Intel NetStructure Cache Appliance 1520 User Manual

®
Intel NetStructure  
1520 Cache Appliance  
Administrator’s Guide  
Preface  
Chapter 1  
Introduction  
1
What is an Intel® NetStructure™ Cache Appliance? ...............................2  
Chapter 2  
Getting Started  
7
Starting the system for the first time.........................................................8  
Accessing the Manager UI .....................................................................12  
Using Monitor and Configure mode .................................................13  
Chapter 3  
Monitoring Appliance Performance  
17  
Accessing monitor pages .......................................................................18  
Using the Dashboard page.....................................................................18  
Dashboard alert lights ......................................................................19  
Changing the selected node ............................................................20  
Using the Node page..............................................................................20  
Using the Graphs page...........................................................................21  
Using the Protocols page .......................................................................21  
Using the Cache page............................................................................21  
iii  
Chapter 4  
Configuring the Appliance  
23  
Accessing configure pages .................................................................... 24  
Using the Server Basics page................................................................ 24  
Setting general options.................................................................... 25  
Setting Web management options .................................................. 26  
Setting virtual IP addressing options ............................................... 26  
Setting browser auto configuration options ..................................... 28  
Setting throttling of network connections......................................... 28  
Configuring load-shedding............................................................... 28  
Enabling SNMP agents ................................................................... 29  
Using the Protocols page....................................................................... 30  
Configuring HTTP............................................................................ 30  
Configuring NNTP ........................................................................... 31  
Configuring FTP .............................................................................. 34  
Using the Cache page............................................................................ 35  
Cache activation.............................................................................. 35  
Storage............................................................................................ 36  
Freshness........................................................................................ 36  
Variable content............................................................................... 38  
Using the Security page......................................................................... 39  
Using the Routing page.......................................................................... 39  
Setting HTTP parent caching options.............................................. 40  
Setting ICP options.......................................................................... 41  
Setting server accelerator options................................................... 43  
Checking transparency.................................................................... 44  
Checking WCCP.............................................................................. 44  
Using the Host Database page .............................................................. 44  
Configuring the host database......................................................... 45  
Configuring DNS.............................................................................. 47  
Using the Snapshots page..................................................................... 47  
ivv  
Intel NetStructure Cache Appliance Administrator’s Guide  
Chapter  
5Using  
the  
Command-Line  
Interface  
Starting the command-line interface.......................................................50  
Starting the appliance the first time..................................................50  
Using the appliance after initial start-up...........................................50  
Navigating the command-line interface ..................................................51  
Using the setup menu.............................................................................52  
Changing network addresses configuration.....................................52  
Changing the controller speed and transmission mode...................53  
Changing the DNS address and domain name................................53  
Changing the gateway address........................................................53  
Configuring time zone settings.........................................................54  
Configuring date and time settings...................................................54  
Viewing current network address settings........................................54  
Using the main menu..............................................................................54  
Checking the status of the Server and Manager..............................55  
Starting the appliance ......................................................................55  
Stopping the appliance.....................................................................55  
Viewing and maintaining versions of the software ...........................56  
Clearing statistics.............................................................................59  
Rebooting the System......................................................................60  
Halting the System...........................................................................60  
Changing the administrator password for telnet or serial access.....60  
Resetting to factory settings.............................................................61  
Preparing a cache disk.....................................................................61  
Using the config menu............................................................................61  
Setting general controls ...................................................................62  
Configuring protocol options ............................................................63  
Configuring the cache ......................................................................76  
Configuring security options.............................................................82  
Configuring routing options ..............................................................84  
Configuring the Adaptive Redirection Module (ARM) ......................93  
Configuring the host database options.............................................96  
Configuring logging options..............................................................98  
Contents  
v
Using the monitor menu......................................................................... 99  
Viewing Node statistics.................................................................... 99  
Viewing Protocol statistics............................................................. 100  
Viewing Cache statistics................................................................ 104  
Viewing Other statistics ................................................................. 105  
Appendix A  
Caching Solutions and Performance  
113  
Web proxy caching............................................................................... 114  
A day in the life of a cache request ............................................... 114  
Ensuring cached object freshness................................................. 115  
Revalidating objects ...................................................................... 116  
HTTP object freshness tests ......................................................... 116  
Deciding whether to serve HTTP objects ...................................... 117  
Configuring HTTP freshness options............................................. 118  
Caching HTTP alternates .............................................................. 119  
To cache or not to cache?............................................................. 119  
Transparent proxy caching................................................................... 120  
Serving requests transparently...................................................... 121  
Interception strategies ................................................................... 121  
ARM redirection............................................................................. 125  
Adaptive interception bypass......................................................... 126  
Server acceleration .............................................................................. 128  
Advantages of server acceleration ................................................ 129  
How server acceleration works...................................................... 129  
Retrieving requested documents................................................... 129  
Web server redirects ..................................................................... 131  
Understanding server acceleration mapping rules ........................ 132  
Examples of rules and translations................................................ 133  
vi  
Intel NetStructure Cache Appliance Administrator’s Guide  
Understanding cache hierarchies.........................................................135  
HTTP cache hierarchies.................................................................135  
ICP cache hierarchies....................................................................136  
NNTP cache hierarchies ................................................................137  
News article caching.............................................................................138  
The appliance as a news server ....................................................139  
The appliance as a caching proxy news server .............................139  
Supporting several parent news servers........................................139  
Blocking particular groups..............................................................140  
Clustering.......................................................................................140  
Transparency .................................................................................141  
Posting ...........................................................................................141  
Maintaining the cache: updates and feeds.....................................141  
Configuring Access control ............................................................142  
Obeying NNTP control messages..................................................143  
Client bandwidth throttling..............................................................143  
Carrier-class architecture .....................................................................143  
Performance...................................................................................143  
Appendix B  
HTML messages sent to clients ...........................................................152  
Standard HTTP response messages ...................................................154  
Glossary  
Index  
List of  
Procedures  
Initially configuring and starting your system............................................8  
Accessing the Manager UI .....................................................................12  
Reaching Monitor pages.........................................................................18  
Reaching the Dashboard page...............................................................18  
Changing the selected node...................................................................20  
Reaching the Node Page .......................................................................20  
Reaching the Graphs page.....................................................................21  
Reaching the Protocols page .................................................................21  
Contents  
vii  
Reaching the Cache page...................................................................... 21  
Reaching the ARM page........................................................................ 22  
Reaching the Other page....................................................................... 22  
Reaching the MRTG page ..................................................................... 22  
Reaching the configure pages ............................................................... 24  
Reaching the Server Basics page.......................................................... 24  
Modifying the Virtual IP address list....................................................... 27  
Adding a Virtual IP address.................................................................... 27  
Reaching the Protocols page................................................................. 30  
Reaching the Cache page...................................................................... 35  
Reaching the Security page................................................................... 39  
Reaching the Routing page.................................................................... 40  
Adding an ICP Peer ............................................................................... 42  
Creating a document route rewriting rule............................................... 43  
Reaching the Host Database page ........................................................ 44  
Reaching the Snapshots page............................................................... 48  
Changing network address configuration on the NIC............................. 52  
Changing speed and transmission mode............................................... 53  
Changing the DNS address ................................................................... 53  
Changing the gateway address.............................................................. 53  
Configuring the time zone setting........................................................... 54  
Configuring the date and time settings................................................... 54  
Checking Server and Manager status.................................................... 55  
Starting the appliance ............................................................................ 55  
Stopping the appliance........................................................................... 55  
Identifying which versions of the appliance software are installed......... 56  
Setting up the FTP server ...................................................................... 56  
Starting the upgrade from the appliance side ........................................ 57  
Running a different version of the appliance software ........................... 58  
Deleting a version of the appliance software ......................................... 59  
Viewing the current version of the appliance ......................................... 59  
Clearing statistics for the appliance ....................................................... 59  
Rebooting the system ............................................................................ 60  
Halting the system.................................................................................. 60  
Changing the password ......................................................................... 60  
Resetting the appliance to default factory settings................................. 61  
viii  
Intel NetStructure Cache Appliance Administrator’s Guide  
Preparing a cache disk...........................................................................61  
Setting general controls..........................................................................62  
Configuring HHTP options......................................................................63  
Configuring NNTP options......................................................................64  
Adding NNTP server rules......................................................................65  
Configuring the FTP options...................................................................71  
Adding filter rules....................................................................................72  
Deleting filter rules..................................................................................74  
Viewing filter rules ..................................................................................74  
Adding remap rules ................................................................................74  
Deleting remap rules ..............................................................................75  
Viewing remap rules...............................................................................75  
Enabling caching for different protocols .................................................76  
Setting disk storage options ...................................................................77  
Setting freshness properties...................................................................77  
Adding caching rules ..............................................................................79  
Deleting cache rules...............................................................................81  
Viewing cache rules................................................................................82  
Adding IP Allow rules..............................................................................82  
Deleting IP Allow rules............................................................................82  
Viewing IP Allow rules ............................................................................83  
Adding Manager Allow rules...................................................................83  
Deleting Manager Allow rules.................................................................84  
Viewing Manager Allow rules .................................................................84  
Enabling parent proxy caching rules ......................................................89  
Disabling parent proxy caching rules......................................................89  
Adding parent proxy caching rules .........................................................89  
Deleting parent proxy caching rules .......................................................91  
Viewing parent proxy caching rules........................................................92  
Enabling WCCP......................................................................................92  
Disabling WCCP.....................................................................................92  
Configuring WCCP options.....................................................................92  
Viewing current WCCP options ..............................................................93  
Enabling transparent redirection.............................................................93  
Disabling transparent redirection............................................................93  
Adding ARM bypass rules ......................................................................94  
Contents  
ix  
Deleting ARM bypass rules.................................................................... 95  
Viewing ARM bypass rules .................................................................... 95  
Configuring load-shedding options......................................................... 96  
Configuring host database options......................................................... 96  
Viewing host database options .............................................................. 98  
Enabling logging options........................................................................ 98  
Disabling logging options ....................................................................... 98  
Configuring logging options.................................................................... 98  
Viewing logging options ......................................................................... 99  
Viewing node statistics........................................................................... 99  
Viewing protocol statistics.................................................................... 100  
Viewing Cache statistics ...................................................................... 104  
Viewing host database statistics .......................................................... 105  
Viewing DNS statistics ......................................................................... 106  
Viewing cluster statistics ...................................................................... 106  
Viewing logging statistics ..................................................................... 107  
Entering expert mode........................................................................... 107  
Saving the current configuration to a floppy disk ................................. 108  
Loading a previously saved configuration from a floppy ...................... 108  
Logging off the system......................................................................... 108  
Rebooting the appliance from the CLI.................................................. 110  
Rebooting the appliance from the front panel ...................................... 110  
x
Intel NetStructure Cache Appliance Administrator’s Guide  
Preface  
®
This manual describes how to use and configure an Intel NetStructure Cache Appliance  
nodes.  
The manual covers the following topics:  
  Chapter 1 contains an overview of the appliance and an overview of this guide.  
  Chapter 2 through Chapter 1 contain procedural information about starting,  
monitoring, and configuring the appliance.  
with the appliance.  
  Appendix A contains background information about the appliance’s main components  
and features of the appliance.  
  Appendix B provides error information.  
xi  
 
Who should read this manual  
This manual is intended for system administrators who configure, run, and  
administer Intel NetStructure Cache Appliance systems. Consequently, the  
information in the manual was written with the assumption that the reader has  
experience in Web server administration and configuring TCP/IP networking.  
Conventions used in this manual  
This manual uses the following conventions.  
Convention  
Purpose  
italics  
Represent emphasis and introduce terms, for example,  
“the management cluster.”  
bold  
Represents graphical user interface options and menu  
names, for example, “Reset”  
monospaced  
font  
Represents commands, file names, file content, computer  
input, and output, for example, “use the reconfigure  
command.”  
monospaced  
bold  
Represents commands that you should enter literally, for  
example, type reboot.  
monospaced  
italic  
Represents variables for which you should substitute a  
value, for example, “enter a filename.”  
brackets [ ]  
Represent optional command arguments in command  
syntax, for example, add pathname [size]  
xii  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
Chapter 1  
Introduction  
®
The Intel NetStructure Cache Appliance is a carrier-class caching appliance that offers  
high performance, high availability, and simple centralized management. The appliance  
automatically and efficiently copies network documents and images, bringing them closer  
and serving them faster to your users.  
When placed strategically in a network, the appliance can serve user requests for objects  
from an origin server. This relief results in improved network performance, and a  
bandwidth usage by eliminating redundant requests for popular documents.  
This chapter provides the following overviews:  
  What is an Intel® NetStructure™ Cache Appliance?‚ on page 2  
  Intel NetStructure Cache Appliance features‚ on page 3  
  How to use this guide‚ on page 5  
1
     
