth Savings Hit Rates Cache Status Object Distribution Service Time Time To First Byte Confidential page 3 of 161 Table of Contents Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 Table of Contents SwiftS
90. face 17 4 3 Dashboard Confidential page 6 of 161 Table of Contents 119 119 119 120 120 120 121 121 121 121 121 122 122 122 122 123 124 125 126 126 126 127 127 127 127 127 128 128 128 128 128 128 129 129 129 129 130 130 130 130 131 131 131 131 132 132 132 132 133 133 133 133 134 134 134 134 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 17 4 4 Caches 17 4 5 Organisations 17 4 6 Reporting 17 4 7 System 17 4 8 Admin 18 Troubleshooting 18 1 Diagnostics 18 2 Support 19 Appendix A Log File Format Log File Format Log Status Log Info Filtering Info 20 Appendix C Configuration Key Reference Confidential page 7 of 161 Table of Contents 135 135 135 135 136 137 137 137 138 138 140 140 145 147 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 Table of Contents Confidential page 8 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 1 Copyright and Confidentiality 1 Copyright and Confidentiality 1 1 Copyright Statement Copyright SwiftServe Pte Ltd 2013 All rights reserved No part of this documentation may be reproduced in any form or by any means or be used to make any derivative work including translation transformation or adaptation without explicit written consent of SwiftServe Pte Ltd Registered address 8 Temasek Boulevard Suntec Tower 3 20 01 Singapore 0
91. files com 391 37 MB 245 41 MB 63 1 288 786 61 0 000 0 011 4shared com 408 51MB 254 73 MB 62 1 276 775 61 0 000 0 007 dropbox com 489 6 MB 309 77 MB 63 1 271 793 62 0 000 0 011 tvcom 414 08 MB 259 13 MB 63 1 248 720 58 0 000 0 010 uploading com 313 28 MB 208 61 MB 67 1 206 709 59 0 000 0 006 Export to csv Copyright SwiftServe 2013 The table shows the top 100 sites according to the number of requests for each This shows most popular sites accessed by clients Confidential page 64 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Top Clients Traffic O admin 9G swiftcache e Hostname test swiftserve com Cluster Status gb You have 3 Alerts that require attention oca Cluster r Top 100 clients by traffic 7 AvgTime Ay Traffic Traffic Hit Rate 7 Req Req Hit Rate g 8 dtl Total sd Cached bytes Total 3 Cached req Se bens CAE Traffic a i Byte s Time s am 112 78 33 1 i 64 i 7 60 01 Top 100 2 78 33 14 539 22 MB 344 5 MB 211 32 60 0 000 0 012 a 112 78 33 20 485 88 MB 298 18 MB 61 1 380 788 57 0 000 0 006 Top Sites Traffic 112 78 33 23 477 33MB 306 29 MB 64 1 540 899 58 0 000 0 010 Top Sites Requests 112 78 33 2 472 68 MB 291 43 MB 62 1 236 731 59 0 000 0 013 3 112 78 33 7 464 26 MB 273 02 MB 59 1 360 815 60 0 000 0 011 Top Clients Traffic 112 78 33 3 450 61MB 276 09 MB 61 1 270 771 61 0 000 0 005 Top Clients Reque
92. for more information about configuring policies 0 For example the load balancer will forward connections from the subnet 10 0 0 0 16 Confidential page 37 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios policy loadbalancer match client subnet 10 0 0 0 16 allow netscaler on Confidential page 38 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 7 SwiftCache User Interfaces 7 SwiftCache User Interfaces 7 1 Overview SwiftCache provides two different user interfaces for configuration and administration of the system 0 e aweb based graphical user interface GUI accessed via a web browser and e a command line interface CL accessed directly via a console login or serial port connection on the SwiftCache or remotely via a Secure Shell SSH login session Certain advanced configuration options are only available from the CLI Similarly some aspects of monitoring and reporting are only available from the GUI In addition to these methods of configuration an additional web service called SwiftSense is available This aggregates alerts and reporting information from SwiftCache appliances and offers extended capabilities for business reporting For more information on SwiftSense please see the SwiftSense chapter later in this manual By default SwiftCache s web GUI runs on port 8500 It is not encrypted initially but can be
93. ftCache Only HTTP traffic is routed to the cache so other traffic flows as it did before 0 PBR provides flexible fine grained control over the traffic to intercept It is straightforward to select a portion off users from the subscriber subnet to try out a new configuration before rolling out the changes to the entire subscriber base Confidential page 32 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios 6 4 3 Load Balancer in Bridge Mode Router Access Network Using a load balancer in bridge mode does not require any Policy Based Routing PBR The load balancer is placed between two routers The SwiftCache has its default route set to the router on the internet side of the load balancer Static route s to the access network are added to the other one Confidential page 33 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios 6 4 4 Load Balancer in Router Mode Load Balancer s SwiftCache Active Router vily OJO PIENIIN Policy Stand By Based Routing Access Network This is the most common SwiftCache deployment topology The routers have Policy Based Routing similar to the Out of Path topology In this case the client HTTP connections are sent to the load balancer For a high availability service multiple load balancers can be used Confidential page 34 of 161 Generated 15 03 2013 1
94. g File Format RENERR entity error 413 Before 2 3 RIDXD a valid cache object was found at the non gzip index Before 2 3 RIDXGZ a valid cache object was found at the gzip index for a client supporting gzip Before 2 3 RNGERR range error 416 Before 2 3 RWRT url rewritten due to a policy rule Before 2 3 SNC the server prohibits caching Before 2 3 SRCBP session count bypass mode enabled cache read operation ignored Before 2 3 SWCBP session count bypass mode enabled cache write operation ignored Before 2 3 TRSP transparent spoofing modell Before 2 3 WIDX32 write cache object from do32 Before 2 3 WIDXD write cache object at the non gzip default index Before 2 3 WIDXFGZ write cache object forced at gzip index The server is sending identity the client supports gzip We send Before 2 3 it as received and save it gzip at the gzip index WIDXGZ write cache object at gzip index The server is sending it gzipped we send save it as we receive it Before 2 3 WIDXMEM the object was saved in memory non persistent Before 2 3 WIDXUNK an unknown invalid writer model state it should never occur Before 2 3 BRERR bad request error we send a 400 response 2 3 DUPCHDR duplicate client headers entries found with different values that we cannot reliable handle 2 3 DUPSHDR duplicate server headers entries found with different values that we cannot reliable handle CL for 2 3 instance FORCEREL force_relay config option was evaluated to truel 2 3 HSTER we c
95. g elsewhere Confidential page 96 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 11 Monitoring 11 Monitoring This chapter discusses the different ways in which the SwiftCache appliance provides information on its current and previous status and performance and raise alerts in certain circumstances There are three different ways to retrieve monitoring information from a SwiftCache One or more options may be applicable in a deployment scenario depending on the relative ease of integrating each one with existing tools and practices Web Interface The Reporting tab of the SwiftCache GUI provides extensive information on the local and cluster performance and health Command The CLI provides a stats command that allows the low level performance of the local Line Interface machine to be analysed and also top 100 information SNMP All aspects of the appliance to be queried remotely from an existing network monitoring system 11 1 1 GUI Please refer to the SwiftCache GUI chapter in this manual for details of the information available on the Reporting tab 11 1 2 CLI Please refer to the SwiftCache CLI chapter in this manual for details of the information available from the stats and top100 commands 11 1 3 SNMP SwiftCache provides an extensive Management Information Base MIB that allows allows monitoring of all key statistics via SNMP please refer to Appendix B for details of the SwiftCache v2 x MIB
96. h of the other disks and Disks graphs of the disk utilisation percentage and wait times for each of the other disks Confidential page 69 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Disk Usage admin 9G swiftcache OO ean test swiftserve com Cluster Status g You have 3 Alerts that require attention Pe Disk Usage You can click and drag on the graph area to zoom in Cluster cachef1 4CSV Traffic Top 100 System Disk IO Disk Usage 0 10 20 30 40 50 60 70 80 90 100 CPU Usage Memory Usage Disk Usage Performance SwiftSense Copyright SwiftServe 2013 This bar chart indicates the percentage usage of each of the cache and fast disks Under normal appliance operating conditions the disk usage will intentionally be high the cache cleaning algorithms will maintain the disk usage at the cache max usage threshold set by default at 90 percent and new content will replace old Confidential page 70 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI CPU Usage G swiftcache admin IP 192 168 1 1 Hostname test swiftserve com Cluster Status b Local Cluster l Disk IO Disk Usage CPU Usage Memory Usage a ae 14 12 10 8 6 4 0 You have 3 Alerts that require attention daily weekly monthly yearly CPU Usage Last Hour
97. h percentile HTTP RTMP Level Throughput excludes TCP IP overhead min 433 Mbps max 619 Mbps mean 522 Mbps min 93 Mbps max 133 Mbps mean 110 Mbps min 0 Mbps max 0 Mbps mean 0 Mbps 95th percentile 721 Mbps sampling freq 20 sec Copyright SwiftServe 2013 The graphs show HTTP throughput excluding TCP IP overhead If RTMP is enabled graphs of RTMP throughput are also shown These graphs are particularly important for assessing the performance of SwiftCache Confidential page 60 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Request Rates admin 9G swiftcache pee Hostname test swiftserve com Cluster Status gb You have 3 Alerts that require attention Cluster HTTP HTTP RTMP RTMP HTTP Connection and Request Rate Last Hour Traffic You can click and drag on the graph area to zoom in es r 1 750 Network Throughput Cache Throughput 1 500 Request Rates Connection Stats 95th Percentile 1 000 N un Top 100 System AN EN O a TAN 500 Performance SwiftSense 11 30 11 40 11 50 12 00 12 10 12 20 HTTP Connections per Second HTTP Requests per Second onnections P requests including keep alive requests min 491 82 max 706 57 mean 588 59 min 617 82 max 1 497 03 mean 1 019 32 Copyright SwiftServe 2013 The graphs show the number of HTTP connections and requests per second If RTMP is
98. hapter of this manual for more information Confidential page 126 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 16 Advanced Features 16 Advanced Features 16 1 Overview This chapter describes advanced features and configuration settings and scenarios in which they should bel used 16 2 DNS Resolver SwiftCache has its own high performance caching DNS client which can be utilised to reduce the number of connections to DNS servers and improve performance When a client connects to a SwiftCache it is also important for the Swiftcache to carry out its own DNS lookup of the hostname and IP address for the connection If SwiftCache did not verify the hostname and IP address then a malicious client could poison the HTTP cache by making a false request for a HTTP object from a site under the control of the attacker For this reason it is very important and highly recommended that the always do dns setting is enabled The configuration keys related to the SwiftCache DNS client are U always_do_dns Always do a DNS lookup even if it could be avoided by trusting the client dns_servers The list of DNS nameservers to use dnscache_enabled Enables the local DNS cache dnscache size The maximum number of entries to be kept in the local DNS cache dnscache_resolve_ timeout The number of seconds after which a DNS resolve is considered to have failed For more information about configuration keys pl
99. he graphs show the number of simultaneous connections grouped by their connection state Keep Alive Established Client In Progress Server In Progress and Closed The number of simultaneous connections is one of the parameters utilised by the overload protection mechanism Top 100 This subsection shows tables of information on the top 100 sites and clients by amount of traffic and number of requests updated every five minutes This allows an operator to determine the most heavy users andi frequently accessed sites This information can then guide the operator when tuning the SwiftCache configurationU and policies for optimal performance Each table provides the following information Traffic Total Traffic Cached Hit Rate traffic Requests Total Confidential page 62 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Requests Cached Hit Rate requests Average Time To First Byte and Average Response Time The information can also be exported as a Comma Separated Values CSV file Confidential page 63 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Top Sites Requests admin 9G swiftcache pes Hostname test swiftserve com Cluster Status b Reporting You have 3 Alerts that require attention Daily Weekly Monthly Yearly Top 100 sites by requests Cluster Avg Ti Traffic Traffic HitRate Req
100. he request it replaces thel value If the parameter is not found SwiftCache appends the key and value The information below describes the settings that should be applied for Google and Bing Note that these configuration keys should be applied within appropriate policies that match the search request URL pattern 0 Google amp safe strict Please refer to http support google com websearch bin answer py answer 510 for more details of Google s Safe Search feature For example policy google safesearch match url regex http www google search append query params safe strict Bing adlt strict Please refer to http Awww bing com community site_blogs b search archive 2009 06 04 smart motion preview and safesearch aspx for more details of Microsoft Bing s SafeSearch feature An example for Bing is listed below policy bing safesearch match url regex http www bing com search q http www bing com search q append query params adlt strict Confidential page 120 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 15 Filtering 15 Filtering 15 1 Overview SwiftCache provides a number of mechanisms for filtering e global black and white Lists e Brightcloud Dynamic URL Classification and0 e filter policy black and white Lists 0 These can be used individually or in combination Filters are applied in a strict order As soon as a filter isU matche
101. he url was encountered 2 4 7 INVPURGE Cache object was purged due to config purge_older_than option 0 2 4 7 INVPDD Sparse cache object was deleted because partial download is disabled 2 4 7 INVCCRERR Cache item was invalidated because of exception during reader creation 2 4 7 INVRFRMD Cache item was invalidated because of changed response metadata refresh metadata miss 2 4 7 INVRFR Cache item was invalidated because of refresh miss 2 4 7 NOCS32 Cache item was ignored due to missing C32 checksum 2 4 7 INTR the connection closed before we could complete the transfer Before 2 3 KA the connection with the client was kept alive Before 2 3 NCERR not cached error 504 Before 2 3 NODNS the original endpoint is used no dns lookup is performed Before 2 3 NFDS no available file descriptors when connecting to servert 2 4 64 NPRT no available local ports when connecting to server 2 4 64 NP the server doesn t support partial content used with a range request Before 2 3 NSCO Netscaler type connection request direct connection relative url Before 2 3 QSR queue size exception for async io the disk load is too high cache object lookup aborted Before 2 3 QSW queue size exception for async io the disk load is too high cache object creation aborted Before 2 3 RDCT redirect 302 response Before 2 3 RELAY we switched to rely mode Before 2 3 Confidential page 142 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 19 Appendix A Lo