What is an Intel® NetStructureCache  
Appliance?  
Internet users request billions of documents each day all over the world.  
Unfortunately, global data networking has become difficult for professionals as  
they struggle with overloaded servers trying to keep pace with society’s growing  
data demands.  
The Intel NetStructure Cache Appliance family provides you with a turnkey,  
scalable solution you can place in your network to deliver industry-leading  
caching capabilities. Your system is designed for fast and reliable caching for  
Internet Service Providers (ISPs), backbone providers, and large intranets.  
Why use this caching appliance?  
Caching can significantly reduce pressure on busy networks and servers by  
storing copies of popular documents near their users. Instead of making multiple  
requests for the same document across congested networks to overloaded servers,  
users access copies from the caching appliance’s large, fast local cache. This  
reduces backbone congestion, provides faster response, and improves the quality  
of service.  
The following design features make the Intel NetStructure Cache Appliance a  
carrier-class caching product:  
  Scalability (you can easily add nodes to a management cluster as needed)  
  Fault tolerance (redundant boot images)  
  Secure single-point administration (you can configure many nodes at once)  
See Intel NetStructure Cache Appliance features‚ on page 3 for more information  
about these features.  
Flexible cache architecture  
You can use the appliance alone or with other enterprise software, including other  
caching products. Here are some examples of ways to use the appliance.  
Web proxy cache  
User requests go to the appliance on the way to the destined web server. If the  
cache contains the requested document, the appliance serves the requested  
document directly. If the cache does not have the desired document, the  
appliance acts as a proxy, fetching the document from the web server on the  
user’s behalf, and keeps a copy to satisfy future requests.  
2
Intel NetStructure Cache Appliance Administrator’s Guide  
     
Server accelerator  
The appliance can be configured as a web server to accelerate slower  
traditional web servers. Documents stored in cache are served at high speed,  
while documents not in cache are requested on demand from slower,  
traditional web servers. This server accelerator feature is also called reverse  
proxy.  
Part of an HTTP cache hierarchy  
The appliance can participate in flexible cache hierarchies, where Internet  
requests not fulfilled in one cache can be routed to other regional caches,  
taking advantage of the of nearby caches.  
ICP sibling  
The appliance supports the standard Internet Cache Protocol (ICP) to  
interoperate with existing ICP cache hierarchies. The appliance can send ICP  
queries to neighboring caches as part of an ICP cache hierarchy.  
NNTP news cache  
The appliance caches and serves NNTP news articles and can accept news  
feeds for designated news groups.  
Intel NetStructure Cache Appliance features  
The appliance provides a rich set of features to ensure high performance and  
superior stability and to offer broad flexibility. The following list provides a brief  
overview of the appliance’s primary features. For a more exhaustive list and  
description of features, refer to Carrier-class architecture‚ on page 143.  
Scalability  
The appliance scales from a single node into multiple-node clusters, allowing  
you to improve system performance and reliability simply by adding more  
nodes to your cluster. Support exists for two types of clusters: soft clustering  
and management-only clustering. For more information on clustering, see  
Clustering‚ on page 140.  
Boot Image Redundancy  
The appliance features both a primary and secondary boot image on separate  
hard drives. When a drive with a boot image fails, a system administrator can  
detect and replace the faulty hard drive. This feature helps maximize the time  
your system is up and running uninterrupted.  
Chapter 1 Introduction  
3
 
Multithreading process support  
The appliance is the first commercial caching proxy server to aggressively  
implement multithreading, breaking down large transactions into small,  
efficient tasks. The appliance processes multiple outstanding requests  
simultaneously and efficiently, even under peak loads.  
High-speed caching  
The cache consists of a high speed object database stored on raw disk.  
Objects are stored and indexed according to their URL and associated  
headers. This enables the appliance to store, retrieve, and serve not only web  
pages, but parts of web pages, providing optimum bandwidth savings.  
Broad protocol support  
The Intel NetStructure Cache Appliance supports the following protocols:  
 
 
 
 
 
 
HTTP versions 0.9 through 1.1  
FTP  
NNTP  
ICP  
SSL encryption  
WCCP 2.0  
HTTP cache hierarchy support  
In a hierarchy of proxy servers, the appliance can act either as a parent or  
child cache, either to other Intel NetStructure Cache Appliances, or to other  
caching products.  
Web server acceleration  
Through reverse proxy, the appliance can act as a web server accelerator,  
handling requests for and relieving stress from web servers.  
Transparency option  
With transparent interception of user traffic, user requests are automatically  
injected into the cache on their way to the eventual destination. Users request  
Internet data as usual without any browser configuration, and the appliance  
automatically serves their requests.  
Secure, single-point administration  
The appliance offers two administration alternatives to suit the needs of  
different environments:  
 
Browser-based interface: The Manager User Interface (UI) offers  
password-protected, single-point administration for an entire cluster.  
 
Command-line interface: The command-line interface lets you  
configure the system’s network addresses and lets you control,  
configure, and monitor the appliance.  
4
Intel NetStructure Cache Appliance Administrator’s Guide  
SNMP Network Management  
The appliance can be monitored and managed through SNMP network  
management facilities. The appliance supports two management information  
bases (MIBs). The first, MIB-2 is a well known standard MIB. The second,  
the proprietary Intel NetStructure Cache Appliance MIB provides more  
specific node and cluster information.  
Performance reporting  
You can get performance statistics at a glance from the Manager UI or from  
the command-line interface.  
How to use this guide  
chapters, and reference appendixes.  
To find out about …  
See …  
Procedures  
how to get started  
page 8  
how to use the Manager UI  
how to monitor and configure the  
appliance using the Manager UI  
Using Monitor and Configure mode‚ on  
page 13  
how to use the command line  
interface  
Accessing the command-line interface‚  
on page 15  
how to upgrade software  
Installing a new version of the appliance  
software‚ on page 56  
how to troubleshoot system  
problems  
Chapter 6‚ Troubleshooting Problems  
Appendices  
background information including  
web proxy caching, transparent  
proxy caching, server acceleration,  
cache hierarchies, news article  
caching, and carrier-class  
architecture  
Performance  
error messages  
Appendix B‚ Error Messages  
Chapter 1 Introduction  
5
 
Chapter 2  
This chapter contains the following sections:  
  Starting the system for the first time‚ on page 8  
  Accessing the Manager UI‚ on page 12  
  Accessing the command-line interface‚ on page 15  
  Verifying that caching works‚ on page 15  
  Changing passwords‚ on page 15  
7
     
Starting the system for the first time  
Before you can start the Intel NetStructure Cache Appliance, make sure it is  
physically connected properly. Connections include:  
  Connecting to the network through the primary network interface.  
  Connecting a Terminal Emulator or Concentrator to the appliance’s COM1  
port using the serial cable that came packaged with the appliance.  
  Attaching the supplied power cord to the appliance and plugging the cord into  
an approved receptacle.  
You can find instructions on how to physically set up your system in the Intel  
NetStructure Cache Appliance Quick Start.  
Note  
Safety regulations and warranty require that the front bezel mounts and panel  
must be in place during operation of the appliance.  
Once you have made the physical connections, you can initially configure your  
appliance and start it up.  
  Initially configuring and starting your system  
1
From the Terminal Emulator or Serial Concentrator, make sure you are  
emulating a VT100 terminal. Use these port specifications for the connection:  
 
 
 
 
 
9600 baud  
8 data bits  
No parity  
1 stop bit  
Hardware flow control  
2
3
From the window emulating the VT100 terminal, open the connection to the  
appliance.  
Power on the appliance by pressing the power button, located behind the front  
bezel. Supplying power to the appliance starts the initial boot process. The  
initial boot process takes approximately three to four minutes. During this  
time random characters might appear on the screen of your VT100 terminal  
emulator.  
Note  
See the Intel NetStructure Cache Appliance Quick Start for locations of  
controls and physical features on your system.  
8
Intel NetStructure Cache Appliance Administrator’s Guide  
     
4
5
After your system completes the boot procedure, a console login prompt  
appears with fields for both a login and password. At the prompt, supply  
adminfor both the login and password, and press Enter.  
After you login, the VT100 terminal emulator screen displays this initial set  
of menu selections.  
install  
commit  
Install Intel Cache  
Commit Setup Changes  
6
7
Use the arrow keys to select setup and press the Enter key.  
Note  
For information on how to navigate within the CLI, refer to Navigating the  
command-line interface‚ on page 51.  
The setup menu appears. This menu allows you to configure network and  
time parameters as well as view settings you have entered.  
—network  
Configure Network  
timezone Configure Time Zone  
time  
view  
Configure Date and Time  
View Settings  
8
Use the arrow keys to select network and press the Enter key. The following  
network setup fields appear:  
Enter IP Address  
Enter Hostname  
Enter Netmask  
Enter Nameserver IP  
Enter Gateway IP  
Enter Domain  
192.168.1.10______________  
Intel-NetStructure-Cache__  
255.255.255.0_____________  
__________________________  
192.168.1.1_______________  
_________________________  
9
In each field supply an appropriate value and press the Enter key. Pressing the  
Enter key moves the cursor to the next field. After you have supplied values  
for all six fields, press CTRL+X to save your changes and return to the  
previous menu.  
10 The bottom of the screen displays a message that indicates the setup has  
completed. When the message appears, entries to the screen have been  
successfully changed and stored. The menu on this screen should appear as  
follows:  
network  
Configure Network  
–timezone Configure Time Zone  
time  
view  
Configure Date and Time  
View Settings  
Chapter 2 Getting Started  
9
11 Use the arrow keys to highlight timezone and press the Enter key. Pressing  
the Enter key causes a scrollable list of available timzones to appear. Here is a  
partial list:  
–United States Eastern  
United States Central  
United States Mountain  
United States Pacific  
12 Use the arrow keys to scroll through the available zones and highlight the  
appropriate zone for your area. After highlighting the applicable zone, press  
the Enter key. Next, press any key to save your selection and return to the  
previous screen as follows:  
network  
Configure Network  
timezone Configure Time Zone  
–time  
view  
Configure Date and Time  
View Settings  
Note  
In order for the timezone change to become effective, the appliance must be  
rebooted. A reboot operation occurs later during the initial setup.  
13 Use the arrow keys to highlight time and press the Enter key. Pressing the  
Enter key causes the following fields to appear:  
Enable(1)/Disable(0) Daylight Savings Time__  
Currently Inside (1)/Outside(0) Daylight Savings Time__  
Enter Time  
Enter Date  
[HH:MM:SS]  
[MM/DD/YYYY] __/__/__  
__:__:__  
14 Set your Daylight Savings Time options. Then enter the time using a 24-hour  
format (e.g., for 2:14:56 PM enter 14:14:56). For each part of the format, you  
must press Enter to accept the value and to move to the next part of the field.  
For example, after entering the two-digit hour value, pressing Enter causes  
the value to be accepted and positions the cursor over the minutes part of the  
time field. Supply the date using the MM/DD/YYYY format. After supplying  
the date, press the CTRL-X key combination to save your changes and return  
to the previous menu as follows:  
network  
Configure Network  
timezone Configure Time Zone  
time  
–view  
Configure Date and Time  
View Settings  
15 From this menu you can select view to verify the network and time  
information you have entered. After you are sure all the information you have  
entered is correct, press the CTRL-X key combination twice to move back to  
the main menu as follows:  
setup  
–install  
commit  
Initial Intel Cache Setup  
Install Intel Cache  
Commit Setup Changes  
16 From the main screen, highlight install and press the Enter key. Selecting  
install causes the settings to be written to the boot image. During the  
10  
Intel NetStructure Cache Appliance Administrator’s Guide  
installation, the bottom of the screen keeps you apprised of the installation’s  
progress.  
17 After the installation is complete, use the arrow keys to position the cursor on  
commit as follows:  
setup  
install  
–commit  
Initial Intel Cache Setup  
Install Intel Cache  
Commit Setup Changes  
18 Pressing the Enter key starts the final phase of the initialization process as  
well as the cache application. The bottom of the screen indicates that the  
cache application has started and prompts you to press the Enter key a second  
time.  
19 When the Initialization Complete!prompt appears, press the Enter  
key to reboot the appliance. Rebooting the appliance takes several minutes.  
During the reboot process, random characters might appear in the window of  
the VT100 terminal emulator screen.  
20 After your system completes the boot procedure, a console login prompt  
appears with fields for both a login and password. At the prompt, supply  
adminfor both the login and password, and press Enter.  
21 After the login completes, the initial menu appears with additional selections:  
setup  
–main  
config  
monitor  
save  
Initial Intel Cache Setup  
Main Intel Cache Controls  
Intel Cache Configuration  
View Statistics  
Save Config to Floppy  
Load Config from Floppy  
Logoff  
load  
logoff  
Note  
The system starts with factory settings. You can further configure or customize  
the appliance by following the guidelines in Chapter 4‚ Configuring the  
Appliance.  
Once the software is running, you can access the system through a web browser  
by using the system’s IP Address with an appended :8081as the URL. For  
information on accessing the manager UI, refer to Accessing the Manager UI‚ on  
page 12.  
Chapter 2 Getting Started  
11  
Accessing the Manager UI  
The Manager UI is a browser-based interface, consisting of a series of web pages.  
Use the Manager UI to monitor performance and configure and fine-tune selected  
nodes in your cluster. You can access any node in the cluster through the same  
Manager UI.  
  Accessing the Manager UI  
1
Open your web browser.  
The Manager UI requires Java and JavaScript; be sure to enable Java and  
JavaScript.  
2
Point your browser at this location, where nodenameis the IP address you  
have assigned to the appliance or the qualified DNS name. If the appliance is  
part of a cluster, you will be logging into that specific node:  
http://nodename:8081/  
3
Provide your appliance administrator’s ID and password. By default, the  
administrator ID is adminand the password is admin. It is recommended  
that you change the default administrator ID and password. You can change  
these values by using the Security page. For information on how to use the  
Security page, see Using the Security page‚ on page 39.  
Note  
Note  
Should you forget your password, contact Customer Service at Intel  
Corporation for assistance. For information on how to contact Intel Customer  
Service, see the Intel NetStructure Cache Appliance Product Support booklet  
that came with your system.  
values for the node you are logging into only. Furthermore, changing the ID  
and password for the Manager UI does not change the ID and password for  
telnet access. You must use the command-line interface (CLI) to change the  
telnet ID and password for the node.  
The Manager UI appears in your browser in the default monitor mode. The  
Dashboard page, as shown Figure 1, is the default page. From the  
MONITOR and CONFIGURE tabs to the left of the Dashboard page, you  
can reach all other Manager UI pages.  
12  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Figure 1  
The Dashboard page  
Using Monitor and Configure mode  
The Manager UI has two modes, Monitor and Configure:  
  In Monitor mode, view performance statistics and graphs. To access Monitor  
mode, click the top of the MONITOR tab.  
  In Configure mode, view and modify the appliance’s configuration options.  
To access Configure mode, click the top of the CONFIGURE tab.  
Chapter 2 Getting Started  
13  
     
Figure 2 shows the control frame buttons for both the Monitor and Configure  
modes.  
Configure mode frame  
Monitor mode frame  
Figure 2  
The Monitor and Configure Control Frames  
When you are in Monitor mode, you can access all the pages that report  
information about the appliance’s performance. With the exception of the  
information on the Dashboard page, information on the Monitor pages pertain  
to the selected node. You can change nodes at any time by returning to the  
Dashboard and clicking the node of your choice. For information about how to  
use each of the performance screens, see Accessing monitor pages‚ on page 18.  
Changes button the selected node’s configuration is updated.  
Note  
It is recommended that you save current configuration values before making any  
changes.  
To save and restore an entire set of configuration files, refer to Using the  
Snapshots page‚ on page 47. For information about all the values you can set in  
Configuration mode, see Chapter 4‚ Configuring the Appliance.  
14  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Using online help  
Both the MONITOR and CONFIGURE tabs have a Help page button. When  
you click the Help page button, the online help opens in another browser  
window. Each of the Manager UI pages has online help available.  
Accessing the command-line interface  
You can access the command-line interface using one of two methods:  
machine. Refer to the Intel NetStructure Cache Appliance Quick Start Guide  
for detailed information.  
  Access the machine through a telnet connection. This method requires you to  
enter a telnet Administrator ID and password. Refer to Changing the  
administrator password for telnet or serial access‚ on page 60 for  
information on this ID and password.  
For information on using the command-line interface, refer to Chapter 1‚ Using  
the Command-Line Interface.  
Verifying that caching works  
After starting the appliance, you should verify that it is up and running. To see if  
the appliance is processing HTTP requests, do the following:  
1
2
From the Monitor tab in the Manager UI, click the Protocols button.  
Make a note of the current HTTP User Agent Total Document Bytes  
statistic.  
3
4
5
Set your browser to the Intel NetStructure Cache Appliance proxy port.  
Browse the Internet.  
Check the HTTP User Agent Total Document Bytes value.  
This value should have increased if caching is working.  
Changing passwords  
Two IDs and passwords exist for each appliance: one to access the Manager UI  
and one to access the CLI when you are connected to the appliance through a  
telnet or serial connection. By default, the appliance uses adminfor both the  
Administrator’s ID and password in each case.  
For a given Manager UI session, an ID and password are required the first time  
you access an appliance or the cluster, or when you attempt to connect to a node  
through a telnet connection. The Administrator’s ID and password are unique for  
each node in the cluster. It is recommended that you change the default  
Chapter 2 Getting Started  
15  
           
Administrator’s ID and password for both telnet and Manager UI access as soon  
as possible after installing each node.  
To change the password for the Manager UI, see Using the Security page‚ on  
page 39. To change the password for the telnet or serial connection, see  
Changing the administrator password for telnet or serial access‚ on page 60.  
16  
Intel NetStructure Cache Appliance Administrator’s Guide  
Chapter 3  
Monitoring Appliance Performance  
statistics on the Intel NetStructure Cache Appliance.  
This chapter contains the following sections:  
  Accessing monitor pages‚ on page 18  
  Using the Dashboard page‚ on page 18  
  Using the Node page‚ on page 20  
  Using the Graphs page‚ on page 21  
  Using the Protocols page‚ on page 21  
  Using the Cache page‚ on page 21  
  Using the ARM page‚ on page 21  
  Using the Other page‚ on page 22  
  Using the MRTG page‚ on page 22  
17  
   
Accessing monitor pages  
The Manager UI uses monitor pages to present performance information on the  
selected appliance and the cluster as a whole. A monitor page is a browser page  
displayed as a result of “clicking” on a page button in the Manager UI. By  
default, the Manager UI starts in monitor mode (as opposed to configure mode),  
which displays Monitor page buttons.  
  Reaching Monitor pages  
1
2
Open your browser to the Manager UI.  
Enter the Administrator ID and password. By default, the Administrator ID is  
adminand the password is also admin. Intel recommends that the  
administrator change these values when the appliance is initially installed.  
Note  
Note  
Should you forget your password, contact Customer Service at Intel  
Corporation for assistance. For information on how to contact Intel Customer  
Service, see the Intel NetStructure Cache Appliance Product Support booklet  
that came with your system.  
3
Click on a MONITOR tab.  
Some performance displays rely on Java. To use the Monitor pages or any  
other pages in the UI, make sure your browser is set to enable Java and  
JavaScript.  
Information displayed on the monitor mode pages fall into two categories:  
information for the selected node in the cluster, and information for the cluster as  
a whole. To view information on a given node, you need to access that node as  
described in Changing the selected node‚ on page 20.  
Using the Dashboard page  
The Dashboard page provides a concise view of the appliance and of the cluster.  
The page displays all nodes in the cluster by name and tracks essential statistics  
for each node. In the list of nodes, a single node is currently selected. Its name  
appears in black text without underlining, while the rest of the node names appear  
appear as hypertext links.  
  Reaching the Dashboard page  
1
2
Be sure you are in monitor mode. If not, click the MONITOR tab.  
Click the Dashboard page button.  
Note  
By default, the Dashboard page appears after you log onto Manager UI with  
your Administrator ID and password.  
Node-  
specific  
information  
With the exception of the information on the Dashboard page and the cluster  
information on the Node page, performance information pertains to a single  
node.  
18  
Intel NetStructure Cache Appliance Administrator’s Guide  
         
Use the Dashboard page to:  
  Select a node  
  See which nodes are on and which are off  
  See if an alarm condition exists on any node  
If an alarm condition exists, you can click the alarm light to view a  
description of the alarm and resolve it.  
  See the number (cumulative to date) of objects served to users from each  
node  
  See the traffic load (as current transactions per second)  
The meter dial shows you how hard a node is working. When the needle is to  
the left on the dial, the work load is light. When the needle is to the far right  
(red), the node is overloaded.  
Dashboard alert lights  
The Dashboard contains two alert lights: an on/off light and an alarm light. Alert  
lights indicate the following about a node:  
Alert light Condition  
on/off light Green  
on/off light Dark  
Description  
Caching is active.  
Caching is not active.  
No alarms.  
alarm light Green  
alarm light Red with link to alarms Alarms exist for that node. Click the  
red alarm light for more information.  
alarm light Yellow  
A cluster problem exists.  
Resolving alarms  
Alarms alert you to problems or warn you of potential problems. Alarm  
conditions themselves are built into the appliance—you cannot change them.  
If an alarm light is on, you can click it to view a description of the alarm  
conditions. Click the Resolve button to acknowledge that you have been  
informed of the condition.  
Important  
Clicking the Resolve button only dismisses alarm messages; it does not actually  
resolve the cause of the alarms.  
Exposing node detail  
Click the More Detail link to expose the following information for the listed  
nodes in the cluster:  
  Cache hit rate  
  Cache hit rate, fresh  
Chapter 3 Monitoring Appliance Performance  
19  
 
  Cache hit rate, refresh  
  Errors  
  Aborts  
  Active clients/servers  
  Average fresh hit  
Note  
Online help provides descriptions for each of these statistics.  
Changing the selected node  
As mentioned earlier, information on pages accessed in monitor mode exists for  
the selected node and for the cluster as a whole. You start the process to change  
the selected node from the Dashboard page by clicking on a node name.  
  Changing the selected node  
1
2
Click on the node name.  
Provide the Administrator ID and password, if necessary. It is only necessary  
to log on to a node once during a given Manager UI session.  
Note  
Should you forget your password, contact Customer Service at Intel  
Corporation for assistance. For information on how to contact Intel Customer  
Service, see the Intel NetStructure Cache Appliance Product Support booklet  
that came with your system.  
After changing the selected node, that name appears as black text without  
underlining, while the remaining node names appear as hypertext links.  
If you need more information about the selected node, click the Node page  
button (described in Using the Node page‚ on page 20).  
Note  
The online help provides descriptions of each of the statistics in the Dashboard  
page.  
Using the Node page  
The Node page provides performance statistics for the currently selected node in  
your cluster and the cluster as a whole. These statistics include document hit  
rates, DNS lookups, and client and server transactions.  
  Reaching the Node Page  
1
2
Be sure you are in monitor mode. If not, click the MONITOR tab.  
Click the Node page button.  
Note  
Online help provides descriptions for each of the statistics on the Node page.  
20  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Using the Graphs page  
The Graphs page provides a list of options for generating performance graphs  
for cache results, garbage collection, transfer rates, and object size for the  
currently selected node.  
  Reaching the Graphs page  
1
2
Be sure you are in monitor mode. If not, click the MONITOR tab.  
Click the Graphs page button.  
Once you reach the Graphs page, click a link to generate a graph for viewing.  
Using the Protocols page  
The Protocols page provides cluster-wide statistics for use of the HTTP, FTP,  
NNTP, ICP, and WCCP protocols for the selected node.  
  Reaching the Protocols page  
1
2
Be sure you are in monitor mode. If not, click the MONITOR tab.  
Click the Protocols page button.  
Note  
Online help provides descriptions for each of the statistics in the Protocols page.  
Using the Cache page  
The Cache page provides cache statistics for the selected node. Cache statistics  
report cumulative and current information about connections, transactions, object  
reads and writes, and document hits and misses.  
  Reaching the Cache page  
1
2
Be sure you are in monitor mode. If not, click the MONITOR tab.  
Click the Cache page button.  
Note  
Online help provides descriptions of each of the statistics in the Cache page.  
Using the ARM page  
The ARM page provides statistics about the Adaptive Redirection Module used  
for transparent proxy caching for the selected node. The statistics include  
information about ARM configuration, WCCP fragments (if you are using a  
WCCP-enabled router), the Network Address Table (NAT), and security (for  
example, the number of dropped TCP connections).  
Chapter 3 Monitoring Appliance Performance  
21  
             
  Reaching the ARM page  
1
2
Be sure you are in monitor mode. If not, click the MONITOR tab.  
Click the Arm page button.  
Note  
Online help provides descriptions of each of the statistics in the ARM page.  
Using the Other page  
The Other page reports statistics for the various appliance functions, including  
host database and DNS lookups for the selected node.  
  Reaching the Other page  
1
2
Click the Other page button.  
Host  
database and  
DNS statistics  
If you see more lookups on the DNS server than in the host database, you might  
need to increase the size of your database or adjust database time-out settings. Or,  
you might need to adjust the time-out and retry settings for DNS look-ups. To  
make adjustments, see Using the Host Database page‚ on page 44.  
Note  
Online help provides descriptions of each of the statistics in the Other page.  
Using the MRTG page  
Multi Router Traffic Grapher (MRTG) is a graphing tool that enables you to  
monitor the appliance’s performance. The MRTG page shows information about  
virtual memory usage, client connections, document hit rates, hit and miss rates,  
and so on. MRTG uses five-minute intervals to formulate the statistics and  
provides useful historical information about your appliance’s performance.  
  Reaching the MRTG page  
1
2
Be sure you are in monitor mode. If not, click the MONITOR tab.  
Click the MRTG page button.  
Once the page is displayed, click on a graph to see daily, weekly, monthly, and  
yearly statistics for that particular graph.  
You can also click on the daily view link at the bottom of the MRTG page to see  
daily statistics and on the weekly view link to see weekly statistics. Clicking on  
these links provides a more extensive selection of related graphs.  
Note  
Online help provides descriptions of the graphs.  
22  
Intel NetStructure Cache Appliance Administrator’s Guide  
           