102. his is because each node will be unavailable for a brief period of time while the upgrade takes place When the upgrade is complete the operator can verify when it was updated with the command upgrade log Note that this command only shows the upgrade history for the local machine 13 4 2 Failures During Upgrade If the upgrade of an individual machine fails no further upgrade action will be taken and the operator will have to intervene manually When the issue has been resolved the upgrade can be continued with automated upgrades by relaunching the process If any machine has already been upgraded then there will be no further interruption of service on that machine It is recommended that to test correct operation of a SwiftCache cluster once an upgrade is complete If a problem has occurs with the upgrade it is possible to downgrade the cluster to a previous Known good SwiftCache release 13 4 3 Deleting Old Software Versions To delete old versions from the list of available software for the cluster issue the command upgrade delete version lt old version gt to remove the lt old version gt It is recommended that operators do not delete old software versions until after verifying the successful upgrade and correct operation of the SwiftCache cluster 13 4 4 Important Warnings When upgrading between SwiftCache software versions obsolete configuration keys are deleted from the live settings This may also occur when downg
103. ic routing To avoid asymmetric routing the SwiftCache can be configured to disable IP spoofing specifically when being used with local CDN servers This means that the SwiftCache falls back to a semi transparent mode of operation Confidential page 35 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios just for the sites served by the local CDN servers This preserves the routing symmetry To disable IP spoofing just for local CDN servers a policy should be created that matches on the CDN server s IPO address es Please see the Policy section later in this manual for more information about configuring policies For example if the local CDN servers are deployed in the netblock 10 0 0 0 24 policy local_ CDN match server subnet 10 0 0 0 24 ij SONOS Poni 6 4 6 Reverse Proxy Router SwiftCache Web Server s SwiftCache can be deployed in a reverse proxy arrangement in order to handle large traffic loads on behalf of the origin servers This might be for use internally within an office intranet or with public facing servers on thel Internet Offloading the traffic throughput to SwiftCache in this manner means that the origin servers can be lighter inU hardware specification reduced in number or even replaced with consolidated virtual machines 0 6 5 Practical Deployment Considerations 6 5 1 Physical Connections The SwiftCache appliance may require
104. iftcache gt show filter yourfiltername filter yourfiltername brightcloud_list 01 02 03 default deny off static_redirect_url http www example com redirect whitelist refresh 0 whitelist _url http www example com bypass 1lst Note that the section name is prefixed with filter to show what type of configuration section is being displayed interface Sections Each physical or virtual network interface on the SwiftCache has its own interface section in the configuration 0 Each named interface section contains the settings for that interface Confidential page 86 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI yourswiftcache gt show interface eth0 interface eth0 autoneg off dhcp yes duplex full enabled on policy Sections Similarly each policy has its own policy section in the configuration 0 yourswiftcache gt show policy dailymotion 1 policy dailymotion 1 match url regex http dailymotion com lt id gt video d d d 3amp cache always on cache index dailymotion com id cache ttl 608400 pversion 2 up policy dailymotion 1 upstream_policy Sections upstream_policy sections look similar to policy sections but are created from different sources upstream_policy sections are created by SwiftCache after being downloaded automatically from SwiftSense policy sections contain polici
105. imit per client IP address default setting set ratelimit type connection Apply rate limit per client connection set ratelimit 300 Limits the download rate for each client to 300 kilobits per second kbps set ratelimit_burst 2000 Starts to limit the rate of downloads after 2000 kilobytes kB of data have been transferred Note that if limiting by connection then this may permit end users to use download managers to exceed their quota Confidential page 132 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 17 SwiftSense 17 SwiftSense 17 1 Overview SwiftSense is a cloud service for SwiftCache that analyses live traffic to optimise performance and providell business reporting tools It also provides a way to fine tune caching policies across the entire network to ensure that the maximum caching efficiency is being achieved When enabled SwiftSense collects anonymised summary statistics from each SwiftCache to identify which sites are popular The service then suggests new policies that will improve the caching behaviour of SwiftCache SwiftSense uses intelligent analysis to ensure that the policy it creates is relevant to that individual cache rather than wasting resources on processing policies that will not generate bandwidth savings Updated policies are downloaded by each SwiftCache periodically and are available for review by the operator The new rules are not applied automatically
106. incomplete cached objects Before 2 3 TCP_PARTIAL_MISS partial cache file was found but requested range is not yet cached 2 3 10 TCP_REFRESH_HIT cached content revalidated and served from cache Before 2 3 TCP_REFRESH_MISS our cache was no longer valid the content has been retrieved again from the server Before 2 3 TCP_REFRESH_MISS_METADATA server sent 304 on our cached content but metadata has changed and cache is Before 2 3 invalidated TCP_RNC_MISS revalidate aborted due to config rules Before 2 3 TCP_SBP_MISS overload protection cache bypass Before 2 3 TCP_SNC_MISS server headers prevented caching Before 2 3 Log Info Confidential page 140 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 19 Appendix A Log File Format Flag Description igre since ALCON using an existing server connection Before 2 3 BLCK blocked connection due to a policy rule Before 2 3 BLCKAUTH blocked by authd Before 2 3 BLCKEX blocked explicit connection As of 2 4 5 BLCKNS blocked Netscaler connection As of 2 4 5 BLCKFT fetch session blocked due to a policy rule Before 2 3 C32 partial content hashing was used Before 2 3 CALL the request hit a cache_always rule Before 2 3 CD Complete_download option was specified client connection was interrupted but download wasi Before 2 3 completed to cache CHNK the response is chunked encoded Before 2 3 Cl cache index cache_index config optionO Before 2 3 CL the response has a Content Length header B
107. ion The SwiftCache DNS client supports A and AAAA records In explicit mode SwiftCache can act as an IPv6 to IPv4 gateway However in transparent mode where SwiftCache is spoofing the client s IP address SwiftCache cannot provide this IPv6 to IPv4 gateway function 16 8 Overload Protection admin v 9G swiftcache Try Hostname test swiftserve com Cluster Status Config You have 3 Alerts that require attention Basic Configuration Overload Protection ny n Connection Count Level for Advanced Configuration 20000 amp a Relay Mode CPU Usage Level for Relay General 95 Mode amp Passwords Connection Count Level for 10000 amp Bypass Mode License CPUU for sage Level for Bypass 85 a SwiftSense Mode Overload Protection System Update Reset SSL Proxy Cache Limits Copyright SwiftServe 2013 There are two levels of overload protection in SwiftCache Bypass and Relay modes These are configured in thel GUI on the Overload Protection part of the Advanced Configuration Subsection on the Configltab When the configured thresholds are reached then the overload protection modes will be activated until the loadU decreases again 16 8 1 Bypass Mode Bypass Mode limits the most resource intensive aspect of the cache engine disk access Confidential page 129 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 16 Advanced Features Activation of Bypass Mo
108. ion of the Policies tab Confidential page 114 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 14 Policies admin 9G swiftcache TARIN Hostname test swiftserve com Cluster Status 5 Status Config Policies Filtering Reporting You have 3 Alerts that require attention SwiftSense Policies are predefined but not enabled by default sets of rules that change proxy s behavior by SwiftSense Policies ary s n overriding the default settings based on different conditions Custom Policies Search Version Hit Count or Installed Name Description Action installed latest local cluster BB x 2shared_download 1 Apply E B cache_index to downloads from 2shared e 4shared_audio 2 2 Apply D B cache_index to downloads from 4shared_audio Apply BB cache_index to e 4shared_download N N downloads from ssnadu match url regex http dc d 4shared com download cache_always on cache_delay 1 cache_ignore_cnc on cache_partial_chunk_size 102400 cache_partial_download on cache_ttl 8064800 content_hash yes disable_gzip_encoding on disable_gzip_rebuild on 4shared_img 171 Apply BB cache_index to images files from 4shared 4 4shared_video 2 2 Apply BD B cache_index to In the example above the fileservelpolicy has been expanded to allow an operator to review its details and determine whether to install it It is possible to install ind
109. ior by ea overriding the default settings based on different conditions Custom Policies Search Version Hit Count ae gt Installed Name ares Description Action installed latest local cluster BB x 2shared_download 1 Apply D B cache_index to downloads from 2shared e 4shared_audio 2 2 Apply B B cache_index to downloads from 4shared_audio e 4shared_download 2 2 Apply BD B cache_index to downloads from 4shared A 4shared_img 11 Apply D B cache_index to images files from 4shared e 4shared_video 2 2 Apply D B cache_index to video files from 4shared x apple 1 Apply cache index BB to downloads from apple com e avast 1 1 Apply D B cache_index to downloads from avast com e avg 171 Apply BD B cache_index to downloads from avg com e aviraupdate 171 Apply D B cache_index on avira updates e bitshare 171 Apply EJ B cache_index to downloads from bitshare com A dailymotion_1 1 1 Apply D B cache_index to video files from DailyMotion e dailymotion_seek 171 Apply E B cache_index to video files from DailyMotion when it is a seek Confidential page 55 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 4 dmcdn e duckload I ea e excluded_1 A excluded_2 e extabit Ge fbcdn_static e filedude Showing 1 to 20 of 89 entries Copyright SwiftServe 2013 The Policies tab is used to manage the configuration of policies within SwiftCache SwiftCache use
110. is stopped RTMP Intercepter RTMP Intercept is disabled Log System Reboot Shutdown Copyright SwiftServe 2013 The Processes subsection shows information the about the various proxy processes or daemons There are several processes that provide different services and capabilities on a SwiftCache appliance Proxy The main SwiftCache proxy process that handles HTTP traffic Intercepter Intercepts HTTP traffic on port 80 and passes it to the SwiftCache proxy process Task Manager Handles log rotation and other admin processes Alerts Reporter Handles creation and sending of alerts SNMP Agent Provides SNMP information to external monitoring systems RTMP Proxy SwiftCache RTMP proxy process for handling RTMP traffic RTMP Intercepter Intercepts RTMP traffic on port 1935 and passes it to the RTMP proxy process 0 The table shows current status of each daemon and provides buttons to start stop or restart each process individually The RTMP Proxy and Interpreter processes will be shown greyed out if the RTMP option is not enabled in the current license key Confidential page 45 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Underneath there are buttons to reboot and shutdown the appliance Care should be taken to avoid causing any disruption to client connections to the SwiftCache appliance Remove traffic from the SwiftCache before stopping any process
111. is would be if the operator wanted to extend the expiry time on objects stored for a specific site While this customisation could increase the cache efficiency it also increases the chance of serving stale content Where operators choose to override the behaviour for a specific site it is always recommended that these local policies are based on the most recent master policy if one exists This will ensure that the local policy stays up to date with any improvements that are made via the master policy Custom policies are defined to optimise caching of traffic in specific scenarios not covered by SwiftSensell policies They are also needed to apply filter policiesUor filter sets 14 4 1 Filter Policies It is necessary to create a custom policy to apply a filter policy The minimum configuration is a hatch rule see below Then one or more filter policies can be selected by changing the Hilter Set Names parameter This is achieved by clicking on the words n filters configurediiand selecting the desired filters This collection of filter policies is known as the filter sett Confidential page 116 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 14 Policies See the Filtering chapter of this document for more information 14 4 2 Ordering of Policies SwiftCache evaluates all policies against every request When a policy matches it applies the settings from that policy Where multiple policies match
112. ividual policies or all policies The following columns are shown in this view Confidential page 115 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 14 Policies Installed An coloured icon indicates the current status of the policy e Red Policy is not installed disabled e Green Policy is installed enabled e Blue Policy has been edited locally the local policy takes precedence Name Unique name for this policy Version The version numbers of the policy currently installed and latest version of the policy installed latest downloaded from SwiftSense Updates are not applied to enabled policies until the operator chooses to Hit Count The number of times a policy has been utilised Description Textual description of the policy Action Available options that the operator may take against that policy e Show Hide Toggle the display of the policy definition 0 e Edit Customise installed policy by creating a local copy e nstall Uninstall Enable or disable the policy 14 3 2 Recommendations It is always recommended that SwiftSense policy updates are applied immediately to ensure that optimal caching performance is maintained Policy updates are tested rigorously against live traffic before being released The default behaviour of SwiftSense policies will be suitable for normal operation However there are situations when an operator may choose to alter the policy behaviour Th
113. l for sites that deliver video content While an end user may only request part of the video file U ignore range allows the entire object to be cached potentially improving hit rate 14 4 5 Video Seek The Video Seek section of the policy settings allows video content to be cached more efficiently when the clientU does not support the range header Some video clients do not support the range header When fast forwarding through a video the client will issue a request that will contain either a time or byte offset to refer to the point in the video to be played back Without Video Seek SwiftCache would not be able to respond to these kinds of requests as the URL would not be understood Video Seek supports a number of popular video sites Confidential page 119 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 14 Policies 14 4 6 Safe Search SwiftCache supports the option to enforce the Safe Search modes offered by the leading search providers Google and Bing These modes are provided by the search engines to allow adult content to be filtered fromU search results When using Safe Search SwiftCache will override the settings that are specified in the client request and apply the configured level of filtering 0 Safe Search is implemented through the append query params configuration key This looks for query stringl parameters in the request If the specified query string parameter already exists in t