Chapter 4  
Configuring the Appliance  
This chapter describes the configuration options that control the Intel NetStructure Cache  
Appliance behavior and performance, and instructs you on how to set these values in the  
Manager UI.  
This chapter contains the following sections:  
  Accessing configure pages‚ on page 24  
  Using the Server Basics page‚ on page 24  
  Using the Protocols page‚ on page 30  
  Using the Cache page‚ on page 35  
  Using the Security page‚ on page 39  
  Using the Routing page‚ on page 39  
  Using the Host Database page‚ on page 44  
  Using the Snapshots page‚ on page 47  
23  
     
Accessing configure pages  
The Manager UI uses configure pages to display and allow configuration changes  
to the selected appliance. A configure page is a browser page displayed as a result  
of “clicking” on a configure page button in the Manager UI.  
Note  
Some performance displays rely on Java. To use the configure pages or any other  
pages in the UI, make sure your browser is set to enable Java and JavaScript.  
  Reaching the configure pages  
1
2
Open your browser to the Manager UI.  
Enter the Administrator ID and password. By default, the Administrator ID is  
adminand the password is also admin. It is recommended that you change  
these default values as soon as possible after the appliance is installed.  
Note  
Should you forget your password, contact Customer Service at Intel  
Corporation for assistance. For information on how to contact Intel Customer  
Service, see the Intel NetStructure Cache Appliance Product Support booklet  
that came with your system.  
3
Click the CONFIGURE tab.  
After you click the CONFIGURE tab, the Server Basics page appears.  
Each configure page allows you to control certain configuration settings for the  
selected node in a cluster. To update a setting you must provide relevant data or  
choices and then click the accompanying Make These Changes button on the  
configure page.  
The following sections describe each configure page in detail.  
Using the Server Basics page  
The Server Basics page lets you:  
  Turn cache and proxy services on or off  
  Identify the appliance name  
  Restart or reconfigure the caching software  
  Configure the use of virtual IP addresses  
  Auto configure browsers to connect to the appliance  
  Throttle appliance connections  
  Enable SNMP agents  
  Reaching the Server Basics page  
  If you are in monitor mode, click the CONFIGURE tab.  
  If you are in configure mode, click Server page button.  
24  
Intel NetStructure Cache Appliance Administrator’s Guide  
         
Setting general options  
The following table describes the general configuration settings in the Intel  
NetStructure Cache section.  
Option  
Description  
on/off  
Enables or disables caching. When you disable  
caching, you shut down all cache and proxy  
services on a node-by-node basis. That is, you  
can turn caching on or off only one node at a time.  
You must disable cache services before  
performing certain maintenance tasks.  
Intel NetStructure Cache  
Cluster name  
Displays the hostname for the appliance. By  
default, the name assumes a standalone node  
and displays the hostname for the appliance as  
the cluster name. If you are configuring an  
appliance to be part of an existing management  
cluster, you must enter the cache cluster name.  
Local Domain Expansion  
on/off  
Enables or disables local domain expansion.  
If you want the appliance to attempt to resolve  
unqualified hostnames by expanding to the local  
domain, enable expansion. For example, if a user  
makes a request to an unqualified host named  
host_x, and if the appliance’s local domain is  
y.com, the appliance will expand the hostname to  
host_x.y.com.  
.comDomain Expansion  
Enables or disables .comdomain expansion.  
on/off  
If you want the appliance to attempt to resolve  
unqualified hostnames by redirecting them to the  
expanded address prepended with www.and  
appended with .com, enable expansion. For  
example, if a user makes a request to inktomi,  
the appliance redirects the request to  
www.inktomi.com.  
If local domain expansion is enabled, the  
appliance attempts local domain expansion  
before .comdomain expansion; the appliance  
tries .comdomain expansion only if local domain  
expansion fails.  
Chapter 4 Configuring the Appliance  
25  
 
Setting Web management options  
The Web Management section lets you restart the cluster and specify refresh rates  
as observed in monitor mode. The following table describes these configuration  
settings.  
Option  
Description  
Restart  
Restarts the entire cluster.  
You must restart the cluster to effect changes you have  
made to port numbers and virtual IP addresses on the  
selected node. Restarting the cluster takes about 15  
seconds, during which time cache and proxy services  
are disabled.  
Refresh rate in  
Monitor mode  
Specifies the refresh rate for the display of the graphs  
and statistics with which you can monitor the appliance’s  
performance.  
Setting virtual IP addressing options  
The Virtual IP Addressing section lets you define and maintain the appliance’s  
pool of virtual IP addresses.  
The appliance keeps a pool of IP addresses as virtual IP addresses from which to  
draw and assign IP addresses to nodes as necessary. This practice assures that if a  
node in the cluster fails, other nodes can assume the failed node’s responsibilities.  
What are virtual IP addresses?  
Virtual IP addresses are really just IP addresses. They are called virtual addresses  
because they are not tethered to particular machines and can rotate among nodes  
in a cluster.  
It is common for a single machine to represent multiple IP addresses on the same  
subnet. This machine would have a primary or real IP address bound to its  
interface card and would also serve many more virtual addresses.  
Using virtual IP addressing for node failover  
You can set up your user base to use a DNS round-robin pointing at virtual IP  
addresses, as opposed to using the real IP addresses of the appliance machines in  
the cluster.  
Because virtual IP addresses are not bound to machines, a cluster can steal  
addresses from inactive nodes and distribute those addresses among the  
remaining live nodes.  
Using a proprietary management protocol, appliance nodes communicate their  
status with their peers. If a node fails, its peers notice the failure and quickly  
negotiate which of the remaining nodes will mask the fault by taking over the  
failed node’s virtual interface.  
26  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
The following table describes the Virtual IP Addressing configuration settings.  
Option  
Description  
Virtual IP on/off  
Enables or disables virtual IP addressing.  
If virtual IP addressing is disabled, appliance nodes cannot  
cover each other’s failures.  
Edit virtual IP  
addresses  
Allows you to edit your list of virtual IP addresses. Changes  
will not be effective until you click the Restart button on the  
same page.  
Incorrect IP addressing can effectively disable your system.  
Make sure you understand how virtual IP addresses work  
before you change them. If you do not assign a range of  
valid virtual IP addresses to the appliance’s manager  
process, nodes cannot cover each other’s failures.  
Adding entries to the Virtual IP address list  
You can add or change entries in the Virtual IP address pool by modifying the  
appliance’s Virtual IP address list.  
  Modifying the Virtual IP address list  
1
2
On the Server Basics page, scroll to the Virtual IP Addressing section.  
Click the Edit virtual IP addresses link.  
The Virtual IP page appears. You can add, remove, or modify Virtual IP  
addresses by clicking the Add Entry, Delete, or Modify buttons.  
  Adding a Virtual IP address  
1
2
3
4
Click the Add Entry button in the Virtual IP page.  
In the IP Address field, enter the virtual IP address.  
In the Device field, enter the network interface name (for example, iprb0).  
In the Subinterface field, enter the subinterface-ID.  
This is the number between 1-255 that the interface uses for the address.  
Click the Add button.  
5
Note  
To reset the fields, click the Reset button.  
Handling  
multiple  
interfaces  
If you have multiple network interfaces, the appliance monitors the state of the  
interfaces and detects failure. It does this by sending ICMP echo requests, much  
like the pingcommand.  
Chapter 4 Configuring the Appliance  
27  
   
Setting browser auto configuration options  
The Autoconfiguration of Browsers section lets you specify an auto  
configuration file for the selected node. Web browsers use the appliance by  
specifying a preference to use a proxy server, usually through an auto  
configuration file.  
Note  
Users must set their browsers to connect to the appliance’s auto configuration  
file. For information on setting your browser to use a proxy, such as the  
appliance, see your browser documentation. If you are using the transparency  
option, you do not need auto configuration files.  
The following table describes the section’s options.  
Option  
Description  
Autoconfiguration  
file  
Allows you to create or edit an auto configuration file.  
Setting throttling of network connections  
The Throttling of Network Connections section lets you set a limit on the  
number of connections the appliance can have. Setting limits on the connections  
helps to prevent system overload when traffic bottlenecks develop. When  
network connections reach the limit, new connections are queued until existing  
connections close.  
Note  
This section is available only if transparency is disabled. If you enable  
transparency, you do not see this option. See Configuring load-shedding‚ on  
page 28 for information about the transparency load shedding option.  
The following table describes the section’s options.  
Option  
Description  
Maximum Number  
of Connections  
Specifies the maximum number of connections that the  
appliance can have.  
Configuring load-shedding  
The Load Shedding section lets you configure how the appliance handles  
overloaded conditions.  
When transparency is enabled, the appliance handles overload conditions by  
forwarding a percentage of new requests to origin servers. You can configure the  
appliance to automatically shed load if the HTTP-hit transaction times become  
too long. For example, suppose that the lower limit for HTTP hit-transaction time  
is 500 milliseconds and the upper limit is 1000 milliseconds. Given these limits,  
the following is true:  
  If it takes the appliance more than 500 milliseconds to serve a fresh hit, it  
begins to shed load.  
28  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
  If it takes the appliance more than 750 milliseconds, it begins to shed 50% of  
its load.  
  If the fresh-hit transaction time exceeds 1000 milliseconds, the appliance  
begins to shed 100% of its load.  
Load shedding is temporary; when hit-transaction times return to acceptable  
levels, the appliance reverts to handling all incoming requests.  
The following table describes the options.  
Option  
Description  
HTTP hit transaction time - low  
watermark  
The lower limit for HTTP transaction  
time in milliseconds.  
When the average hit transaction time  
reaches this value, the appliance  
forwards a percentage of incoming  
client requests directly to the origin  
server.  
HTTP hit transaction time - high  
watermark  
The upper limit for HTTP transaction  
time in milliseconds.  
When the average hit transaction time  
reaches this value, the appliance  
forwards all incoming client requests  
directly to the origin server.  
Enabling SNMP agents  
The SNMP section lets you enable an SNMP agent to monitor information about  
the appliance and send warning messages, called SNMP traps, to SNMP  
monitoring stations.  
The following table describes the options.  
Option  
Description  
SNMP Agent on/off  
Enables or disables an SNMP agent.  
The appliance SNMP agent supports  
access to two management  
information bases (MIBs): MIB-2 (a  
standard MIB) and the Intel  
NetStructure Cache Appliance MIB.  
Enabling the SNMP agent on allows  
access to both.  
Chapter 4 Configuring the Appliance  
29  
     
Using the Protocols page  
The Protocols page lets you view and change the selected appliance’s protocol  
configuration. You can tune HTTP, NNTP, and FTP timeout intervals; and  
configure the appliance to remove HTTP headers from documents to protect site  
and user privacy.  
  Reaching the Protocols page  
1
2
Be sure you are in configure mode. If not, click the CONFIGURE tab.  
Click the Protocols page button.  
The Protocols page is divided into four sections for configuring HTTP, NNTP,  
HTTPS, and FTP.  
Configuring HTTP  
The HTTP section lets you configure the appliance’s handling of HTTP. The  
following table describes the section’s options.  
Option  
Definition  
Keep-Alive  
Timeout  
Specifies how long the appliance should keep connections to  
users open for a subsequent request after a transaction ends.  
Inbound  
If the user does not make another request before the timeout  
expires, the appliance closes the connection. If the user does  
make another request, the timeout period starts over.  
The user can close the connection at any time.  
Keep-Alive  
Timeout  
Outbound  
Specifies how long the appliance should keep open the  
connections to Web servers (content servers) for a  
subsequent transfer of data after a transaction ends.  
If the appliance does not need to make a subsequent request  
for data before the timeout expires, it closes the connection.  
Once the connection is closed, the timeout period starts over.  
The Web server can close the connection at any time.  
Inactivity  
Timeout  
Inbound  
Specifies how long the appliance should keep connections to  
users open if a transaction stalls. If the appliance stops  
receiving data from a user or the user stops reading the data,  
the appliance closes the connection when this timeout  
expires.  
The user can close the connection at any time.  
Inactivity  
Timeout  
Outbound  
Specifies how long the appliance should keep open  
connections to Web servers if the transaction stalls. If the  
appliance stops receiving data from a Web server, the  
appliance will not close the connection until this timeout has  
expired.  
The Web server can close the connection at any time.  
30  
Intel NetStructure Cache Appliance Administrator’s Guide  
           
Option  
Definition (Continued)  
Activity  
timeout  
Inbound  
Specifies the maximum time the appliance should remain  
connected to a user. If the user does not finish making a  
request (reading and writing data) before this timeout expires,  
the appliance closes the connection.  
The user can close the connection at any time.  
Activity  
Timeout  
Outbound  
Specifies the maximum time the appliance should wait for  
fulfillment of a connection request to a Web server. If the  
appliance does not establish a connection to a Web server  
before this timeout expires, the appliance terminates the  
connection request.  
The Web server can close the connection at any time.  
Remove the  
following  
common  
headers  
Specifies headers for removal. Removing headers can protect  
the privacy of your site:  
  The Fromheader. This header identifies the user’s e-mail  
address  
  The Refererheader. This header identifies the Web link  
followed by the user.  
  The User-Agentheader. This header identifies the  
agent—usually a browser—making the request.  
  The Cookieheader. This header is often used to identify  
the user making a request.  
Insert Client-ip Insert Client-ipheaders to retain client IP addresses.  
Remove  
Client-ip  
Remove Client-ipheaders for more privacy.  
User  
Language  
Selects the language in which messages to the user from the  
appliance are displayed. The default language is English.  
Configuring NNTP  
The NNTP section lets you configure basic NNTP options. While this section  
lets you configure basic options, you must use the command-line interface to  
configure the appliance to cache articles from particular NNTP servers and news  
groups as well as to set access restrictions and authentication requirements for  
news readers. See Configuring NNTP servers‚ on page 65 for more information.  
Chapter 4 Configuring the Appliance  
31  
   
The following table describes the options.  
Option  
Definition  
NNTP Server  
on/off  
Enables or disables the appliance to cache and serve news  
articles.  
After turning NNTP on or off for the selected node, you must  
restart the cluster to effect the change. Click the Restart  
button on the Server Basics page.  
NNTP Server  
Port  
Specifies the port that the appliance uses for serving NNTP  
requests. The default port is 119.  
Connect  
Message  
(posting  
allowed)  
Defines the message displayed to news readers when they  
connect to the appliance with posting allowed.  
Connect  
Defines the message displayed to news readers when they  
connect to the appliance with posting not allowed.  
Message  
(posting not  
allowed)  
NNTP options  
  Posting: Allows users to post NNTP articles to parent  
NNTP servers.  
  Access Control: Turns access control on or off. To refine  
access control, use the command-line interface. See  
Configuring NNTP access‚ on page 69 for more  
information.  
If you are using an authentication server, you must enter its  
name and port (see page 33).  
authentication. Use this option only if all of your client  
authentication supports version 2.  
  Run Local Authentication Server: Runs an authentication  
program on the selected node. Use the command-line  
interface to configure which clients must be authenticated.  
See Configuring NNTP access‚ on page 69 for more  
information.  
  Allow Feeds: Allows the appliance to accept feeds of news  
articles from feed or push groups.  
push groups. The appliance does not cache news articles  
from feed groups; instead, it receives feeds of news articles  
as the parent NNTP server receives feeds. Push groups  
are groups for which the appliance can both retrieve  
articles on demand and receive news feeds.  
See Configuring NNTP servers‚ on page 65 for information  
about designating news groups as push or feed.  
32  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Option  
Definition (Continued)  
NNTP options  
(continued)  
  Background Posting: Causes the appliance to post NNTP  
articles to parent NNTP servers in the background.  
  Obey Cancel Control Messages: Sets the appliance to  
obey cancelcontrol messages.  
When the appliance gets a cancel control message, it  
deletes the corresponding article from the cache. You do  
not need to enable this option if the appliance is caching  
articles on demand (i.e. no feed groups exist). For all  
nonfeed news groups, the appliance actively polls parent  
NNTP servers for cancelled articles. See the Check for  
Cancelled Articles option, below.  
  Obey Newgroups Control Messages: Causes the appliance  
to obey newgroupcontrol messages.  
The appliance actively polls parent NNTP servers for new  
groups; see the Check for New Groups option, below.  
  Obey Rmgroups Control Messages: Sets the appliance to  
obey rmgroup(remove group) control messages.  
Inactivity  
Timeout  
Defines the number of seconds that idle connections can  
Check for New Defines the number of seconds that pass before the  
Groups Every  
appliance polls parent NNTP servers for new news groups.  
The parent group lists change slowly. Consequently, you do  
not need to check them frequently.  
Use the command-line interface to list the hosts you want the  
appliance to poll. See Configuring NNTP servers‚ on page 65  
for more information.  
Check for  
Cancelled  
Articles Every  
Defines the number of seconds that pass before the  
appliance polls all nonfeed news groups on the parent NNTP  
servers for cancelled articles. Checking for new articles  
should not be done too frequently as it involves  
communication with the parent NNTP server.  
Check Parent  
NNTP Server  
Every  
Defines the number of seconds that pass before the  
appliance polls the parent NNTP server for new articles.  
Check Cluster  
Every  
Defines the number of seconds that pass before the  
appliance checks the nodes on the cluster.  
Check Pull  
Groups Every  
Defines the number of seconds that pass before the  
appliance pulls (or caches) news articles from defined pull  
groups. Use the command-line interface to designate pull  
groups. See Configuring NNTP servers‚ on page 65 for more  
information.  
Authentication  
Server Host  
The name of the host machine running the authentication  
server. If the host machine is the appliance, enter “local host”.  
Chapter 4 Configuring the Appliance  
33  
 
Option  
Definition (Continued)  
Authentication  
Server Port  
accepts connections. If the authentication server is remote,  
the appliance connects to it on this port.  
Local  
Authentication  
The number of milliseconds after which the authentication  
server aborts an incomplete authorization operation. The  
Server Timeout client can retry the operation.  
Refer to Configuring NNTP access‚ on page 69 for  
information about configuring authentication servers.  
Client Speed  
Throttle  
The number of bytes per second that clients are limited to  
during downloading operations. Use a 0(zero) for unlimited  
downloading.  
Configuring FTP  
The FTP section lets you configure FTP protocols. The following table describes  
the options.  
Option  
Definition  
FTP  
connection  
mode  
  PASV/PORT: Specifies the appliance use PASV connection  
mode. PASV/PORT is the default FTP connection mode. If  
PASV mode fails, the appliance uses PORT mode to initiate  
the data connection, and then the appliance accepts it.  
  PASV only: Specifies that the appliance initiates the data  
connection to the FTP server, and the FTP server accepts  
it. This mode is firewall-friendly, however, some FTP servers  
do not support it.  
  PORT only: Specifies that the FTP server initiates the data  
connection, and the appliance accepts it.  
FTP transfers require two connections: a control connection to  
inform the FTP server of a request for data and a data  
connection to send the data. The appliance always initiates  
the control connection. FTP mode determines whether the  
appliance or the FTP server initiates the data connection.  
FTP inactivity  
timeout  
(seconds)  
Defines the number of seconds before the appliance waits for  
a response from the FTP server. If the FTP server does not  
respond in time, the appliance abandons the user’s request.  
Anonymous  
Specifies an anonymous password for FTP servers that  
FTP password require a password for access.  
34  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Using the Cache page  
The Cache page allows you to configure the following:  
  Cache activation  
  Object freshness  
  Variable object content  
  Reaching the Cache page  
1
2
Be sure you are in configure mode. If not, click the CONFIGURE tab.  
Click the Cache page button.  
The following sections describe the sections in the Cache page.  
Cache activation  
The following table describes the cache activation configuration options.  
Option  
Description  
Enable HTTP  
caching  
EnablescachingofobjectsretrievedthroughHTTP.  
Enable FTP  
caching  
EnablescachingofobjectsretrievedthroughFTP.  
EnablescachingofobjectsretrievedthroughNNTP.  
Enable NNTP  
caching  
Ignore user  
requests to  
bypass cache  
Instructs the appliance to ignore no-cacheheaders. This  
means the appliance ignores a user’s stipulation to ignore  
their requests served from the cache.  
Chapter 4 Configuring the Appliance  
35  
       
Storage  
The following table describes the storage options.  
Option  
Description  
Maximum  
HTTP/FTP  
object size in  
bytes  
Specifies the maximum size of HTTP or FTP objects the  
appliance can cache.  
Use a 0(zero) to indicate no limit.  
Maximum  
number of  
alternate  
versions  
(HTTP)  
Specifies the maximum number of HTTP alternates that the  
appliance can cache.  
thousands of alternates, you might observe increased cache  
hit latencies (transaction times) as the appliance searches  
through the alternates for each request. In particular, some  
URL addresses can have large numbers of alternates due to  
cookies. If the appliance is set to vary on cookies, you might  
encounter this problem. See Variable content‚ on page 38 for  
more information.  
Freshness  
The following table describes the freshness options.  
Option  
Description  
Verify  
freshness  
by checking  
Configures the appliance to ask the original content server to  
verify the freshness of objects according to the following list  
before serving them.  
  when the object has expired  
  when the object has expired or if the object has no  
expiration date  
  always  
  never  
Minimum  
freshness  
Specifies the minimum freshness information required to  
consider a document able to be cached:  
information for  
a document to  
be cached  
  an explicit lifetime  
  a last-modified time  
  nothing  
If an object  
has no  
Specifies the time limits the appliance will keep an object in  
the cache:  
expiration  
date  
  minimum time in the cache. You can specify from  
15 minutes to two weeks.  
  maximum time in the cache. You can specify from  
15 minutes to two weeks.  
36  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
Option  
Description (Continued)  
FTP cached  
Specifies how long the appliance will keep FTP objects in the  
objects expire cache. You can specify from 15 minutes to two weeks.  
Internet  
Explorer  
Configures the appliance to treat Microsoft Internet Explorer  
requests more conservatively, providing fresher content at the  
requests force cost of serving fewer objects from the cache according to the  
a check with  
the origin  
server  
following options:  
  never: never force a freshness check with the origin server  
  for IMS revalidation requests: only force a freshness check  
for IMS (If Modified Since) revalidation requests  
  always: always force a freshness check with the origin  
server  
Certain versions of Microsoft Internet Explorer do not request  
cache reloads from reverse proxies and transparent caches  
when the user presses the browser Refresh button. This can  
prevent content from being loaded directly from the origin  
servers.  
Chapter 4 Configuring the Appliance  
37  
Variable content  
The following table describes the variable configuration options.  
Option  
Description  
Do not cache  
Instructs the appliance to refuse to cache objects served in  
response to URL addresses that contain:  
  ?  
  ;  
  cgi  
  end in .asp  
Enable  
Alternates  
Instructs the appliance to cache alternate versions of HTTP  
documents.  
Vary on these  
HTTP header  
fields:  
Enables the appliance to serve alternate documents.  
Selecting the Enable Alternates option allows you to specify  
values to match for the following fields:  
  If the request is for text: The default value is user-  
agent and cookie. Some documents can have  
thousands of alternate cookie versions. If you choose to  
vary on cookies, it is recommended that you limit the  
number of alternates cached. See Storage‚ on page 36.  
  If the request is for images: Images are rarely  
personalized.  
  If the request is for anything other than text or images  
Using document header information, the appliance can  
compare cached document specifications against  
requested specifications to determine if the correct  
alternate version of the document is in the cache. For  
example, a document header can specify that the  
document targets a specific browser, but any browser can  
request the document from the appliance. If a requested  
document’s fields do not match a cached document’s fields,  
the appliance does not serve the document from its cache,  
but instead retrieves a fresh copy from the origin server.  
Cache  
responses to  
requests  
containing  
Cookies for:  
Configures the appliance to cache responses to requests  
that contain cookies for:  
  no content-types  
  all content-types  
  only image-content types  
  content-types that are not text  
38  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
Using the Security page  
The Security page lets you configure access to the Manager UI. You can set  
administrator and guest IDs and passwords (guests have read-only access) for the  
selected node.  
  Reaching the Security page  
1
2
Be sure you are in configure mode. If not, click the CONFIGURE tab.  
Click the Security page button.  
The following table describes the Manager access options.  
Option  
Description  
Authentication  
(basic) on/off  
Enables or disables authentication. Leave authentication  
on to check the administrator ID and password whenever a  
user logs on to the Manager UI.  
Administrator’s ID Specifies the administrator login ID. (The ID is not checked  
if you turn authentication off.) The administrator has access  
to both configure and monitor pages in the Manager UI.  
Change  
administrator’s  
password  
Allows you to change the administrator password. Clicking  
the link displays the Change Administrator’s Password  
page where you can enter and validate a new password.  
(The password is not checked if you turn authentication  
off).  
Guest ID  
Specifies the guest login ID. Guests can access only the  
monitor pages of the Manager UI. The guest login ID is  
static for all guests.  
Change guest  
password  
Allows you to change the guest password. Clicking the link  
displays the Change Guest’s Password page where you  
can enter and validate a new password.  
Using the Routing page  
The Routing page lets you configure the following:  
  HTTP parent caching  
  Internet Caching Protocol (ICP) support  
  Server acceleration (reverse proxy service)  
From the Routing page, you can also check if transparency and WCCP are  
enabled.  
Chapter 4 Configuring the Appliance  
39  
       
  Reaching the Routing page  
1
2
Be sure you are in configure mode. If not, click the CONFIGURE tab.  
Click the Routing page button.  
Setting HTTP parent caching options  
The appliance can participate as a member of an HTTP cache hierarchy. You can  
point your appliance at a parent network cache—either another Intel NetStructure  
Cache Appliance or a different caching product—to form a cache hierarchy,  
wherein a child cache relies upon a parent cache in fulfilling user requests.  
parent  
failover  
You can specify more than one parent cache to be queried. If the first parent  
cache does not respond to the request, the appliance tries the next parent cache.  
The appliance supports multiple parent caches and parent failover. Use the  
command-line interface to configure multiple parent caches and parent failover  
(which gives appliance a sequence of parent caches to query if the first parent  
cache misses). See Controlling parent proxy caching‚ on page 89.  
The following table describes the options.  
Option  
Description  
Parent Caching  
on/off  
Enables or disables parent caching. To set parent caching  
on, you must also name a parent cache.  
Parent Cache  
Identifies the parent cache and port. Using the following  
format: parent_name:port_number. The port must be  
dedicated. If the appliance cannot find a requested object in  
its own cache, it searches the parent cache before  
searching the Internet. If you want parent failover, you can  
specify more than one parent cache; for example,  
parent1:port1; parent2:port2  
40  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Setting ICP options  
In the ICP section you can establish ICP peers.  
The following table describes the ICP options.  
Option  
Description  
ICP Mode  
Enables or disables ICP mode:  
  Only Receive Queries  
  Send/Receive Queries  
  Disabled  
ICP Port  
Specifies the port to use for ICP messages. The default  
port is 3130.  
ICP Multicast  
enabled on/off  
Enables or disables multicast. If your appliance has a  
multicast channel connection to its ICP peers, it can send  
ICP messages through multicast.  
ICP query  
timeout  
Specifies the timeout for ICP queries in seconds.  
ICP Peers  
View or modify the appliance’s ICP hierarchy.  
Establishing ICP peers  
For ICP to work, the appliance must recognize its ICP neighbors (siblings and  
parents).  
Chapter 4 Configuring the Appliance  
41  
     