114. le disable config apply caching optimisation for policy matching Override server s Cache Control HTTP Header with this value Cache database pathname Size of the cache database in entries each entry 8 bytes 0 autosize 1 disabled Sets how many times we need to have an object requested before we cache it The read error codes The rate of errors sec when the disk is considered damaged 0 disables the checks List of cache disk mount points Cache efficiency byte hit rate alert threshold 0 Maximum size of object to store in the fast disk cache If set ignore client no cache headers e g reload Set the cache index Invalidate cache item if a GET request for this item has body Max of cache disk to use The model used for RAM cache index or mru Maximum size of object to store in the RAM cache Maximum number of objects to store in the RAM cache If set never cache the file The delay in milliseconds between two disks operations performed by the Generated 15 03 2013 12 49 cache_partial_checksum_start cache_partial_chunk_size cache_partial_download cache_post cache_ttl cache_x_headers chassis_fan_speed_threshold cluster cluster_sync_fail_threshold complete_download complete_download_min_count complete_download_threshold compute_c32_sum connect_retry_attempts content_hash cpu_fan_speed_threshold cpu_temp_threshold cpu_usage_threshold debuglevel default_deny default_ttl
115. lick and drag on the graph area to zoom in 175 150 125 v E gt w 100 E d p 75 a gt lt q 50 a A aA A as A na af aA a an amaha Confidential page 68 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI VY Wan ry SOV Ven AV YY 11 30 11 40 11 50 12 00 12 10 12 20 Fast Disks Cache Disks Other Disks min 2 36ms max 3 40ms mean 2 86ms min 112 46ms max 161 79ms mean 134 99ms min 35 37ms max 46 12ms mean 40 38ms Copyright SwiftServe 2013 The Disk IO page displays the number of read and write operations that the SwiftCache appliance is currently handling On most systems it is expected to see a higher number of disk writes than disk reads especially on fresh installs where the disks are not yet full Further information is provided under sub tabs as interactive graphs Combined Shows graphs of the disk utilisation percentage and wait times for each of the disk types Cache Shows graphs of the read and write transactions per second for each of the cache disks and Disks graphs of the disk utilisation percentage and wait times for each of the cache disks Fast Disks Shows graphs of the read and write transactions per second for each of the fast disks Solid State Disks or SSDs and graphs of the disk utilisation percentage and wait times for each of the fast disks SSDs Other Shows graphs of the read and write transactions per second for eac
116. list password int bool string bool bool bool string bool bool bool string page 159 of 161 20 Appendix C Configuration Key Reference stomp server address com queue_name The username used to connect to the apachemq The CA bundle to be used for server certs verification If empty the openssslU default one will be used If set then on disk storage of generated SSL certificates will be enabled this setting defines the cert storage dir If not set then certificates will be cached inU memory only The maximum number of SSL certificates we cache in memory If not empty should contain the path to an existing certificate key file to bell used instead of the generated ones URL to redirect end users to if a URL in the static filter list is matchedU List of IP addresses in super cluster Secret used for internal communication in the super cluster Must be the same on all machines in the super cluster Swap usage alert threshold Enable SwiftSense alerts report feature This will send all new alerts to SwiftSense and you ll be able to have better knowledge of what s wrong with you caches Enable sending current config to SwiftSense This allows to view config values policies for the cache in SwiftSense Enable Policy Center feature Enable license keys update Swiftsense policies set Enable Policy Center policy update feature This will ensure that you have latest versions of site specific
117. m Reboot Shutdown Copyright SwiftServe 2013 The core SwiftCache daemons will start automatically when the system is powered on It is possible to view and control the current state of the individual processes through the Processes subsection of the Status tab in the GUI Processes may be started stopped and restarted To reboot or shut down and power off the SwiftCache appliance click on the Reboot or Shutdown button Care should be taken not to shut down the system inadvertently or when there is nobody physically present to power up the appliance again 3 6 Confirming OperationO It is possible to quickly validate that a SwiftCache is active and serving traffic by looking at the Hlome tab in the GUI To begin with it would expected to see some network throughput blue line on the graph Once the appliance has been operating for some time there would be some bandwidth savings red line also After several days normal usage it would expected that the red line would be above the blue line Confidential page 22 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 4 SwiftCache Concepts 4 SwiftCache Concepts 4 1 HTTP Caching A HTTP cache or web proxy such as SwiftCache connects to web servers origin servers because they hold the original content and retrieves items or objects on behalf of end users client systems such as a web browser When possible the cache will store a copy of the object l
118. m 1 to 5 default 2 3 4 1 Debug Level SwiftCache provides a configurable diagnostic level to control the level of detail that is written to the error log 0 e Level 1 Errors E e Level 2 Warnings W e Level 3 Information I e Level 4 Debug D e Level 5 Trace T These levels are cumulative for example Level 2 will contain both errors and warnings Note that it is not recommended that the diagnostic level is increased beyond Level 3 for more than a short period This is due to the very large volume of log lines that will be generated especially on a heavily loaded SwiftCache 3 4 2 Log Rotation SwiftCache archives log files according to their size age or at a set time according to a schedule Archived logl files are rotated and compressed to reduce the amount of disk space utilised 0 Log Trigger to rotate and compress log files Three triggers are supported when a log reaches al Rotation certain size periodic rotation after X hours or scheduled rotation at the same time every day Type Log Maximum size in MB of an individual log file after which it should be rotated This setting isU Rotation only applied if Rotate when log reaches Log Rotation Size is selected Max Size Log Maximum age of a log file in hours This setting is only applied if Periodic rotation is selected Rotation Period Log Time at which log files should be rotated This setting is only applied if Scheduled rotation is Rotation selected
119. mount points for some content Leave this blank if all the cache disks Cache have the same speed Disks Cache Disk utilisation threshold When usage on any individual disk reaches this threshold the cache Disk cleaning process is triggered to bring usage below the threshold by removing old objects from the Usage cache 3 3 3 License Settings A SwiftCache license key is time limited and may only be used with its intended appliance A license key cannot be transferred from one SwiftCache to another Without a valid license key the SwiftCache proxy software will not start The license key will usually have been set by the vendor before dispatch You can confirm this by looking at thel License subsection of the Configitab under Advanced ConfigurationU If a SwiftCache appliance or its hardware components are replaced a new license key will be required in place of the old key In this situation it may be necessary to send the license information of your old key to your vendor in order to regenerate the key To apply a new license key click on the Edit button on the right hand side then enter the new key before clicking on Save This will write the license key to the usr local cache license key file on the SwiftCache U Confidential page 16 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide Confidential page 17 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick
120. n stop Stop the process if started Confidential page 90 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI The following example uses tab completion pressing Tab twice first to list the possible process names thenU the command actions yourswiftcache gt process alertd proxy rtmp_ proxy taskmgr intercept rtmp_ intercept snmpagentd yourswiftcache gt process taskmgr reload restart start status stop yourswiftcache gt process taskmgr status Eas kmarin pa 297 5 sis seiainitiney 6 Care should be taken to avoid causing any disruption to client connections to the SwiftCache appliance Remove traffic from the SwiftCache before stopping any processes 9 4 10 raid show The raid command takes a single action show and displays the RAID configuration of the SwiftCachel appliance s storage media The available parameters are controllers volumes and disks For example yourswiftcache gt raid show controllers 9 4 11 reboot and shutdown The reboot command will restart the SwiftCache appliance The shutdown command will shut down and power off the SwiftCache appliance Care should be taken to avoid causing any disruption to client connections to the SwiftCache appliance Remove traffic from the SwiftCache before initiating an appliance reboot or shutdown 9 4 12 shell SwiftCache is built upon a Linux base operating system The shell command allows the operator to initiate
121. n ICC described later in this chapter 13 2 Cluster Configuration SwiftCache includes sophisticated tools to manage cluster configuration and synchronisation ConfigurationU changes can be propagated across an entire cluster with a single action It is also possible to review the configuration across all members Bodes of the cluster to identify anomalous configuration and quickly reconcileU those differences The majority of configuration changes can be made without requiring any system downtime or the need tol remove traffic from the cluster Only low level changes such as modifying network settings may require a restartl and therefore should be scheduled during a maintenance window Configuration management is also resilient to node failures For example configuration changes may have been made to the cluster while a node was powered off or uncontactable SwiftCache compares the configuration ofl all machines in the cluster and uses an intelligent voting mechanism based on age and popularity to determine the optimal configuration to be applied to nodes rejoining the cluster For more information please refer to the Cluster Settings section in the SwiftServe GUI chapter 13 2 1 Adding a New Appliance to a Cluster A common operation task is adding a new SwiftCache to an existing cluster This will clone the shared configuration from that cluster to the new appliance The new appliance then remains synchronised with any
122. n 1MB Ghunks SwiftCache remembers which chunks have been seen before so only when a new chunk is seen will it be written to disk If a download is stopped part way through a chunk then none of that data will be written to disk The size of each chunk can be configured by the cache partial chunk size key complete_download Confidential page 118 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 14 Policies Allows a SwiftCache to carry on a download when a client terminates the download part way through complete_download is a feature whereby if a client starts a download and then stops the download before it has completed the SwiftCache can carry on the download session so that the entire item can be cached It can be configured with the keys Gomplete_download which enables and disables the feature complete_download_min_count which specifies how many times we need to see an object before we completel the download and cache it and complete_download_threshold which specifies what percentage of the object needs to be downloaded before the download is completed cache_async_fetch Allows a Swiftcache to cache content that would normally not be fully downloaded because of the use of range headers If cache async fetch is enabled it operates on connections that fulfil two criteria U e the client has sent a range request and e the object requested is not in the cache SwiftCache will then
123. n and the network statistics for the last twenty four hours Confidential page 41 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI admin 9G swiftcache was test swiftserve com Cluster Status Home Status Config Policies You have 3 Alerts that require attention Local Cluster CPU Usage Byte Hitrate Disks Utilisation Network Throughput vs Bandwidth Savings Last Day You can click and drag on the graph area to zoom in 1000 We A anu Ve c a 500 ernie 250 0 5 Mar 15 00 5 Mar 18 00 5 Mar 21 00 6 Mar 6 Mar 03 00 6 Mar 06 00 6 Mar 09 00 6 Mar 12 Network Throughput Bandwidth Savings RTMP HTTP Prox Era Request Projected Proxy IP Address Hostname y Req sec Connections i Pa 4 z Software Proxy Intercept Throughput Usage Rote Hit Rate Capacity Running Stopped Active 176 9 244 238 apollo20a test swiftserve com 578 7 Mbps 2 138 22 264 13 77 8 93 0 1 009 5 Version Mbps test build 12894ab Copyright SwiftServe 2013 8 2 1 SSL Warnings on GUI Login If the GUI is configured to use SSL the web browser may display a warning about the site s security certificate 0 This is because SwiftCache uses a self signed SSL certificate A self signed certificate still allows thel connection to the GUI to be encrypted securely however it has not been signed by a certificate authority recognised by the web browser In this s
124. nfigured for each severity of alert 0 Confidential page 103 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 12 Performance Tuning 12 Performance Tuning One of the key challenges for any web caching solution is ensuring that it is operating at maximum efficiency 0 This is especially difficult when caching Internet traffic This is because the exact load on each cache will bel very specific to the traffic pattern that the SwiftCache experiences By default SwiftCache uses a general purpose performance configuration that will cope with the majority off deployments However it may be possible to improve the performance of SwiftCache further by tuning the configuration for the specific traffic load profile 0 To maximise performance it is necessary to understand the main factors affecting SwiftCache performance The three key resources that SwiftCache relies upon are CPU memory and disk IO The rate at which these resources are consumed will vary based on the traffic load that the SwiftCachel appliance experiences In many cases the maximum traffic load that can be achieved in any individual deployment will depend upon all the following factors 12 1 1 Request Rate Request rate is one of the more reliable indicators of load on a cache For a given traffic mix it is reasonable toll assume that the CPU utilisation will vary linearly with request rate For example if the average CPU utilisation across all
125. ng You have 3 Alerts that require attention Pa daily weekly monthly yearly oca Cluster Lcsv Cache Status You can click and drag on the graph area to zoom ir Other Traffic TCP_REFRESH_MISS_METADATA __ TCP_SNC_MISS TCP_PARTIAL_HIT st TCP_PARTIAL_MISS TCP_ICC_HIT Performance TCP_MISS TCP_REFRESH_MISS Bandwidth Savings TCP_REFRESH_HIT Hit Rates TCP_ICC_MISS rae TCP_CNC_MISS Top 100 Object Distribution xN TCP_HIT Service Time Time To First Byte a eee Status Value Percentage Chart color TCP_HIT 8 44 GB 68 2 E TCP_CNC_MISS 531 71 MB 4 2 _ TCP_ICC_MISS 462 86 MB 3 7 TCP_REFRESH_HIT 455 72 MB 3 6 E TCP_REFRESH_MISS 427 83 MB 3 4 a TCP_MISS 403 69 MB 3 2 ik TCP_ICC_HIT 393 67 MB 3 1 B TCP_PARTIAL_MISS 381 38 MB 3 0 _ TCP_PARTIAL_HIT 341 26 MB 2 7 ei TCP_SNC_MISS 318 38 MB 2 5 TCP_REFRESH_MISS_METADATA 315 79 MB 2 5 _ All values less than 2 was grouped to Other section on chart Copyright SwiftServe 2013 This pie chart shows the relative proportions of different cache response codes for the client requests This highlights the relative performance of the cache since the objective is to have as large a portion as possible of TCP_HIT and TCP_PARTIAL REFRESH_HIT responses Underneath there is a table of the corresponding raw data showing the amount of data transferred for each response code and the percentage of the total bytes Confiden