  Adding an ICP Peer  
1
2
3
Click the ICP Peers link.  
Click the Add Entry button.  
Enter the information for the ICP peer host. If you want to clear the entire  
form of information, you can press the Reset button.  
Field  
Description  
Hostname  
The hostname for the ICP host. You do not have to enter  
a hostname if you know the host IP address.  
If you enter a hostname but leave the IP address as  
0.0.0.0, the ICP configuration obtains the host IP  
address via a DNS lookup on the entered hostname.  
Therefore, if you do not know the IP address, simply  
leave it as 0.0.0.0.  
Host  
Type  
IPThe  
host  
IP address.  
If you enter an IP address other than 0.0.0.0, the ICP  
configuration uses the IP address to identify the host.  
Otherwise, the ICP configuration requires a hostname.  
ICP host type. Use one of the following options:  
  1 specifies a parent cache  
  2 specifies a sibling cache  
  3 specifies the local host  
Option 3 is reserved for the appliance. In option 3, the  
hostname must be localhostand the host IP address  
must be 0.0.0.0. The ICP configuration enforces this  
convention.  
Proxy Port  
ICP Port  
The appliance’s proxy port (usually 8080).  
The UDP port used for ICP (usually 3130).  
Multicast Member Indicates whether the host is on a multicast network with  
the appliance. Use one of the following options:  
  No  
  Yes  
Multicast  
IPThe  
multicast  
IP address.  
Multicast TTL  
The multicast datagram time to live. Use one of the  
following options:  
  1: specifies that IP multicast datagrams will not be  
forwarded beyond a single subnetwork.  
  2: allows delivery of IP multicast datagrams to more  
than one subnet if there are one or more multicast  
routers attached to the first hop subnet.  
4
Click the Add button to save your changes.  
42  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Setting server accelerator options  
The Server Accelerator section allows you to configure the appliance as a  
Server Accelerator (also known as a reverse or server-side proxy).You can enable  
or disable this function as well as control how the appliance routes document  
requests to the slower traditional Web servers. For more information about setting  
up the appliance as a Server Accelerator, see Setting general controls‚ on  
page 62.  
The following table describes Server Accelerator options.  
Option  
Description  
Server  
Enables or disables server acceleration.  
Acceleration  
defined through the command-line interface.  
Reverse proxy  
only  
Sets the appliance to operate solely as a server  
accelerator. If you select Yes, the appliance does not serve  
requests to unspecified Web servers from the cache. See  
rewriting rules.  
If you select No, the appliance serves requests from  
unspecified Web servers as a normal proxy cache.  
Document Route Allows you to view, modify, or add document route rewrite  
Rewriting Rules  
rules. See Understanding server acceleration mapping  
rules‚ on page 132 for information on document route  
rewrite rules.  
URL to redirect  
Specifies an alternate URL that incoming requests from  
requests without older clients that do not provide a Host:header can be  
Host header  
directed.  
It is recommended that you set this option to a page that  
explains the situation to the user and advises a browser  
upgrade or provides a link directly to the origin server,  
bypassing the appliance. Alternatively, you can specify a  
map rule that maps requests without Host:headers to a  
particular server.  
  Creating a document route rewriting rule  
1
In the Server Accelerator section, click the Document Route Rewriting  
Rules link.  
The Configure: Routing: URL Rewriting page appears. This page displays  
the set of current rules as well as a Add Entry button that lets you create new  
rules.  
Chapter 4 Configuring the Appliance  
43  
       
2
3
Click the Add Entry button.  
From the Type field, select the type of rule you want to set (mapor  
reverse_map).  
4
5
6
In the Target field, enter the origin or from URL for the rule.You can enter up  
to four components; for example, <scheme>://<host>:<port>/  
<path_prefix>  
In the Replacement field, enter the destination or to URL for the rule. You  
can enter up to four components; for example, <scheme>://  
<host>:<port>/<path_prefix>  
Click the Add button to add the rule.  
Note  
You can abandon the new rule by clicking Reset.  
Checking transparency  
The Transparency section indicates whether the appliance is running  
be served transparently.  
If transparency is not enabled, you will see the following message:  
The Transparency option is not currently installed.  
For more information about Transparency, see Transparent proxy caching‚ on  
page 120.  
Checking WCCP  
The WCCP section indicates whether WCCP is enabled. If WCCP is enabled,  
you will see the following message:  
The WCCP option is currently installed.  
If WCCP is not enabled, you will see the following message:  
The WCCP option is not currently installed.  
Using the Host Database page  
The Host Database page lets you view and change the following:  
  Host database options  
  Domain Name Service lookups  
  Reaching the Host Database page  
1
2
Be sure you are in configure mode. If not, click the CONFIGURE tab.  
Click the Host DB page button.  
44  
Intel NetStructure Cache Appliance Administrator’s Guide  
               
Configuring the host database  
The appliance host database stores the domain name server (DNS) entries of  
servers that the appliance contacts to fulfill user requests. You configure the  
appliance host database by setting options in the Host Database Management  
section. The following table describes the options.  
Option  
Description  
Lookup timeout Specifies the DNS lookup timeout in seconds. You can  
choose from the following:  
  5 seconds  
  10 seconds  
  15 seconds  
  20 seconds  
  30 seconds  
Foreground  
timeout  
Specifies how long DNS entries can remain in the database  
before they are flagged as stale. You can choose from the  
following:  
  12 hours  
  24 hours  
  48 hours  
For example, if this timeout is 24 hours, and a user requests  
an entry that has been in the database for 24 hours or longer,  
the appliance will refresh the entry before serving it.  
You can set the background timeout (see next item) to refresh  
entries in the background, before objects become stale.  
Be careful not to set the foreground timeout too low. Doing so  
might slow response time. Additionally, setting the timeout  
value too high risks accumulation of incorrect information.  
Setting the foreground timeout to greater than or equal to the  
background timeout disables background refresh.  
Chapter 4 Configuring the Appliance  
45  
 
Option  
Description (Continued)  
Background  
timeout  
Specifies how long DNS entries can remain in the database  
before they are flagged as entries to refresh in the  
background. These entries are still fresh, so they can be  
refreshed after they are served, rather than before. You can  
choose from the following:  
  3 hours  
  6 hours  
  12 hours  
  24 hours  
  48 hours  
For example, the foreground refresh timeout interval is  
24 hours and the background timeout is 12 hours. In this  
situation a user requests an object from my.com and  
16 hours later a user makes a second request for an object  
from my.com. The DNS entry for my.comhas not been  
refreshed in the foreground because the entry is not yet  
24 hours old. But since the background timeout has expired,  
the appliance will first serve the user’s request and then  
refresh the entry in the background.  
Invalid host  
timeout  
Specifies how long the proxy software should remember that  
a hostname is invalid. This is often called negative DNS  
caching. You can choose from the following:  
  Immediate  
  15 minutes  
  30 minutes  
  1 hour  
  1.5 hours  
  2 hours  
For example, if a user specifies an invalid hostname, the  
appliance informs the user that it could not resolve the  
hostname and the appliance gets another request for the  
same hostname. If the appliance still remembers the bad  
hostname, it will not try to look it up again but will simply send  
another invalid hostname message to the user.  
Re-DNS on  
Reload  
Enables or disables the appliance’s ability to re-resolve  
hostnames whenever clients reload pages.  
46  
Intel NetStructure Cache Appliance Administrator’s Guide  
Configuring DNS  
The DNS Configuration section lets you configure DNS services. The following  
table describes the options.  
Option  
Description  
Resolve  
attempt  
timeout  
Specifies how long the appliance must wait for the DNS server  
to respond with an IP address, even if the client request has  
been cancelled. You can choose from the following:  
  5 seconds  
  10 seconds  
  15 seconds  
  20 seconds  
  30 seconds  
If the user abandons the request before this timeout expires,  
the appliance can still obtain the host’s IP address in order to  
cache it. The next time a user makes the same request, the  
address will be in the cache.  
Number of  
retries  
Specifies how many times the appliance should allow a lookup  
to fail before it abandons the lookup and sends an invalid  
hostname message to the user. You can choose from the  
following:  
  1  
  2  
  3  
  4  
  5  
Using the Snapshots page  
The Snapshots page lets you take snapshots of the selected appliance’s  
configurations or lets you restore previously saved configurations. A  
configuration snapshot consists of a complete set of appliance configuration files.  
Note  
It is a good idea to take a snapshot before doing system maintenance or  
attempting to tune system performance. Taking a snapshot only takes a few  
seconds and it can save you hours of correcting configuration mistakes.  
Chapter 4 Configuring the Appliance  
47  
       
  Reaching the Snapshots page  
1
2
Be sure you are in configure mode. If not, click the CONFIGURE tab.  
Click the Snapshots page button.  
The following table describes the options.  
Option  
Description  
Name New  
Snapshot  
Specifies a name for the snapshot. Do not include the  
forward slash “/” character in the name.  
Take Snapshot Takes a snapshot. Taking a snapshop saves a copy of all  
appliance configuration files. The snapshot is saved under  
the name specified in the Name New Snapshot field.  
Restore  
Snapshot  
Restores a snapshot. Clicking the Restore button returns the  
appliance to the configuration previously saved in the  
snapshot selected from the list.  
Delete  
Snapshot  
Deletes an existing snapshot. Clicking the Delete Snapshot  
button deletes the previously saved configuration that is  
selected from the list.  
Note  
Once you create a snapshot for the appliance, you should remove the floppy  
diskette from the drive. If you do not remove the diskette from the drive and the  
system needs to be rebooted remotely, the system will attempt to reboot from the  
diskette, which does not have a bootable image.  
48  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Chapter 5  
Using the Command-Line Interface  
This chapter describes the command-line utility that you can use to configure the system’s  
Appliance.  
This chapter contains the following sections:  
  Starting the command-line interface‚ on page 50  
  Navigating the command-line interface‚ on page 51  
  Using the setup menu‚ on page 52  
  Using the main menu‚ on page 54  
  Using the config menu‚ on page 61  
  Using the monitor menu‚ on page 99  
  Using the expert menu‚ on page 107  
  Using the save menu‚ on page 108  
  Using the load menu‚ on page 108  
49  
       
Starting the command-line interface  
The command-line interface displays automatically on screen when you provide  
a serial interface connection to the appliance. For information on how to make a  
serial connection to the appliance, see the Intel NetStructure Cache Appliance  
Quick Start Guide.  
Note  
Make sure your terminal is set to emulate a VT100 terminal when you are  
communicating with the appliance through a serial interface.  
Starting the appliance the first time  
The first time you connect to the appliance, the Initial Setup menus display as  
follows:  
setup  
install Install Intel Cache  
commit Commit Setup Changes  
Initial Intel Cache Setup  
These menu selections let you do the following:  
  setup—Provide the appliance machine with a hostname, IP address, subnet  
mask address, DNS address, gateway address, domain name, time zone, and  
date and time.  
  install—Install or update the appliance software. This task takes several  
minutes.  
  commit—Save the appliance network configuration after installing the  
software.  
For instructions on how to start the appliance for the first time, see either the Intel  
NetStructure Cache Appliance Quick Start Guide or Starting the system for the  
first time‚ on page 8.  
Note  
For security reasons, you should change your Administrator ID and password for  
telnet access as soon as possible after installing and initially configuring your  
appliance. See Changing the administrator password for telnet or serial access‚  
on page 60.  
Using the appliance after initial start-up  
After initial configuration and when you connect to the appliance through a serial  
interface, this main selection menu displays on the screen:  
setup  
main  
config  
Initial Intel Cache Setup  
Main Intel Cache Controls  
Intel Cache Configuration  
monitor View Statistics  
expert  
save  
load  
Enter Expert Mode  
Save Config to Floppy  
Load Config From Floppy  
Logoff  
logoff  
50  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
  setup—Change the system’s network address configuration and time  
  main—Start or stop the cache and proxy services, check version information,  
clear statistics, and install and delete software. See Using the main menu‚ on  
page 54 for more information.  
  config—Configure the appliance, including server, protocols, security, and  
routing. See Using the config menu‚ on page 61 for more information.  
  monitor—Monitor performance by viewing statistics. See Using the monitor  
menu‚ on page 99 for more information.  
  expert—Use the appliance’s expert feature. See Using the expert menu‚ on  
page 107 for more information.  
  save—Save the current configuration to a floppy disk. See Using the save  
menu‚ on page 108 for more information.  
  load—Load a saved configuration from a floppy disk. See Using the load  
menu‚ on page 108 for more information.  
  logoff—Logoff from the current login.  
Navigating the command-line interface  
The command-line interface consists of a series of menus that you can access to  
adjust the system’s network configuration and control, and to configure and  
monitor the appliance.  
The following table explains how to navigate the interface:  
To do this...  
Do this  
Move from one menu item to another  
Use the up and down arrow  
keys  
Select a menu or menu item  
Move to the item and press  
Enter  
Return to the previous form or menu screen  
Accept an action confirmation box  
Press CTRL-X  
Press CTRL-X  
Press CTRL-X  
Accept changes to the form and exit it by  
returning to the previous form or menu screen  
Save information you have entered in a form’s  
field and position the cursor at the next field.  
You must press Enter for each field in the form  
Press Enter  
Press ESC  
Cancel all changes to a form and exit it by  
returning to the previous form or menu screen  
Chapter 5 Using the Command-Line Interface  
51  
   