126. ng by connection is enabled Filtering bypass enabled due to cookie in the request Error decoding filtering bypass cookiell Seek request with seek_type range was served from cache see 5107 cache hit was served from expired object because of cache_async_refresh on async fetch operation has been started to retrieve and store the full object or refresh the object in case of cache_async_refresh on async fetch operation has been started to retrieve and store the range extended to have only full partial chunks ICC request from other cache from cluster ICC peer cache hit ICC peer cache miss A local cache object found which is bound to another ICC node initiated a move operation page 144 of 161 19 Appendix A Log File Format 2 3 2 3 2 3 2 3 2 3 2 3 2 3 2 3 2 3 9 2 3 10 Before 2 3 2 3 10 2 3 10 2 3 7 2 3 7 2 4 1 2ra 2 3 11 2 3 11 2 2 6 Before 2 3 Before 2 3 2 4 1 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 19 Appendix A Log File Format ICS Seen a request which is bound to another ICC node notified the other node 2 4 1 TOCS Timeout while receiving the start of request will appear only if we don t try to relay 2 3 11 2 4 1 TORC Timeout during a client read operation 2 3 11 2 4 1 TORS Timeout during a server read operation 2 3 11 2 4 1 TOWC Timeout during a client write operation 2 3 11 2 4 1 TOWS Timeout during a server write op
127. ng round for top100_maxtries int Max count of parsing rounds to do for one parsing attempt top100_min_entries int Min number of records to keep in stats frame during stats trimming top100_min_percentage int Min percentage of traffic to trim stats record to top100_parse_failure_alert_threshold int rO 100 top100_video_regexes string Comma separated list of video url patterns in format domain regex regex should contain a capture named id matching video ID Example youtube com watch amp v P lt id gt amp amp tproxy_mode bool Enable disable tproxy compatible mode trust_x_forwarded bool Trust x forwarded for headers in request url string Rewrite request URL url_prefix_optimisationU bool Enable disable URL prefix optimisation for policy matchingU user string User that proxy runs as whitelist_location string URL to download bypass URL list from whitelist_refresh int List refresh period Use 0 to disable auto refresh list loaded on proxy start only Confidential page 161 of 161 Generated 15 03 2013 12 49
128. no local settings configured and so will use the shared settings by default When a SwiftCache is part of a cluster and a shared setting is changed on one node then that setting will be automatically changed to the same value on every SwiftCache node within that cluster If any local settings are configured on individual appliances then these will continue to take precedence over the new shared setting U To make it easy to tell if a configuration key is shared in a cluster or is local to the appliance each configurationU item that can be shared has an icon next to it showing whether it is shared or local A shared configuration key is denoted by an icon showing a server with a small chain link A local configuration0 key is denoted by a server icon with no chain link By default an appliance operating by itself i e there is only one appliance will show the shared setting icon 8 5 2 Example Proxy Port 8080 a IP Spoofing oO amp Allow Explicit go z Trust X Forwarded o amp Update Reset In the example above the Proxy Port option is using a local configuration setting while the other options IP Confidential page 81 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Spoofing Allow Explicit and Trust X Forwarded are all shared Clicking on the shared local icon brings up a dialog that allows the operator to edit the shared and local settings It is necessary to delete a
129. nowledged alerts within the alert bar visible on all tabs admin Gswiftcache A IP 192 168 1 1 test swiftserve com Cluster Status Home Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention Clicking on this alert bar expands the summary of the outstanding alerts admin v 9G swiftcache sen test swiftserve com Cluster Status Home Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention Alert Count Severity Actions Help system disk util 370 a proxy alerts action 467 A general swiftsense communication_failed 235 A Showing alerts for the last 7 days 11 2 2 Alert Workflow0 When new alerts are raised they may optionally trigger a notification New alerts are also added to the count of unacknowledged alerts in the header bar Alerts will remain in an unacknowledged state until an operator manually acknowledges the alert Acknowledging an alert removes it from the alert bar and the Alerts tab in the GUI Acknowledged alerts are hidden by default but can be viewed by changing the settings on the alert page An operator may acknowledge an alert directly from the alert bar or act upon it by going to the Alerts tab in the main navigation bar To acknowledge all occurrences of an alert an operator can click on the green tick in the Actions column Confidential page 98 of 161 Generated 15 03 2013 12 49
130. ocally so that if the same or other clients request the object again the cache will be able to return it to the clients without having to request the object again from the origin server Caching items will improve the user experience as it typically speeds up the delivery of the item This benefit isO particularly apparent when the cache is close to the end user and the origin server is distant This is because the client request only has to travel to the cache and back not all the way to and from the origin server For the content provider running the origin server caches will also reduce the external bandwidth used because fewer requests have to come to the origin server Over time a cache will build up a local copy of the most frequently accessed content allowing the majority of requests to be accelerated The cache checks objects periodically for freshness and expires removes old ones from the cache Should the item then be requested again the cache will retrieve a fresh copy from the origin server again Sometimes the client or origin server may specify an object as uncacheable however policies defined on the cache can override this behaviour if desired 4 2 Hits and Misses A cache hit happens when a client requests an object already stored by the cache it can be served from the cache without requiring it to be retrieved from the origin server A cache miss occurs when a client requests an object which is not already stored by the
131. of a clustered SwiftCache deployment as it enables the solution to scale to very large volumes of traffic The load balancer is responsible for directing requests across the SwiftCachel cluster to keep the workload evenly distributed across all nodes An intelligent Layer 4 7 switch or load balancer will use an efficient hashing algorithm to ensure that clientU requests for same item are sent back to the same SwiftCache this is important for maximum throughput Most load balancers will also employ application health monitors to ensure that the SwiftCache service is up and available to respond to requests This is essential for a large SwiftCache deployment where a fully transparent mode of operation is required Compatible Layer 4 7 Switches and Load Balancers SwiftCache is compatible with any network switch but has been tested with the following devices e Citrix Netscaler e Cisco ACE e F5LTM e A10 e Brocade ADX Direct Connections from Load Balancers Some load balancers such as the Citrix Netscaler create a direct connection to the SwiftCache on the proxy port With load balancers of this type it is necessary to create a specific policy on SwiftCache to allow thel direct connection from the load balancer In most deployment scenarios direct connections from clients are disabled as it is not desirable for the SwiftCache to operate as an explicit proxy A sample policy is shown below See the Policies chapter later in this manual
132. ommon Scenarios 6 2 1 Forward Proxy A common deployment scenario is where SwiftCache is deployed to reduce the amount of traffic travelling from within an provider s network to the Internet This in turn would reduce bandwidth costs and potentially improve performance on congested network links In this scenario SwiftCache can be positioned at the network edge border or core for use by clients within the network for example with a separate SwiftCache cluster at each network gateway This is sometimes referred to as a forward proxy 6 2 2 Reverse Proxy It may also be important to reduce the amount of traffic entering an organisation s network This may be whenU clients outside of the organisation s network are requesting the same content repeatedly from origin servers within the network In this scenario it is recommended to deploy SwiftCache in multiple locations These are usually at the edge of the core network or even in the metro network SwiftCache will respond to client requests on behalf of the origin servers This is sometimes referred to as a reverse proxy 6 2 3 Important Considerations Irrespective of where SwiftCache is positioned within a network the most important considerations for any SwiftCache deployment are to ensure that it is resilient to failure and that network traffic is routed symmetricallyH through it 6 3 Modes of Operation When deploying SwiftCache into a network it is important to first c
133. on RAM Displays free and total memory This can be used to determine if there is any abnormality in the memory usage of the appliance CPU Displays the CPU load and process table for the appliance This can be used to check the overall load of the appliance and to see if any individual process has malfunctioned note that it is normal for the proxy process to consume the majority of the CPU under high load conditions Cluster Basic Configuration Logging Cluster Super Cluster TCP Disks RTMP Network Backups Cluster In a cluster 176 9 244 238 Leave Cluster Status Host HTTP Throughput Req sec Connections 176 9 244 238 571 08Mbps 871 6 8 876 Host Status Config md5 176 9 244 238 alive 18 ms 40c05b2c202016f967aa1dbcea4561aa CPU Usage Byte Hit Rate Request Hit Rate 71 5 77 1 Config Age Version 1486 v2 4 7 1 149 The Cluster subsection provides summary information for all of the machines within the cluster Confidential page 51 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Log amp admin 9G swiftcache et tname test swiftserve com Cluster Status Status Config You have 3 Alerts that require attention Processes access log Query Cache TCP Stats NIC Stats Disk Stats System Info Log Copyright SwiftServe 2013 The Log subection shows the most recent portion of the proxy access log as a quick check for opera
134. onal module and needs to be enabled in the license key to operate mode SSL SwiftCache routes SSL connections between the client and server but no caching is possible as relay SwiftCache cannot inspect the encrypted data mode Swiftcache also offers SSL as an option for securing the web administration interface GUI Please refer to the Securing Swiftcache section in the Operations Guide chapter 16 9 1 SSL Proxy Mode SSL Proxy Mode is an optional add on feature to SwiftCache that needs to be enabled in the license key Please contact your vendor if you require this feature SSL Proxy Mode gives organisations the option to cache encrypted web traffic as well resulting in additional bandwidth savings An organisation may have a policy to route all web traffic through a web cache to save on bandwidth usage andi provide traceability for clients Ordinarily only unencrypted non SSL HTTP traffic can be cached This is because HTTPS traffic is encrypted to prevent payload inspection during transit between the client and the originU server Distribution of SSL CertificatesO To use this mode it must be possible for the organisation to distribute SSL certificates to the clients thoughU existing IT management processes for example via Group Policies within a Microsoft Windows Domain Confidential page 130 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 16 Advanced Features environm
135. onding to Trafficl Top 100 System Performance and SwiftSense These are described in more detail below Interacting with Graphs Many of the graphs displayed under the Reporting tab are interactive Depending on the type of graph shown it is possible to e select hourly to yearly scales as a starting point e zoom into a particular time period e revert the view by clicking on Reset zoom e disable one or more of the graph parameters by clicking on them e re enable disabled parameters by clicking on them disabled parameters are shown greyed out TrafficO The Trafficlsubsection shows network information displayed on four pages which are described in more detail below Confidential page 58 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Network Throughput admin 9G swiftcache TY tname test swiftserve com Cluster Status b Filtering Reporting You have 3 Alerts that require attention Cluster total bondo bond1 bro eth3 eth2 eth1 etho Network Throughput all interfaces combined Last Hour rS Traffic You can click and drag on the graph area to zoom in 1 000 Network Throughput 750 Cache Throughput ONK ym pS fen ey VA Request Rates 500 Connection Stats 250 NPN iI IN NOI 95th Percentile Mbps 0 000 a 11 30 11 40 11 50 12 00 12 10 12 20 Top 100 n Out system min 203 533 Mbps max 291 381 Mbps mean 245 352 Mbps min 508 834
136. one or more network connections depending on the configuration optionsU chosen Typically there would be two gigabit Ethernet ports bonded into one virtual interface with corresponding configuration on the network switch or a single 10 gigabit Ethernet port 0 Confidential page 36 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios 6 5 2 Pilot and Rollout As with any significant network infrastructure changes it is important to avoid disruption to end users Typical large scale installations are rolled out progressively During an initial pilot phase a small subset of traffic and or users are routed via SwiftCache one or morel appliances to allow the SwiftCache configuration to be tuned for the best performance Once this is achieved the traffic load should be gradually increased and the performance monitored for any opportunities to further fine tune the configuration 0 6 5 3 Sizing It is recommended that SwiftCache is deployed in a N 1 redundant cluster so if any one appliance fails the remainder can handle the traffic N 1 redundancy means that for any given number of appliances N there is ati least one independent appliance available as a backup 1 The smallest recommended cluster size is therefore two SwiftCache appliances This arrangement also allows upgrades to be performed without any interruption to service 6 5 4 Load Balancing A load balancer is an integral part
137. onfidential page 88 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI backup Create a backup of this configuration clone Clones the configuration of the specified appliance to this appliance 0 delete backup Removes a stored backup diff Shows the differences between the active configuration and the specified backup 0 list Lists all backups Soe Reverts configuration to the specified backup set Enables the batch insertion of raw configuration data This is ideal for cutting and pastingl sections from another machine Exit this mode with ctrl d show Displays the active raw configuration 0 9 4 5 edit The edit command allows modification of configuration keys using a text editor within the CLI When the file isO saved the configuration is updated U If the file is discarded without saving then the configuration will remain unchanged 9 4 6 exit The exit command exits the CLI and ends the SSH console or serial login session The keyboard shortcut Ctrl d may also be used 9 4 7 idata The idata command allows the operator to perform get set and delete actions on internal data values The action list will enumerate all the variables Great care should be taken since as incorrect use of the idata command can permanently disable the SwiftCache appliance and invalidate your warranty 9 4 8 policy This command manages policy configuration sections It has the following actions