As you navigate through windows, you see the path of the window displayed in  
the top menu border, starting with the root menu.  
The following steps provide an example of how to view cache performance  
statistics from the monitor menu.  
1
From the initial menu, use the down arrow key on your keyboard to navigate  
to the monitor menu item. Doing so highlights that item to show that you  
have selected it.  
2
3
Press Enter. After pressing Enter, the monitor menu appears and the menu  
border displays root->monitor.  
Press the down arrow key to navigate to the cache menu item and press Enter.  
Doing so displays the cache performance statistics on the screen and the  
menu border displays root->monitor->cache.  
Using the setup menu  
The setup menu lets you do the following:  
  Change the IP address, hostname, and netmask address on the primary  
network interface controller in the appliance.  
  Change the speed and transmission mode of the primary network interface  
controller.  
  Change the DNS address and domain name.  
  Change the gateway address.  
  Configure time zone settings.  
  Configure date and time settings.  
  View current network address settings on the primary network interface  
controller.  
You can change the network settings of the primary network interface controller  
(host name, IP address, and netmask address) any time after the initial setup.  
Note  
You must configure the network interface controller the first time you connect to  
the appliance from a terminal. (See Starting the command-line interface‚ on  
page 50 for more information.)  
  Changing network address configuration on the NIC  
1
2
Select the setup menu and press Enter.  
Select ip and press Enter. Doing so displays the current IP address, hostname,  
and netmask.  
3
In the New IP Address field, enter the IP address that you want to assign to  
the appliance, and press Enter.  
52  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
4
5
6
In the New Hostname field, enter the hostname that you want to assign to the  
appliance, and press Enter.  
In the New Netmask field, enter the netmask address that you want to assign  
to the appliance system, and press Enter.  
Press CTRL-X to save your changes and return to the previous menu.  
Changing the controller speed and transmission mode  
You can change the speed and transmission mode of the primary network  
interface controller any time after the initial setup.  
  Changing speed and transmission mode  
1
2
3
Select the setup menu and press Enter.  
Select nic and press Enter.  
From the list, choose a speed and mode and press Enter. Doing so causes a  
message to appear indicating the change has been made but will not take  
effect until the system is rebooted.  
Changing the DNS address and domain name  
You can change the DNS address and domain name used by the appliance.  
  Changing the DNS address  
1
2
Select the setup menu, and press Enter.  
Select dns and, press Enter. Doing so displays the current DNS address and  
domain name.  
3
4
5
In the New DNS Address field, enter the DNS address that you want to  
assign to the appliance, and press Enter.  
In the New Domainname field, enter the domain name that you want to  
assign to the appliance, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Changing the gateway address  
You can change the gateway address used by the appliance.  
  Changing the gateway address  
1
2
Select the setup menu, and press Enter.  
Select gateway, and press Enter. Doing so displays the current gateway  
address and a field in which you can enter the new gateway address.  
3
4
In the New Gateway field, enter the gateway address that you want to assign  
to the appliance, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Chapter 5 Using the Command-Line Interface  
53  
           
Configuring time zone settings  
You can configure the appliance for the appropriate time zone.  
  Configuring the time zone setting  
1
2
Select the setup menu, and press Enter.  
Select timezone, and press Enter. Doing so displays a list of available time  
zone settings.  
3
Use the up and down arrow keys to scroll through the list and select the  
appropriate time zone.  
4
5
6
Once you have selected the item, press Enter.  
Press any key to continue.  
Press CTRL-X to return to the previous screen. When you exit the screen, a  
message appears indicating that the new time zone setting does not take effect  
until the system is rebooted.  
Configuring date and time settings  
You can configure the appliance’s date and time.  
  Configuring the date and time settings  
1
2
Select the setup menu, and press Enter.  
Select time, and press Enter. Doing so displays time and date fields, each  
having various fields in which you can enter data.  
3
Provide data in each sub-field and use the Enter key to move between sub-  
fields.  
 
 
 
 
Enable or disable Daylight Savings Time  
Indicate whether you’re inside or outside Daylight Savings Time  
Enter time in the format HH:MM:SS  
Enter the date in the format MM/DD/YYYY  
4
When you have finished, press CTRL-X to confirm your settings and exit the  
window.  
Viewing current network address settings  
You can view the current hostname, IP, DNS, and Gateway address settings by  
selecting view from the setup menu.  
Using the main menu  
The main menu lets you do the following:  
  Check the status of the Server and Manager resident on the appliance.  
54  
Intel NetStructure Cache Appliance Administrator’s Guide  
           
  Start the appliance cache and proxy services.  
  Stop the appliance cache and proxy services.  
  View and maintain the version of software installed on the appliance.  
  Clear persistent statistics.  
  Reboot the system.  
  Halt the system.  
  Change Administrator password for telnet and serial access.  
  Reset the appliance to the factory settings.  
  Prepare cache disk.  
Checking the status of the Server and Manager  
You can check the status of the appliance’s Server and Manager applications  
using the main menu.  
  Checking Server and Manager status  
1
2
Select the main menu, and press Enter.  
Select status, and press Enter. Doing so displays a window that indicates  
whether the Server and Manager are UP or DOWN.  
Starting the appliance  
Starting the caching and proxy services “starts” the appliance.  
  Starting the appliance  
1
2
Select the main menu, and press Enter.  
Select start, and press Enter. Doing so displays a message indicating that the  
appliance has started successfully.  
Stopping the appliance  
Shutting down all caching and proxy services “stops” the appliance.  
You must stop the appliance before doing certain maintenance tasks.  
  Stopping the appliance  
Note  
1
2
Select the main menu, and press Enter.  
Select stop, and press Enter. Doing so displays a message indicating the  
cache has been stopped.  
Chapter 5 Using the Command-Line Interface  
55  
               
Viewing and maintaining versions of the software  
You can have up to two versions of the appliance software installed on the system  
at the same time. From these versions, you can choose which one is current and  
executes in the appliance. Installing a new version of the software automatically  
makes it the current version.  
You can use the versions menu, which is a submenu of the main menu, to do the  
following:  
  Identify the installed versions.  
  Install new versions.  
  Switch versions.  
  Delete a version.  
  View which version is running.  
Identifying which versions of the software are currently  
installed  
  Identifying which versions of the appliance software are installed.  
1
2
3
Select the main menu and press Enter.  
Select versions and press Enter.  
Select view and press Enter. Doing so displays a list of version numbers.  
Installing a new version of the appliance software  
You can update the software on your cache appliance using FTP to download the  
updated files. When you install a new version of the software, it becomes the  
current, running version. In addition, the appliance copies the new version to  
your secondary drive.  
  Setting up the FTP server  
1
2
3
Set up the FTP server to provide upgrade files to the appliance. You can use a  
single FTP server to upgrade multiple appliances.  
Place the files on an FTP server that’s accessible by the appliance, and on a  
network with sufficient performance for fast transfer of files.  
Each upgrade must exist in a separate directory. We recommend that the  
names you choose for your directories indicate the release. This example  
shows separate directories for application, patch, and OS/application  
upgrades:  
<ftp_dir>/app_3.0.9.0  
<ftp_dir>/app_3.1.0.0  
<ftp_dir>/patch_1  
<ftp_dir>/patch_2  
<ftp_dir>/os_1  
<ftp_dir>/os_2  
56  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
4
Regardless of the type of upgrade, that is, application, patch, or OS/  
application, each upgrade requires two files, which you must copy into the  
correct directory on the FTP server:  
upgrade_info  
<upgrade_name>.tar.gz  
  Starting the upgrade from the appliance side  
1
2
3
Start the command line interface.  
Go to root > main > version > install  
Enter the following information in the fields provided:  
 
 
 
 
IP address or hostname of FTP server  
Path to upgrade files  
Username on FTP server  
User password on FTP server  
4
5
Press Ctrl-X to begin upgrading. A message will appear, Checking FTP  
Site...as the appliance connects to the FTP server and retrieves the  
upgrade_infofile. Next, the CLI displays the type of upgrade (APP,  
PATCH, or OS), and a message describing the upgrade. You will see a  
warning that an OS upgrade later requires you to swap the primary and  
secondary drives.  
Press Ctrl-X to proceed or Escape to abort. If you select Proceed, the  
upgrade continues, following the procedure for that upgrade type as  
explained in the corresponding section below.  
Application upgrade  
After you press Ctrl-X to proceed, the CLI displays this message:  
Ftp’ing Application Upgrade. Please Wait...  
The server transfers the application upgrade file tar.gz(approximately 26  
MB). When the transfer is complete, the CLI displays this message:  
Upgrade Will Take 4-6 Minutes. Please Wait...  
Once the upgrade is complete, the system automatically reboots. The CLI  
displays this message:  
Final Message: Upgrade Complete.  
Intel (r) NetStructure (tm) 1520 Cache is rebooting.  
Please wait 2-3 minutes for an active console login.  
After the system has finished rebooting, follow the procedures in Starting the  
system for the first time in chapter 2.  
Chapter 5 Using the Command-Line Interface  
57  
 
Patch upgrade  
After you press Ctrl-X to proceed, the CLI displays this message:  
Installing The Patch. Please Wait...  
The server transfers the application upgrade tar.gz(typically less than 10  
MB). When the transfer is complete, the CLI displays this message:  
Ftp Fetching Successful  
The appliance starts to install the upgrade. The CLI displays this message:  
Patch Installation In Progress. Please Wait...  
Once the upgrade is installed, the CLI displays this message:  
Patch Installation Successful  
Once the upgrade is complete, the system automatically reboots, then the CLI  
displays this message:  
Final Message: Upgrade Complete.  
Intel (r) NetStructure (tm) 1520 Cache is rebooting.  
Please wait 2-3 minutes for an active console login.  
Continue to use the appliance as before. If the upgrade requires you to reset the  
application, you are warned in an upgrade message.  
OS/Application upgrade  
After you press Ctrl-X to proceed, the CLI displays the message:  
Upgrading To The New OS. Please Wait...  
The server transfers the application image upgrade file tar.gz (typically 310 MB).  
When the transfer is complete, the CLI displays this message:  
Ftp Fetching Successful  
The appliance begins preparing the secondary disk, and the CLI displays this  
message:  
Disk Preparation in Progress. Please Wait...  
Once the disk is prepared, the CLI displays this message:  
Disk Preparation Successful  
Next, reboot the system. After the system has finished rebooting, follow the  
procedures in Starting the system for the first time in chapter 2.  
Running a different version of the appliance software  
You can switch between the two different versions of the software.  
  Running a different version of the appliance software  
1
2
3
Select the main menu, and press Enter.  
Select versions, and press Enter.  
Select switch, and press Enter. Doing so displays a list of versions. If no other  
versions exist, a message displays indicating such.  
4
Select the version you want to run, and press Enter.  
58  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Deleting a version of the appliance software  
You can delete a version of the appliance software when you need to add a newer  
version but you already have two versions installed.  
Note  
You cannot delete the currently running version of the appliance software. To  
delete that software, you must first switch to the second version and then delete  
the other version. Also, if you have only one software version installed, you  
cannot delete it.  
  Deleting a version of the appliance software  
1
2
3
4
Select the main menu, and press Enter.  
Select versions, and press Enter.  
Select delete, and press Enter.  
Select the version you want to delete, and press Enter. Doing so displays a  
confirmation prompt asking you whether you want to really delete the  
version.  
5
When prompted, press yto confirm or nto cancel.  
Viewing which version of the appliance software is currently  
running  
You can check which version of the appliance software is running on your  
machine.  
  Viewing the current version of the appliance  
1
2
3
Select the main menu, and press Enter.  
Select versions, and press Enter.  
Select current, and press Enter. Doing so displays a message that indicates  
the current version number.  
Clearing statistics  
You can clear statistics that remain through reboot operations (persistent  
statistics). Clearing statistics from the appliance initializes them to a pre-  
installation state.  
Note  
Clearing statistics involves stopping and restarting the appliance.  
  Clearing statistics for the appliance  
1
2
Select the main menu, and press Enter.  
Select stop, and press Enter. Doing so stops all caching functions in the  
appliance and displays a status message indicating such.  
3
4
Select clear, and press Enter. Doing so displays a confirmation prompt asking  
you whether you want to really clear statistics.  
Be sure that yappears after the confirmation prompt and then press Enter.  
Chapter 5 Using the Command-Line Interface  
59  
       