138. onsider 0 e how client requests such as those from a web browser will be routed to SwiftCache and e whether the end user will be aware that requests are being proxied through SwiftCache It is not recommended simply to place SwiftCache directly in the main path of all client requests This would cause all network traffic not just web traffic to pass through SwiftCache This approach would be high risk 0 inefficient and would scale poorly 0 Instead SwiftCache supports three modes of operation e explicit proxy e semi transparent proxy and Confidential page 26 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios e fully transparent proxy These are discussed in more detail below 6 3 1 Explicit Proxy Server eq DATA GET HTTP 1 1 Host www google com SwiftCach wiftCache Client IP Sells a GET http www google com OS HTTP 1 1 Host www google com SA Client e Client is aware of the SwiftCache e Client sends request to the SwiftCache instead of the Server e Explicit GET request contains entire URL Using SwiftCache as an explicit proxy relies on the end user configuring their client software to route outbound web requests through SwiftCache For example most web browsers support the ability to define the location of a web proxy This type of deployment used to be common in enterprise and corporate network
139. ot certain of the exact command or configuration key name 0 From the default CLI prompt pressing Tab twice will display all valid commands In the example below the introductory text displayed on logging into the CLI is also shown above the prompt Swale San CMe kient ivn Connected to yourswiftcache 192 168 2 21 Type help if you need it yourswiftcache gt add get raid stats brightcloud help reboot supercluster cache idata remove test cluster interface set top100 config keyhelp shared upgrade edit local shell upstream policy exit no show filter policy shutdown find process SEN The following example uses tab completion first to list the possible process names then the command actions 0 yourswiftcache gt process alertd proxy rtmp_ proxy taskmgr intercept rtmp_ intercept snmpagentd yourswiftcache gt process taskmgr reload restart start status stop yourswiftcache gt process taskmgr status taskmgr apid 2975 sley iebimiMaiAe 5 5 9 3 3 CLI Help The find command is used to locate configuration keys when an operator is unsure of the exact name of a configuration key The find command takes a single argument the text to search for It will return the names of configuration keys policies and filters that match the text 0 For example typing find hostname will return the hostname configuration key and show you that it is in thel local section of SwiftCache s configuration 0 yourswiftcache g
140. ourswiftcache ok nohostname gt get hostname yourswiftcache 9 3 6 add and remove Commands The commands add and remove can be used to add and remove a value from a configuration list Confidential page 85 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI yourswiftcache gt get ntp servers asia pool ntp org yourswiftcache gt add ntp_ servers local ntp ok yourswiftcache gt get ntp servers asia DOO Mcp rong local mip yourswiftcache gt remove ntp_servers local ntp ok yourswiftcache gt get ntp servers asia pool ntp org 9 3 7 Configuration Sections and Scopel SwiftCache s configuration is grouped into sections that control when the settings are applied depending on the context or scope Configuration keys can appear in multiple sections each with a different scope For example each configured policy section may define cache delay with its own specific value U 9 3 8 create and no Commands The create and no commands are used to create or delete a configuration value or section The create command is used with a section name for example yourswiftcache gt create filter yourfiltername ok yourswiftcache gt no filter yourfiltername ok filter SectionsO Individual filter policies are each defined inside their own flte section in the configuration Each named filter section contains the settings for that filter yoursw
141. parated list of file names to upload May use shell patterns Allowed patterns are seq seq E g access gz Empty value means upload everything Log files has following format lt logname gt lt hostname gt 0 lt starttime gt lt endtime gt log gz log_upload_password password Password to authenticate against remote server log_upload_path string Path on remote server to upload log files toH log_upload_protocol combo Protocol which should be used to upload compressed log files FTP SFTP orl FTPs log_upload_server string Fully qualified server name to upload log files tol log_upload_user Aw Y Username to authenticate against log server log_usage_limit_threshold int r0 100 Max usage threshold of log partition after which logging is disabled log_usage_warning_clean_threshold int r0 100 Percentage of log partition size to delete old log files to if warning threshold isO reached Ignored if other option than Delete old logs specifiedU log_usage_warning_threshold int rO 100 Warning threshold of log partition usage log_usage_warning_type combo Flag indicating what to do if log usage is more than log usage warning threshold Valid values are i ignore d delete old logs r reduce log level master combo Master interface Use to make current interface a member of a bridge or interface bonding If this is set to something other than None then some settings like ip address net mask are ignored This setting is
142. pbits O amp signature 98803AA4E65 D830E33C9A2FBC2FE77D02015257F29879DD9541B6 5704625CAB118092DFD151856CF amp sver 3 amp expire 1252108800 amp key yt1 amp factor 1 25 amp burst 40 amp id c19764 decede17ab These types of URL are semi dynamic There is a static portion of the URL that is used to identify the requested file The query string of the URL will vary dynamically with each request SwiftCache provides a flexible policy0 mechanism to manipulate request URLs to extract the relevant information to allow more effective caching In some cases websites will use fully dynamic URLs In the example below each request is for the same file but the URL cannot reliably be used to determine this Confidential page 105 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 12 Performance Tuning http www846 megavideo com files d008f8c759a4f4b3f07 ccef7ea7588a4 http www763 megavideo com files f66f936f7fc39f1bb9524f49c5f54184 To cope with such cases SwiftCache provides a content hashing feature This inspects the content payload without reference to the URL to identify when the content requested will benefit from caching SwiftSense One of the benefits of deploying a SwiftCache solution is use of SwiftSense SwiftSense is a cloud service that continually analyses millions of requests passing through SwiftCaches around the world It uses this information to determine the optimal caching policies SwiftSense then
143. pecific case the warning can be safely ignored by performing one of the following actions depending on the web browser used e click on Continue to this website Internet Explorer e click on understand the risks and create an exception or Accept this certificate permanently Mozilla Firefox Confidential page 42 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI e click on Continue Safari e click on Proceed anyway Chrome For other web browsers please consult their documentation 8 3 Finding Help in the GUI 8 3 1 Contextual Help The SwiftCache GUI has a built in contextual help system that provides information for all configuration keys and pop up hints or tooltips for certain features and functions Tooltip Example Hovering your mouse pointer over any configuration key item name will cause a tooltip to be displayed thatU contains help information relevant for that setting 8 4 Sections of the GUI The SwiftCache GUI is divided into tabs corresponding to each section below 8 4 1 Home Tab Dashboard The Home tab provides SwiftCache operators with a quick overview of the status health and performance of the appliance known as the dashboard It displays any alerts that have been generated the current appliance utilisation and its network statistics for the last twenty four hours If the appliance is part of a cluster then there will
144. pects of SwiftCache configuration Confidential page 53 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI split between basic and advanced configuration settings Changing Settings Settings are changed by updating the values using the text input fields checkboxes or drop down selection menus provided Once a setting has been changed click the Update button at the bottom of the page to confirm and apply the change Alternatively click the Reset button to revert all changes made on the page back to the currently applied settings Care should be taken as changes are applied on clicking the Update button with no further user confirmation It is possible to change multiple settings on a single page at a time simply make all the changes required and then click on the Update button to apply them Operators should apply all changes on a page if desired by clicking the Update button before browsing to other tabs subsections or pages to avoid configuration changes being lost 0 Confidential page 54 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI 8 4 4 Policies Tab admin 9G swiftcache ory tname test swiftserve com Cluster Status b Policies Filtering You have 3 Alerts that require attention SwiftSense Policies are predefined but not enabled by default sets of rules that change proxy s behav
145. ppression 11 2 4 Alert Priorities 11 2 5 Alert Details 11 2 6 Alert Notifications 12 Performance Tuning 12 1 Factors Affecting Performance 12 1 1 Request Rate 12 1 2 Simultaneous Connections 12 1 3 Cache Efficiency 12 1 4 Client Speed 12 1 5 Filtering 12 1 6 Policies 12 1 7 Disk IO 12 2 Improving Performance 12 2 1 Maximising Bandwidth Savings SwiftSense 13 Clustering 13 1 Overview 13 2 Cluster Configuration 13 2 1 Adding a New Appliance to a Cluster 13 2 2 Removing a Node from a Cluster 13 2 3 Viewing Cluster Status 13 3 Superclusters 13 3 1 Supercluster Setup GUI CLI 13 4 Automated Cluster Upgrades 13 4 1 Automated Upgrade Workflow 13 4 2 Failures During Upgrade 13 4 3 Deleting Old Software Versions 13 4 4 Important Warnings 13 5 Inter Cache Communication ICC 13 5 1 ICC Setup 13 5 2 Request Workflow Without ICC 13 5 3 Request Workflow With ICC 13 5 4 Advanced Information Items Not Handled by ICC Effect of Node Leaving an ICC Cluster Caches Must Retrieve an Item Once 14 Policies 14 1 Overview 14 2 Introducing Policies 14 3 SwiftSense Policies 14 3 1 Management 14 3 2 Recommendations 14 4 Custom Policies 14 4 1 Filter Policies 14 4 2 Ordering of Policies 14 4 3 Match Rules Named Captures 14 4 4 Common Settings cache_partial_download complete_download cache_async_fetch Confidential page 5 of 161 Table of Contents 110 110 110 110 110 110 111 111 111 111 112 112 113 113 113
146. provides ways to manage the caching of content However it is possible to greatly improve upon these caching methods SwiftCache policies allow caching behaviour to be customised on a case by case basis in order to maximise the potential for saving bandwidth Policies allow almost any configuration setting on the SwiftCache to be overridden for requests matching specificH rules The rules are flexible fully configurable and can be defined using multiple criteria 0 Policies are particularly helpful in the common scenario where websites use semi dynamic or fully dynamic URL schemas which cannot be cached using simple rules alone 14 3 SwiftSense Policies SwiftSense is a cloud service that the SwiftCache periodically consults for updated policy recommendations based on its analysis of live traffic For more detail please refer to the BwiftSense chapter of this manual New and updated policies downloaded from SwiftSense are displayed in the GUI separately from local Custom policies and are not enabled by default It is also possible to identify SwiftSense policies in the CLI since their name is prefixed with upstream policy 14 3 1 Management When SwiftSense is enabled it will periodically connect to the cloud service to identify and download new policies SwiftServe will generate alerts whenever it downloads new policies to notify the operator to review and apply the updates Operators can view the updates in the SwiftSense Policies subsect
147. r can change the account password and displayed name and a Logout button 17 4 3 Dashboard The Dashboard tab displays a summary graph for aggregate traffic along with byte and request hit rates for alll deployed caches with a choice of day week month or year views Underneath is a table listing the most recent statistics for the caches by organisation e Alive caches e Total caches e Users e Traffic e Requests per second Confidential page 134 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 17 SwiftSense e Hit rate bytes 17 4 4 Caches The Caches tab displays a table of information about all caches e Name e P Address e Organisation e Traffic e Requests per second e Hit rate bytes e License State e Version It is possible to group caches together To do this select multiple caches to create a group or click on the Groups page to view and configure existing groups U Clicking on an individual cache will allow operators to view and edit its profile It is also possible to set thell organisation of one or more caches from the main table 17 4 5 Organisations The Organisations tab displays a table of the organisations It also allows operators to add a new organisation and to edit or delete an existing organisation Clicking on the Users page will display a table of the users It also allows operators to add a new user and to edit or delete an exis
148. r for interface bonding If set Interface parameters like th IP addresses and netmasks are ignored on the interface This setting is not applicable to non Ethernet interfaces Routing Static routing rules for the interface Rules Once the network has been configured the proxy behaviour disk settings and license key then need to bell checked and configured before deployment Depending on your vendor it is possible that your SwiftCache mayH have been shipped with one or more of these already configured U Confidential page 14 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide 3 3 1 Proxy Settings admin v 9G swiftcache Ean Hostname test swiftserve com Cluster Status Config Basic Configuration Proxy Port 8080 You have 3 Alerts that require attention amp Logging IP Spoofing Oo Allow Explicit Fl Cluster p 0 amp Trust X Forwarded o amp Super Cluster TCP Disks RTMP Network Backups Update Reset Advanced Configuration Copyright SwiftServe 2013 The proxy port and parameters are specified on the MCP subsection of the Configltab in the GUI These settings controls the main operation of the caching software and typically only need to be modified once on installation 0 The settings chosen will depend on the mode of operation chosen For more information on possible modes of operation and the settings below please refer to the Deployment
149. r more information Enables the use of Solid State Disks SSDs to boost cache performance See the Fast Disks SSD section in the Advanced Features section for more information Enables the caching and management of RTMP traffic in addition to HTTP traffic 0 Enables the caching and management of SSL encrypted traffic See the SSL Caching section in the Advanced Features section for more information Allows the SwiftCache appliance to be connected to SwiftServe s global Content Delivery Network CDN service enabling the appliance owner to generate revenue from delivering content on behalf of SwiftServe page 24 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 5 Physical Installation 5 Physical Installation 5 1 Technical SpecificationsO Please see the separate documentation provided with your SwiftCache appliance 5 2 Racking Guidelines Please see the separate documentation provided with your SwiftCache appliance Confidential page 25 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios 6 Deployment Scenarios 6 1 Overview To gain the best possible performance from SwiftCache it is important to ensure that it is deployed into the best location on a network However due to the variety of possible network configurations the optimal location forl SwiftCache will vary depending on the specific environment into which it is being deployed U 6 2 C
150. r proxy gt client miss traffico dscp_server int DSCP bits to be used for proxy gt server traffico dump_headers bool Flag indicating should we dump headers to logs or not effective_debuglevel int 1 5 Effective debug level Should not be altered manually effective_enable_logging bool Enable or disable logging completely Should not be altered manually enable_ipv6 bool Enable IPv6 support on the interface enable_logging bool Enable or disable logging completely E g error access logs enable_ssl_proxy bool If set enables SSL proxy support enable_via bool If set proxy will add update Via header in response enable_x_cache bool If set sends a x cache header to the client enable_x_cache_debug bool If set sends a X Cache Debug header to the client NOTE This header contains internal information and may pose a security risk Confidential page 152 of 161 Generated 15 03 2013 12 49 enable_x_forwarded enabled fast_disks filter_pathO filter_rewrite_on_redirectl filter_set0 force_relay gateway gateway_mode global_blacklist_location global_blacklist_refresh global_redirect_url global_whitelist_location global_whitelist_refresh group hostname icap_resomod icap_server icc_enabled icc_min_size icc_override_enabled Confidential SwiftCache User Manual v0 7 6 73 gf091255 bool bool string string bool string bool ipv4 bool string int string string int
151. r right To add a new notification select the action via the dropdown which severities are to be included and the detailsU according to the parameters displayed then click the Add Row button One or more new notifications can bel added at a time Finally confirm and apply the new notification settings by clicking the Save Changes button Note that unsaved changes will be lost if the operator navigates away from the page before clicking the Save Changes button Almost every configuration item within SwiftCache has the ability to be shared within a cluster of SwiftCachel nodes Exceptions to this are configuration options specific to the appliance such as the appliance hostnamell and IP address 8 5 1 Shared and Local Settings There may be times when an operator would want to change a setting on a single SwiftCache without the change applying to other appliances in the cluster For example an operator may wish to test the effect of a setting safely or raise the level of logging detail on a single SwiftCache to debug a problem A setting configured for the scope of a single SwiftCache appliance is known as a Ibcal setting A setting that applies to the whole SwiftCache cluster is known as a shared setting Local settings take precedence override shared settings By default all settings are shared noting the exceptions above Even if a SwiftCache is operating by itself i e there is only one appliance by default it will have
152. rading a SwiftCache if a configuration key that is present in a newerl software version is not present in the previous version This may result in a situation when downgrading that a configuration may not be return to exactly the same state as it was before the failed upgrade attempt It is recommended to take a manual backup of the configuration before starting an upgrade The configuration isO stored on an appliance etc default Inter Cache Communication ICC improves cache hit rates and delivers bandwidth savings It does this by allowing nodes to share and distribute cached objects around the SwiftCache cluster without each machine having to retrieve content from the origin servers ICC also makes best use of the available disk space ina cluster Confidential page 111 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 13 Clustering 13 5 1 ICC Setup admin 9G swiftcache erre Hostname test swiftserve com Cluster Status Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention Basic Configuration General a a Always Do DNS 5 Advanced Configuration y amp cI SNMP Community a Async Cache Refresh o Passwords Complete Download Min a License Count Default TTL SwiftSense ae 3600 amp Overload Protection Max TTL 2592000 a System SSL Proxy Cache Limits Enable ICC O amp Throttling Limit Client Connection Rate 0 r Kbps amp Rate Limit Burst
153. ransparent to both the client and the origin server When fully transparent mode is enabled SwiftCache will rewrite the source IP address in network packets sent to the origin server so that it appears as if the request was sent directly from the client This is sometimes referred to as IP spoofing This is the recommended method of operating SwiftCache in a standard network environment This section describes typical network topologies for SwiftCache deployments e Inline Bridge Mode e Out of Path Router Mode e Load Balancer in Bridge Mode e Load Balancer s in Router Mode e Internet Service Provider e Reverse Proxy Mode 6 4 1 Inline Bridge Mode Router SwiftCache Router EHH Client This mode places the SwiftCache inline using bridged networking It has the advantage of quick deployment and simple routing but is not scalable All traffic passes through the cache so a failure would lead to a completell loss of service The SwiftCache can be configured with a fail to wire network interface card NIC to prevent any outage in such instances Confidential page 31 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios An example where inline bridge mode may be suitable is a small office setup 6 4 2 Out of Path Router Mode SwiftCache Router Client Out of Path Route Mode uses Policy Based Routing PBR to redirect HTTP requests on port 80 to the Swi
154. rcent and 80 percent depending on the traffic profile and how the platform is deployed 0 configured integrated and tuned A typical SwiftCache deployment within an ISP network would consist of between two and forty caches in one or more locations Within each cache location the caches or cluster nodes would be joined together to form a SwiftCache cluster where the majority of configuration is identical and shared between them all the SwiftCachel appliances would be integrated into the network together to provide a complete caching service A deployment scenario within an enterprise network could start with just a single SwiftCache installed to reduce an organisation s external bandwidth usage and to control and monitor users browsing habits 2 2 Terminology The following terms and conventions are used in this document Confidential page 10 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 Origin Server Item or Object Appliance SwiftCache or Cache Proxy User or End User Client Operator Cluster Node Confidential 2 Introduction An HTTP web server that provides the source of the web content to be cached e g www bbc com A specific piece of content requested via HTTP from a web server e g an image webi page or video A hardware device running integrated software for a specific purpose e g caching web content A SwiftCache appliance Caching softw
155. rface br0 is defined by default on every new install 0 Other Interfaces These are all of the physical network interfaces on the machine 3 2 1 General Settings Confidential page 13 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 3 Quick Start Guide Hostname DNS Servers NTP Servers The system hostname List of DNS nameservers to use Network time servers to use 3 2 2 Basic Network Settings Enabled IPv4 Address Netmask Gateway Enable IPv6 Support IPv6 IP Address IPv6 Netmask IPv6 Gateway Whether the specific interface should be enabled or disabled IPv4 address to apply to the network interface IPv4 network mask to apply to this interface IPv4 gateway address for this interface Whether IPv6 should be enabled or disabled on this interface IPv6 address to apply to the network interface IPv6 network mask to apply to this interface IPv6 gateway address for this interface 3 2 3 Advanced Network Settings Auto Ethernet procedure to define appropriate interface transmission parameters This shouldU Negotiation remain enabled unless interface errors are experienced Speed The interface transmission speed Required if Auto Negotiation is disabled on the interface Duplex Duplex mode for the interface either half or full Required if Auto Negotiation is disabled on the interface Master This setting is used to make current interface part of a bridge o
156. ring highly dynamic personalised AJAX websites to mobile clients The following steps are taken by the SwiftCache to optimise performance e Anin memory cache is utilised for small objects to avoid the time penalty of disk access e Disk access is avoided for ong tail content until SwiftCache has identified that the content is popular ThisO avoids wasting resources by storing content that will not be requested frequently and is controlled by the cache delay configuration key U e Disk bypass is enabled for sites that are identified as uncacheable This prevents SwiftCache from wasting disk resources on content that will not result in a cache hit and is controlled by the cache never configuration key 0 12 2 1 Maximising Bandwidth Savings Many Internet websites are not designed to take full advantage of the caching techniques available in the HTTP specification For example many sites make use of query string parameters to pass details of the requested content http v18 Iscache7 c youtube com videoplayback ip 0 0 0 0 amp sparams id 2Cexpire 2Cip 2Cipbits 2Citag 2Cburst 2Cfactor amp itag 34 amp ipbits O amp signature 8B482CBEDB4DAF3E9E044A4C25DFC881B8668E4F BC60686562558 3C2BESAA6472A7536D827ED7 ES8 amp sver 3 amp expire 1252105200 amp key yt1 amp factor 1 25 amp burst 40 amp id c19764 decede17ab http v10 Iscache5S c youtube com videoplayback ip 0 0 0 0 amp sparams id 2Cexpire 2Cip 2Cipbits 2Citag 2Cburst 2Cfactor amp itag 34 amp i
157. rity of that alert The different alert priorities are represented in the GUI with differently coloured flags Five alert severities are defined 0 Confidential page 99 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 11 Monitoring J 1 Trivial E 2 Minor J 3 Warning A 4 Serious A 5 Critical Lowest severity level These alerts are designed to inform a user but do not require any response For example cache config reload informs the user that the configuration was reloaded after applying a configuration change U These alerts raise attention to a non critical issue that might lead to unexpected behaviour if they persist for some time For example general log files deleted informs the operator that the log manager has deleted old log files based upon log retention policies These alerts indicate an issue that should be investigated to determine the root cause They do not constitute a critical or serious issue by themselves but they may be indicative of an underlying and more serious problem For example system cpu high_ usage indicates that the SwiftCache is reaching the limit of CPU resources and may trigger Overload Bypass mode depending on thresholds These alerts indicate an issue that should be investigated immediately as it could be degrading performance or impairing operation of the SwiftCache For example system net config update failed indicates
158. rt 8500 of the SwiftCache appliance by default It can be accessed remotely with a web browser either by hostname or IP address which will be determined by your network setup For example http yourswiftcache example org 8500 where yourswiftcache example org is replaced with the hostname or IP address of the actual appliance It is recommended that SSL encryption is enabled for all communications with the GUI and that the GUI is protected from the public Internet and unauthorised access by a firewall or other appropriate network security 0 For more detail on how to secure the SwiftCache GUI please refer to the Securing SwiftCache section later in this manual If you have configured SSL encryption for the SwiftCache GUI then please note that you will need to connect using https in your web browser rather than http in order to access the GUI For example https yourswiftcache example org 8500 where yourswiftcache example org is replaced with the hostname or IP address of the actual appliance For the purposes of this manual subsequent URL examples for the GUI will be given using http only When logging in to the GUI for the first time enter the username admin and the password supplied by your vendor Once you have logged into the SwiftCache web interface for the first time you will be presented with the mainU dashboard of the appliance From here you can see if there are any alerts that have been generated the current utilisatio
159. s located url The full URL of the request e g http lt host gt lt port gt lt path gt lt querystring gt mime The value of the Content type header in the response This is only available after origin server headers have been processed status The HTTP status code for the server response e g 200 OK This is only available after origin server headers have been processed content length The value of the Content length header in the response i e the size of the file beingo downloaded This is only available after origin server headers have been processed lt operator gt control the type of match that is applied against the lt parameter gt The possible operators are described below Confidential page 117 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 14 Policies matches regex Matches the parameter against a regular expression regex The regex should match the whole value and not a substring For more information on regular expressions please refer to http Avww wikipedia org wiki Regular_expression equal to Checks whether the parameter is identical to the value case insensitive matches subnet Matches the parameter against a comma separated list of IPv4 v6 networks hosts where networks are defined as CIDR blocks e g 10 0 0 0 16 in list Matches the parameter against a comma separated list of values value between Checks if the parameter is within a range of values inclusive U
160. s policies tol define different cache behaviours for certain types of connection and for connections to specific sites O 1 1 8 SwiftCache GUI request Apply cache_index to downloads from dmecdn Apply cache_index to files from Duckload Apply cache index to ea com downloads Bypass dynamic site http online track com Bypass dynamic site http gd88 info Apply cache_index to downloads from extabit Caching static files from fbcdn net Apply cache_index to downloads from filedude com BB BDB BB DB BDB DB BDB BB Next gt Operators can apply different policies for different clients including filter policies defined under the Hiltering tab or change the proxy behaviour to improve the cache hit ratio on sites that are difficult to cache This could be done for example by overriding cache behaviour defined by the origin server or client or by customising thel SwiftCache s cache index There are two subsections SwiftSense Policies and Custom Policies Please refer to the Policies section of this manual for more detailed configuration information 0O Confidential page 56 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI 8 4 5 Filtering admin v 9G swiftcache ms test swiftserve com Cluster Status Filtering Reporting You have 3 Alerts that require attention Add Filter Allowed Blocked Requests Timeout C
161. s where the organisation Confidential page 27 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios required a forward proxy to control its employees access to the Internet However this approach is becoming less popular with businesses as it places a large support overhead on the internal IT function to ensure that all clients are correctly configured to use the proxy U Similarly this approach is impractical within an ISP scale deployment as the ISP does not control the end user s devices and clients and so cannot ensure they are correctly configured to route requests through the web proxy Instead transparent proxy deployments are becoming more popular in both corporate and ISP environments because they remove the need for changes to the client configuration in exchange for some additional network complexity Avoiding Open Proxies Explicit mode can be useful for testing purposes as it does not require any specific network configuration 0 However this mode of operation can be extremely dangerous if enabled in a production environment without any access restrictions To do so would create an open proxy a web proxy that allows any client to request content from any origin server Because this effectively anonymises the client requests all requests to the origin server would appear to come from the open proxy not from the client open proxies can be used to avoid filtering and moni
162. ser has full read write access to the interface and can modify any settings e The monitor user has read only access to the Dashboard Reporting and Alerts pages The admin user is also the only account that can access the CLI Passwords for both users are maintained using the Passwords section under Advanced ConfigurationUn the Configitab in the GUI Confidential page 95 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 10 Operations Guide 10 1 2 Best Practice Recommendations e Enable SSL on the GUI e Change the user passwords after installation when any operators leave and at least once per year e Disable sending of X Cache Debug HTTP headers as these reveal debugging information about the cache e Disable allow explicit if specifically required allow only via a policy 0 e Enable always do dns 10 2 Disk Replacement The procedure to replace the hard disks in the SwiftCache appliance will vary depending on the hardware specification Please contact the SwiftCache Support Team for guidance on disk replacement 10 3 Configuration Backup 10 3 1 GUI The Backups portion of the Basic Configuration Subsection of the Configitab in the GUI allows an operator to create a backup of the current configuration as well as delete backups view differences between backups andi restore previous backups 10 3 2 CLI Running show config will dump the running configuration as text that can be exported for archivin
163. serve logs Apply swiftserve policies and send logs to swiftserve Reporting id for swiftserve Control socket for taskmanager If empty then task manager control will be disabled TCP orphans alert threshold TCP time wait sockets alert threshold Number of worker threads 0 means auto detect Timeout in seconds to wait for a response from the auth daemon Timeout in seconds when reading from a client Timeout in seconds when reading from a client before forcing relay mode Timeout in seconds when writing to a client Timeout in seconds before we assume that a connect has failed Timeout in seconds to wait for a filtering decisionU Timeout in seconds to wait for a new request over KA connections Timeout in seconds before we assume that a relay connection is dead Timeout in seconds when reading from a server Timeout in seconds when writing to a server Timeout in seconds to wait for a SSL handshake to complete System timezone Interval in seconds between top100 data parsing attempts Needs task manager restart on change Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 20 Appendix C Configuration Key Reference top100_delay int Delay in seconds between two parsing rounds top100_enabled bool Enable access log parsing to generate top100 reports Can be cpu consuming NOTE you need to restart task manager after changing this setting top100_maxtime int Max time in seconds to do one parsi
164. sts 112 78 33 27 449 81 MB 285 39 MB 63 1 429 817 57 0 000 0 008 112 78 33 25 449 02 MB 279 92 MB 62 1 307 752 58 0 000 0 008 System 112 78 33 28 442 1MB 268 81 MB 61 1 325 758 57 0 000 0 007 aL 112 78 33 18 441 83 MB 269 49 MB 61 1 297 776 60 0 000 0 008 Performance ry a a 112 78 33 10 428 05 MB 266 56 MB 62 1 339 770 58 0 000 0 006 oO ftSense 112 78 33 15 425 42MB 252 07 MB 59 1 126 694 62 0 000 0 008 112 78 33 8 422 15MB 271 99 MB 64 1 288 781 61 0 000 0 010 112 78 33 9 411 67 MB 261 09 MB 63 1 451 856 59 0 000 0 006 112 78 33 19 382 25MB 238 94 MB 63 1 397 864 62 0 000 0 006 112 78 33 4 381 55MB 224 59 MB 59 1 346 797 59 0 000 0 007 112 78 33 29 378 64MB 236 78 MB 63 1 457 848 58 0 000 0 007 112 78 33 16 376 52MB 239 15 MB 64 1 331 825 62 0 000 0 013 112 78 33 11 368 15MB 224 72 MB 61 1 386 786 57 0 000 0 007 112 78 33 21 359 01 MB 217 36 MB 61 1 498 907 61 0 000 0 011 112 78 33 6 35849MB 224 47 MB 63 1 399 829 59 0 000 0 008 112 78 33 24 347 78MB 223 57 MB 64 1 438 817 57 0 000 0 006 112 78 33 5 345 43MB 226 37 MB 66 1 278 751 59 0 000 0 010 112 78 33 22 330 23MB 199 71 MB 60 1 316 762 58 0 000 0 008 112 78 33 26 324 53 MB 212 1 MB 65 1 286 771 60 0 000 0 011 112 78 33 13 318 18MB 190 59 MB 60 1 466 870 59 0 000 0 006 112 78 33 17 309 31 MB 187 5 MB 61 1 547 937 61 0 000 0 006 112 78 33 12 306 88 MB 189 51 MB 62 1 319 781 59 0 000 0 007 112 78 33 1 293 88 MB 187 22 MB 64 1
165. t find hostname local hostname yourswiftcache Confidential page 84 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI The keyhelp command can then be used to display a description of that key yourswiftcache gt keyhelp hostname System hostname The help command describes how to use commands yourswiftcache gt help find Usage find lt regex gt search for lt regex gt in all sections 9 3 4 Checking Configuration0 The show command displays the current value of a configuration key and takes the key name as the argument 0 yourswiftcache gt show hostname yourswiftcache To view the full device configuration use the command show config Default Values Almost every configuration key has a default value The show config command only displays configurationU keys that have been changed from their default values Configuration keys that retain their default setting are not displayed by show config To view the complete device configuration including the default values use the command show all_config 9 3 5 get and set Commands All SwiftCache settings are presented as key and its corresponding value e g admin port 8500 Configuration settings are viewed and changed using the get and set commands Sui rtOS CLIL Cliente w20 Connected to nohostname 192 168 2 21 Type help if you need it nohostname gt get hostname nohostname nohostname gt set hostname y
166. te a backup of the previous software or configuration 0 13 4 1 Automated Upgrade WorkflowO A RPM package file containing the new release of the SwiftCache software is needed to upgrade a cluster Tol prepare the cluster for the upgrade the operator needs to copy the RPM onto the SwiftCache itself or to a location where the file can be read from the SwiftCache e g a web server Once the upgrade has beent performed it is no longer necesssary to keep the RPM file as a backup copy will be stored automatically by SwiftCache In the CLI the operator then issues the command upgrade prepare followed by the path or URL to the new SwiftCache RPM The SwiftCache will then automatically distribute the RPM to all nodes in the cluster To verify the RPM is now on all machines use the command upgrade list versions which will show all available Confidential page 110 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 13 Clustering versions of the SwiftCache software To perform the upgrade use the command upgrade perform lt version gt where lt version gt is the target version number of the software to upgrade to Once the upgrade has been started the current status of the upgrade can be viewed with the command upgrade status For full details of the upgrade command please refer to the SwiftCache CLI section of this document Note that error messages may be generated while individual nodes in the cluster are upgraded T
167. te offsets delimited by a dash For example rangestart range_end where range_start and range_end are names of policy matches capture variables Query string param holding seek range Video seek subtype for FLV video Multiplier for seek offset to convert it to seconds Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 20 Appendix C Configuration Key Reference seek_type combo Video container type FLV MPEG4 and Range are currently supported For Range type use Seek Range field to specify the rangell service_quality_alert_enable bool Enable service quality monitoring by weighted average TTFB across top 100 sites service_quality_alert_serious_threshold int Service quality serious alert threshold service_quality_alert_warning_threshold int Service quality warning alert threshold service_time_threshold int Service time alert threshold 0 means turn off this alert share_server_connection bool Use single server connection for the same urls smtp_from string SMTP From header smtp_host string SMTP server host to use to send emails smtp_password string Password to authenticate on SMTP server against smtp_port int r1 Port to use to connect to SMTP server 65535 smtp_return_path string SMTP Return Path header smtp_ssl bool Use SSL to connect to SMTP server smtp_username string User name to authenticate on SMTP server against Empty means no authentication required snmp_community string SNMP community name Leave blank
168. ter When a SwiftCache leaves an ICC enabled cluster it will invalidate some of the cached content This is because the content stored on the cache will no longer be available to the ICC enabled cluster The proportion of the objects lost from the cache when a node leaves the cluster will be 1 n where n is the number of nodes in the cluster Caches Must Retrieve an Item Once In an ICC enabled cluster each cache must retrieve the item from the origin server once This then allows each cache to determine whether the item may be handled by ICC see Items Not Handled by ICC above For subsequent requests for the same item each cache will either retrieve the item from the node responsible for storing it or if the cache is the node responsible simply to return it to the client Confidential page 113 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 14 Policies 14 Policies Policies are sets of rules that change the default behaviour of the SwiftCache on a per request basis 14 1 Overview SwiftCache policies have two main functions e to optimise the performance of the appliance by enabling it to cache more effectively or to cache in situations where it might otherwise not e to apply configured filters to constrain or modify the end user browsing experience 0 See Appendix C for a full list of all of the settings that can be controlled via a policy 14 2 Introducing Policies The HTTP protocol
169. that there was an error applying new configuration the network interfaces and the old config has been restored 0 Highest severity level These alerts indicate that the performance of the SwiftCache is being degraded and immediate action should be taken to restore the service For example system overload indicates that the load threshold as been breached and the system has triggered the Overload Protection mechanism to place new connections into bypass or relay modes 11 2 5 Alert Details Each alert instance contains a specific description of the conditions that gave rise to that alert This informationU can be especially valuable in diagnosing the cause of the issue and how to resolve To view the details for each alert instance select the arrow icon in the Actions column Confidential page 100 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 11 Monitoring Local Cluster Alert Count Severity Actions Help system disk util 370 A Oc Date Details Acknowledged 11 Mar 2013 10 31 02 Disk s utilisation is higher than 80 sde 93 87 o 11 Mar 2013 10 20 02 Disk s utilisation is higher than 80 sde 98 56 o 11 Mar 2013 10 09 32 Disk s utilisation is higher than 80 sde 87 2 o 11 Mar 2013 09 59 01 Disk s utilisation is higher than 80 sde 108 07 D 11 Mar 2013 09 49 01 Disk s utilisation is higher than 80 sde 96 99 o 11 Mar 2013 09 38 31 Disk s utilisation is higher than 80 sde 84 72
170. the origin server in case of PARTIAL_HIT status Matched policies list comma separated Requested range cache reader index server ip it can be another cache peer in case of ICC hit log status see below TTFB time to first byte the duration seconds since the last byte of the client request was processed untill the first byte of response was sent This value is meaningless if relay mode is used for an invalid request U request url cache writer index page 139 of 161 19 Appendix A Log File Format Available since 2 0 2 0 2 0 2 4 7 2 0 2 4 7 2 0 2 0 2 0 2 0 2 0 2 0 2 0 222 2 2 2 4 1 2 4 7 PTA 2 0 2 0 2 3 1 2 0 2 1 7 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 19 Appendix A Log File Format x debug connection id 8 hexadecimal between square brackets same one used in the debug log 2 0 Log Status Status Description eae since OP_CRELAY overload protection relay cpu level Before 2 3 OP_SRELAY overload protection relay session count Before 2 3 RELAY relay mode Before 2 3 TCP_CBP_MISS overload protection cache bypass cpu level Before 2 3 TCP_CNC_MISS client headers prevented caching Before 2 3 TCP_HIT cache hit served from cache Before 2 3 TCP_ICC_HIT peer cache hit served from a peer cache Before 2 3 TCP_ICC_MISS peer cache miss Before 2 3 TCP_MISS cache miss Before 2 3 TCP_PARTIAL_HIT partial content hit for
171. thly weekly or yearly e lt objects gt is replaced with clients sites or videos and e lt units gt is replaced with bytes or requests 9 4 18 upgrade This command is used to perform a software upgrade in a cluster It has the following actions delete version lt version gt Delete specified cache lt version gt from the database list_versions List known cache versions log Show upgrade log perform lt version gt Perform upgrade to specified cache lt version gt prepare lt version gt Prepare upgrade using specified lt version gt lt rpm url gt or lt filename gt prepare lt rpm url gt prepare lt filename gt status Show upgrade status More detail on the cluster upgrade process is available in the Clustering chapter of this manual 9 4 19 upstream_policy Confidential page 93 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI This command manages upstream_policy configuration sections It has the following actions info lt policyname gt Info about an upstream policy install lt policyname gt Install an upstream policy install all Install all upstream policies Tise List all upstream policies show lt policyname gt Show an upstream policy uninstall lt policyname gt Uninstall an upstream policy uninstall_all Uninstall all upstream policies upgrade lt policyname gt Upgrade an upstream policy upgrade_all Upgrade all upstream polici
172. threshold float r0 1000 Sent packets drop threshold password_bypass_key string A 16 chars 128 bits secret key that will be used for cookie encryption If empty encryption will be disabled password_bypass_url string The url that will set the password bypass cookie if empty the bypass will be disabled port int r80 Port that proxy should bind to 65535 proxy_auth_host string The host where the auth daemon is running proxy_auth_message string The message sent to the client when auth is needed proxy_auth_port int The port where the auth dameon is running proxy_auth_required bool Explicit request are allowed if and only if the client sends valid auth info proxy_throughput_threshold int Cache throughput alert threshold 0 means turn off this alert purge_older_than string Purge cache objects older than specified date Date format is RFC 822 850 orl YYYY MM DD HH MI SS GMT pversion string Policy version should not be altered ratelimit int Enables client connection throttling Default 0 no throttling ratelimit_burst int Apply client connection throttling only after specified size of data has beenU Confidential page 156 of 161 Generated 15 03 2013 12 49 ratelimit_type redirect relay_connection_count relay_cpu_level relay_malformed_requests return_to_sender routing rtmp_cache_db rtmp_dump_data rtmp_port rtmp_stats_port rtmp_tproxy_mode rtmp_whitelist section_disabled seek_offset seek_range
173. tial page 75 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI The most common cache response codes are described below TCP_HIT TCP_PARTIAL_HIT TCP_REFRESH_HIT TCP_MISS TCP_CNC_MISS TCP_SNC_MISS TCP_REFRESH_MISS Confidential The object was served from the cache The object was partially served from the cache The object was served from the cache after confirming it was still valid The object was not previously seen and so it was retrieved from the origin server The client specified not to use the cache and so the object was retrieved from the origin server The origin server had specified not to use the cache and so the object was retrieved from it The object was retrieved from the origin server since it was confirmed to havel changed since the last time it was stored page 76 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI Object Distribution admin Gswiftcache Erry Hostname test swiftserve com Cluster Status b Reporting You have 3 Alerts that require attention Object Size Distribution Cluster Lcsv Object Distribution Requests You can click and drag on the graph area to zoom in g X 2 2 Yo mo h w a Co 8M o amp gs T a a Bandwidth Savings 4M Requests N z Hit Rates Cache Status
174. ting user 17 4 6 Reporting The Reporting tab shows aggregated data for all caches or a chosen group accross the following sub pages e Top sites e Top categories e Top videos e Cache stats e Cache alerts e Cache count e Traffic sources e Cache activity e Cache geography e Policy stats e Traffic 17 4 7 System The System tab has two pages Confidential page 135 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 17 SwiftSense Action log Shows an audit trail of all user actions Policies Allows an operator to add new policies and to edit or delete existing ones 17 4 8 Admin The Admin tab has two pages Users Shows a table of the user accounts It allows an operator to add new users and to edit or delete existing ones Cache Shows the current list of cache software packages It allows an operator to upload a new RPM files package and to delete existing ones Confidential page 136 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 18 Troubleshooting 18 Troubleshooting The following actions are recommended for diagnosing problems e Look for unexplained dips on cache graphs e fa cache graph is a flat line look at available upstream bandwidth and network switch statistics 0 e Check that the all expected processes are running e Check for new alerts To contact the SwiftCache support team and open a ticket ple
175. to ensure that the operator retains full control over the configurationU and operation of their SwiftCache For example an operator may choose to override behaviour on a subset of sites or choose not to apply the SwiftSense recommended policies 17 2 Security All data stored on SwiftSense and communications with SwiftSense are secured to prevent unauthorised access to the data An SSL encrypted transport layer is used to secure all communications with SwiftSense Data held by SwiftSense is stored in secure data centres and access to the data is controlled through a secure web interface 17 3 Functions SwiftSense provides four functions It is recommended that all four functions are enabled to ensure optimal performance however if required an operator may choose to disable one or more of these functions License When license update is enabled SwiftCache will periodically contact SwiftSense to check if a Key new license key is available The license key update feature allows for the auto provisioning of Update license keys for example to enable a license controlled piece of functionality Top 100 The top 100 reports feature enables the feedback loop of SwiftSense in order to ensure that the Reports policies are optimised for the traffic pattern on the SwiftCache When enabled the SwiftCache willl periodically report anonymous performance and efficiency statistics to SwiftSense U Policy When policy update is enabled the SwiftCache will p
176. toring andU are often exploited to conduct malicious or illegal activities To avoid SwiftCache being used as an open proxy it is strongly recommended that explicit mode is only used when access is restricted only to authorised client IP addresses Confidential page 28 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 6 Deployment Scenarios 6 3 2 Semi Transparent Proxy Server AA Fi SC IP DATA GET HTTP 1 1 I Host www google com l l l l Kx SwiftCache GET HTTP 1 1 Host www google com i Client i a we e Client is unaware of the existence of the SwiftCache e Server sees the IP of the SwiftCache e Easy to deploy The response finds its way back to the SwiftCachel Using SwiftCache in a semi transparent mode of operation relies on Policy Based Routing PBR to be configured in the network to intercept outbound client requests and direct them to SwiftCache in a transparent manner The end user is unaware that their requests are being routed to SwiftCache and so this approach removes the need for any client configuration changes However this mode is semi transparent because SwiftCache remains visible to the origin server which will see requests coming from the IP address of SwiftCache rather than the client In some cases this mode of operation can break application logic on the origin server For example some file 0 Confidential page 29 of 161 Generated
177. tors For more detailed problem diagnostics it is recommended to view the full log file directly 0 Confidential page 52 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 8 SwiftCache GUI 8 4 3 Config Tab admin 9G swiftcache eae lame test swiftserve com Cluster Status Config P Filtering Reporting You have 3 Alerts that require attention Basic Configuration Logging Settings Enable Logging amp Cluster Log Rotation S Clust Log Rotation T creme aB AA es Rotate when log reaches Log Rotation Size x amp TCP 7 Log Rotation Max Size 100 a Disks RTMP Log Upload Network Enable Log Upload o Backups Logs To Upload F amp P Log Upload Protocol FTPs amp Advanced Configuration ee Log Upload Server z amp Log Upload Path F amp Log Upload User adin amp Log Upload Password CESES ge eesssensce a SS Test settings Log Thresholds Log Usage Warning Threshold 90 amp Log Usage Warning Type Delete old logs z a Log Usage Limit Threshold m z amp Log Retention Log Retention Period Log Retention Threshold 70 amp Update Reset Copyright SwiftServe 2013 The Configltab allows an operator to view and change the most common settings within the SwiftCache configuration Policies filtering reporting and alerts are configured separately on their own tabs The navigation menu on the left of the page allows access to the different as
178. tp Refresh Period Static Filter Filter Location Location might be relative path to usr local cache filter absolute path start with B or URL start with http Filter Refresh Period Dynamic Filter Redirect Url F http ya ru Dynamic Filter List Search Engines Show all categories Update Reset Delete Filter Copyright SwiftServe 2013 The GUI allows operators to create new filter policies and edit the parameters of an existing filter policy 0 Existing filter policies are listed on the left hand side To add a new filter policy enter the name in the box abovell and click Add Filter Each filter policy must be uniquely identified by a name When a filter policy is applied through a policy it is0 referenced by this name e To view or edit a filter policy click on its name e To remove a filter policy click on its name and then use the red Delete Filter button at the bottom right The following parameters are always available Confidential page 123 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 15 Filtering Default Forces SwiftCache to enter a restrictive mode of operation where all requests are blocked or Deny redirected unless explicitly allowed through inclusion on the global or filter policy white list 0 Mode Redirect If specified requests that match one of the static filters or are not on the global or filter policy0 URL white list in the case that Default Deny Mode is acti
179. ts the itemL from the origin server and returns it to the client e SwiftCache then adds an entry to the cache database shared by the cluster e This identifies the item uniquely by hash and designates which specific node will be responsible for storing the item on disk e Subsequent client requests for the same object may go to any node in the cluster e f the request goes to the one node now responsible for storing the object it returns the object to the client e f the request goes to a different cache that cache retrieves the object from the node storing it rather than the origin server then returns it to the client This means that the SwiftCache cluster does not have to make multiple requests for the same object to the origin server saving bandwidth It also means that the cluster only has to keep one copy of the object saving disk space 13 5 4 Advanced Information Items Not Handled by ICC Certain content items will not be handled by ICC e items smaller than icc _min_size by default 16kB e items that cannot be cached and e items that have not been seen by the cluster for the minimum time specified by cache delay Items that are smaller than 16kB are not handled by ICC for performance reasons The minimum size can only be changed using the icc min size configuration option in the CLI U Use the command set icc min size 16384 to set the minimum object size to be 16384 bytes 16kB Effect of Node Leaving an ICC Clus
180. ttings in any more specifici filter policy but with the exception of a URL that is on the Global White List As above filtered requests may bel redirected to another page or blocked The Global Black List can be useful when a site has to be blocked by a provider for legal reasons With the exception of the global black and white lists all filtering rules are applied through policies Eachi instance of a filtering configuration is known as a filter policy A policy may optionally apply one or more filter policies the combination is Known as a filter set It is possible therefore to define different filtering rules for different groups of end users using appropriate policies 0 Filter policies are managed from the Filter Policies subsection of the Filtering tab in the GUI 15 5 1 Terminology e A filter policy white list is known as a Bypass list e A filter policy black list is known as a Static filter Confidential page 122 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 15 Filtering 15 5 2 ConfigurationO admin 9G swiftcache pT Hostname test swiftserve com Cluster Status Home Status Config Policies Filtering Reporting Alerts You have 3 Alerts that require attention Add Filter bc Filtering RRE Filter Policies Default Deny Mode o Redirect URL Whitelist Location Location might be relative path to usr local cache filter absolute path start with B or URL start with ht
181. ut_overload Ol con_ rate op cpu 5 cpu_idle 95 cpu_iow cpu_irg cpu_system Coumusera disk sda_atime disk sda await disk sda_rps disk sda util disk sda _wps disks cache await disks ucachesuicainll disks fast await disks fast tei disks other await disks Other weil disks rps ee Se Cre je er i gt Ish wo es er Gn hr ies oS Ser SS Oo SS SS es aS Ss SS SS DLO O O GO ee PET eo O O hy e Sy a 9 4 15 supercluster This command is used to manage superclusters Available actions are Confidential page 92 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 9 SwiftCache CLI join Current machine will join supercluster of specified machine leave Current machine will exit the current supercluster show Displays current status of the supercluster For more information on superclusters please refer to the Clustering chapter in this manual 9 4 16 test The command test log upload will attempt a log upload using the current settings 9 4 17 top100 The top100 command reports on the most commonly active clients and or sites This allows an operator to determine the most heavy users and frequently accessed sites This information can then guide the operator when tuning the SwiftCache configuration and policies for optimal performance 0 For example yourswiftcache gt topl100 lt timeframe gt lt objects gt lt units gt where e lt timeframe gt is replaced with hourly daily mon
182. ve are redirected to this URL otherwise they are blocked Bypass HTTP URL or a local path from which the SwiftCache should retrieve the list of URLs to permit List within this filter policy 0 Location Bypass Frequency at which SwiftCache should reload the white list If set to 0 SwiftCache will only Refresh load the list on startup Period Static HTTP URL or a local path from which the SwiftCache should retrieve the list of URLs to block Filter within this filter policy 0 Location Static Frequency at which SwiftCache should reload the black list If set to 0 SwiftCache will only Refresh load the list on startup Period The following parameters are available with the Brightcloud module Dynamic If specified requests that match one or more of the dynamic filter lists are redirected tol Redirect URL this URL otherwise they are blocked Dynamic Filter List of categories that should be blocked or redirected Within the GUI the operator may List select from a list 15 5 3 Filter Status and Testing An overview of the status of all filters can be viewed on the Status page of the Filtering subsection of the Filtering tab in the GUI provides The page shows the current total filter statistics in terms of the requests allowed andU blocked and underneath some statistics for the individual filter policies 0 Confidential page 124 of 161 Generated 15 03 2013 12 49 SwiftCache User Manual v0 7 6 73 gf091255 15 Filtering admin
183. will not use the cache If set always cache the file even if headers don t allow0 If set enables async fetch to cache This means request with slight Generated 15 03 2013 12 49 cache_async_refresh cache_clean_mode cache_config_applies0 cache_control cache_db cache_db_size cache_delay cache_disk_error_codes cache_disk_error_rate cache_disks cache_efficiency_thresholdU cache_fast_disk_object_size cache_ignore_cnc cache_index cache_invalidate_on_get_with_body cache_max_usage cache_mem_model cache_mem_object_size cache_mem_size cache_never cache_parser_delay Confidential SwiftCache User Manual v0 7 6 73 gf091255 bool string bool string string int int string int string int int bool string bool int 111 95 string int int bool int page 150 of 161 20 Appendix C Configuration Key Reference modifications is sent to the server asynchronously one more time to fetch the response and save it Request modifications include stripping of some headers leading to not full response being served e g Range This can be useful if some client uses Range requests extensively If set enables async refresh of expired cache items This means proxy starts to serve cached response to client immediately while refreshing content in the background This can lead to serving of stale content Valid options recursive last_used last_used_rmdir Enab
184. xy runs as System hostname Process server responses using RESPMOD ICAP request ICAP server URL icap host port uri Enable inter cache communication ICC Minumum object size for inter cache communication Enable ICC in policy Generated 15 03 2013 12 49 icc_relocation_enabled ignore_range io_queue_size io_threads_per_disk ip_spoofingU ipv6_addr ipv6_gateway ipv6_netmask log_debug_modules log_location log_location_size log_retention_period log_retention_threshold log_rotation_period log_rotation_schedule log_rotation_size log_rotation_type Confidential SwiftCache User Manual v0 7 6 73 gf091255 bool bool int int ipv4 bool ipv6 ipv6 int 11 128 int string int int int rO 100 float 0 log_rotation N int combo page 154 of 161 20 Appendix C Configuration Key Reference Enable relocation of objects after ICC reconfigurantionU Strip Range header from request when sending to server Responses from cache will still obey Range header Maximum async I O queue size for each disk 0 unlimited Threads per disk for async disk I O IPv4 address of the network interface Enable fully transparent deployment client IP address spoofing U IPv6 address of the network interface Default network gateway ipv6 Netmask ipv6 for the interface Debug trace log modules Bitwise OR of module IDs Module IDs MODULE_MASK_AUTH 0x00000
Download Pdf Manuals
Related Search