5
6
Press CTRL-X to clear the statistics and return to the previous screen.  
Choosing to clear the statistics causes a confirmation message to appear.  
Select start, and press Enter. Doing so resumes the caching functions in the  
appliance.  
Rebooting the System  
You can reboot the system. Rebooting the system is different than starting or  
stopping the caching software. A system reboot performs an orderly shutdown of  
the appliance and restarts the operating system.  
  Rebooting the system  
1
2
Select the main menu, and press Enter.  
Select reboot, and press Enter. Doing so causes the system to reboot. The  
caching software retains its status (on or off) after the reboot operation.  
Halting the System  
You can halt the system. Halting the system is different than starting or stopping  
the caching software or rebooting the system. Halting the system gives little or no  
warning to users connected to the machine before logging them off. You should  
halt the appliance only as a last resort to problems.  
  Halting the system  
1
2
Select the main menu, and press Enter.  
Select halt, and press Enter. Doing so causes a message to display that  
indicates the appliance is halting. Shortly after this message the CLI halts.  
Changing the administrator password for telnet or  
serial access  
Connecting to the appliance through telnet or a serial port requires you to enter  
an administrator ID and password. When you install the appliance, the default ID  
is adminand the password is admin. This procedure allows you to change the  
password. The username remains the same.  
Note  
Should you forget your password, contact Customer Service at Intel Corporation  
for assistance. For information on how to contact Intel Customer Service, see the  
Intel NetStructure Cache Appliance Product Support booklet that came with your  
system.  
Important  
For security, it is highly recommended that you change the password.  
  Changing the password  
1
Select the main menu, and press Enter.  
60  
Intel NetStructure Cache Appliance Administrator’s Guide  
             
2
Select passwd, and press Enter. Doing so causes a prompt to appear  
requesting you to type and confirm the new administrator password.  
3
4
Enter and confirm the new password.  
Press CTRL-X to save your changes and return to the previous screen.  
Note  
Changing the password value using CLI changes only the password for telnet or  
serial access. It does not change the password for Manager UI access.  
Resetting to factory settings  
You can reset settings in the appliance to their factory defaults.  
Warning  
Using this command deletes your installation and requires you to reinstall and  
reconfigure the appliance completely.  
  Resetting the appliance to default factory settings  
1
2
Select the main menu, and press Enter.  
Select reset, and press Enter. Doing so displays a confirmation prompt asking  
3
4
Be sure that yappear after the confirmation prompt and then press Enter.  
Press CTRL-X to reset the settings and return to the previous screen.  
Choosing to reset the settings causes the appliance to stop and delete the  
installation, then returns you to the setup menu so you can reinstall the  
appliance again. See Using the setup menu‚ on page 52 for more information.  
Preparing a cache disk  
You can prepare a cache disk for use in the system. You must prepare a new drive  
in the system before the caching software can use it. Preparing the drive allows  
the caching software to recognize the drive as a cache disk.  
  Preparing a cache disk  
1
2
Select the main menu, and press Enter.  
Select prep, and press Enter. Doing so causes the system to examine the  
cache drives for uninitialized drives and prepare them for use.  
Using the config menu  
The config menu lets you do the following:  
  Set general controls, such as shut down, bounce, start up, or restart the local  
appliance, and restart or bounce the cluster.  
  Configure protocol options.  
  Configure the cache.  
  Configure security options.  
Chapter 5 Using the Command-Line Interface  
61  
         
  Configure routing options.  
  Configure the Adaptive Redirection Module (ARM) for transparent proxy  
caching.  
  Configure the host database options.  
  Configure logging options.  
Setting general controls  
You can stop, start, or restart caching on the local appliance or cluster. You can  
also bounce the local appliance or the cluster. When you bounce the local  
appliance, caching is stopped and then quickly restarted on the local appliance.  
The same is true when you bounce the cluster, caching is stopped and then  
quickly restarted on each node in the cluster.  
  Setting general controls  
1
2
3
Select the config menu, and press Enter.  
Select server, and press Enter.  
Select the configuration option you want to use, and press Enter:  
 
 
To specify the name of your cluster, select cache rename, and press  
Enter. Doing so displays the current cache name and a field in which  
you can enter a new name. After entering the new name, press CTRL-X  
to save your changes and return to the previous screen.  
To enter a multicast group address, select multicast address, and press  
Enter. Doing so displays the current multicast address and a field in  
which you can enter the new multicast address. After entering the new  
address, press CTRL-X to save your changes and return to the previous  
screen.  
 
 
 
 
 
 
 
To restart caching on the cluster, select cluster restart, and press Enter.  
See step four for further information.  
To restart caching on the local appliance, select local restart, and press  
Enter. See step four for further information.  
To shut down caching on the local appliance, select local shutdown,  
and press Enter. See step four for further information.  
To start up caching on the local appliance, select local startup, and  
press Enter. See step four for further information.  
To bounce the cluster, select cluster bounce, and press Enter. See step  
four for further information.  
To bounce the local appliance, select local bounce, and press Enter. See  
step four for further information.  
To set up an alarm email address, select email, and press Enter. Doing  
so displays the current alarm email address. You can enter the email  
62  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
address you want to use in this field and press CTRL-X to save your  
changes and return to the previous screen.  
 
To see whether the appliance is in reverse or forward proxy mode, select  
view-mode, and press Enter. A message displays at the bottom of the  
screen that indicates reverse or forward proxy enabled.  
 
 
To set the appliance for reverse proxy, select rev-proxy, and press  
Enter.  
To set the appliance for forward proxy, select forw-proxy, and press  
Enter.  
Note  
To use both forward and reverse proxy, set the appliance to reverse. If  
you are running in non-transparent mode, the proxy port is 80.  
4
In some cases, you are prompted to confirm the action before it is performed.  
To continue with the action, be sure that y appears after the prompt when you  
press Enter. After pressing Enter, press CTRL-X to return to the previous  
screen. To cancel the operation, be sure n appears after the prompt and press  
Enter. Or you can press ESC to exit the screen.  
Configuring protocol options  
You can set HTTP, NNTP, and FTP configuration options. You can also set filter  
rules and remap rules. Filter rules let you deny or allow particular URL requests  
and keep or strip header information. Remap rules let you create a set of  
document routing rewrite rules for reverse proxy caching so that the appliance  
can handle relative path requests.  
Configuring HTTP options  
You can view the current configuration settings and remove HTTP headers.  
  Configuring HHTP options  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select http, and press Enter.  
Select the configuration option you want to use, and press Enter:  
 
To view the current HTTP configuration settings, select view, and press  
Enter.  
 
To remove HTTP headers, select remove, and press Enter. You can  
remove the following headers:  
From:  
identifies the user’s email address  
Referer:  
identifies the Web link followed by the user  
Chapter 5 Using the Command-Line Interface  
63  
   
User-Agent: identifies the agent making the request, usually a  
browser  
Cookie:  
identifies the user that made the request  
 
To add HTTP headers, select add, and press Enter. You can add the  
following headers:  
From:  
identifies the user’s email address  
Referer:  
identifies the Web link followed by the user  
User-Agent: identifies the agent making the request, usually a  
browser  
Cookie:  
identifies the user that made the request  
 
 
To remove a client IP header or undo the removal, select remove/undo,  
and press Enter. See insert/undo below.  
To insert a client IP header or undo the insertion, select insert/undo,  
and press Enter. When a client IP header is inserted, it allows the traffic  
server to track its IP as opposed to other means that common http  
protocol permits.  
 
 
Language: Messages from the traffic server to users are displayed by  
default in English.  
Auth: This is the proxy authorization. Because the proxy authorization  
header field applies only to the next outbound proxy that demanded  
authentication using the proxy-authenticate field, this feature is added  
so that you can force the traffic server to forward the header to the next  
proxy in the chain. By default, this is disabled. If you are running the  
traffic server through another proxy (for example, a firewall), you  
should enable this feature to make http authentication work.  
Configuring NNTP options  
You can configure enable and disable NNTP caching, view the current NNTP  
settings, enable and disable NNTP server feeds, enable and disable NNTP access  
control, configure NNTP servers, configure NNTP access, configure the NNTP  
port, set timeout values, and remove HTTP headers.  
  Configuring NNTP options  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select nntp, and press Enter.  
Select the configuration option you want to use, and press Enter:  
 
To view the current NNTP configuration settings, select view, and press  
Enter. The configuration settings display on screen.  
 
To enable the appliance to cache and serve news articles select enable,  
and press Enter.  
64  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
 
 
 
 
 
 
 
To Disable the appliance from caching and serving news articles select  
disable, and press Enter.  
To allow NNTP server feeds, select the first feeds in the menu and press  
Enter.  
To inhibit NNTP server feeds select the second feeds in the menu and  
press Enter.  
press Enter.  
and press Enter.  
To configure NNTP servers, select servers, and press Enter. Refer to  
Configuring NNTP servers for more information.  
To configure NNTP access, select access and press Enter. Refer to  
Configuring NNTP access‚ on page 69 for more information.  
Configuring NNTP servers  
You can add, delete, and view NNTP server rules. The appliance uses NNTP  
server rules to let you specify:  
  The parent NNTP servers from which you want the appliance to cache  
articles.  
  The news groups you want the appliance to observe.  
  The type of NNTP activity you want the appliance to perform; for  
example, caching news articles on demand, posting news articles, and  
receiving news feeds.  
  The network interface the appliance uses to contact the parent NNTP  
server.  
  Adding NNTP server rules  
1
2
3
4
5
6
7
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select nntp, and press Enter.  
Select servers, and press Enter.  
Select add rules, and press Enter.  
Enter an NNTP server rule, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Each rule must have the following format:  
hostname group-wildmat priority interface  
The hostnameand group-wildmattags are required; priorityand  
interface are optional.  
Chapter 5 Using the Command-Line Interface  
65  
     
The following table describes the tags you can use in a rule:  
Tag  
Description  
hostname  
Choose one of the following:  
  host name  
  host name:port  
  IP address  
  IP address:port  
  .block—Use .blockto block access to specific  
news groups.  
group-wildmat  
This tag must be a comma-separated list of group  
names and list files in wildmat format (use * as a  
wildcard). The list file options are: subscriptions,  
distributions, and distrib.pats.  
Do not use spaces in the list. Use the prefix “!” to  
indicate groups not included in the list. The list is  
processed in reverse order, so more specific  
restrictions should be placed later in the list.  
Examples:  
  *,!distrib.pats  
The previous example does not include any  
distrib.patsfiles, but does include all others.  
  *,!alt.*  
The previous example does not include any  
groups of the form alt.*, but does include all  
others.  
  talk.religion.*,!talk.religion.barney  
,subscriptions  
The previous example includes only subscriptions  
from all talk.religion.*groups but excludes  
talk.religion.barney.  
priority  
This tag tells the appliance how to treat the specified  
host and news groups. Use one of the following  
options:  
  <no priority tag>  
If you do not use a priority tag, the appliance  
caches articles from the specified news groups on  
demand. If you specify multiple groups (such as  
alt.*), the appliance maintains a group list and  
will poll the parent NNTP server regularly to check  
for changes in the group list.  
66  
Intel NetStructure Cache Appliance Administrator’s Guide  
Tag (Continued)  
Description (Continued)  
priority  
(continued)  
  feed  
The appliance will receive news feeds for the  
specified groups as the parent NNTP server  
receives news feeds. The appliance will not cache  
articles on demand, since it will have them.  
  push  
The appliance can both receive news feeds and  
cache articles on demand.  
  pull  
The appliance actively pulls (caches) all articles  
from these news groups at a frequency you  
specify in the appliance Manager UI. The  
appliance does not wait for user requests.  
A “pull” line must be preceded by a “cache on  
demand” line. The appliance needs to be aware of  
the news server and its groups before it can pull  
articles from a specific group. See the examples  
following this table.  
  pullover  
The appliance actively pulls the overview  
database for the news groups but retrieves news  
articles on demand.  
A “pullover” line must be preceded by a “cache on  
demand” line. The appliance needs to be aware of  
the news server and its groups before it can pull  
overviews from a specific group. See the  
examples following this table.  
  dynamic  
The appliance automatically decides, based on  
usage patterns, whether a group should be “pull,”  
“pullover,” or demand retrieval-based.  
  Enter a positive integer  
The appliance retrieves articles on demand from  
the specified server according to the assigned  
priority. The default priority is 0. Multiple servers  
assigned the same priority are accessed in a  
round-robin fashion.  
  post  
Articles to be posted to the specified news groups  
are sent to the specified server.  
interface  
Enter the network interface the appliance uses to  
contact the parent NNTP server.  
Chapter 5 Using the Command-Line Interface  
67  
Examples  
The following rule tells the appliance to block all requests from rec.*  
groups with the exception of rec.soccer:  
.block !rec.soccer,rec.*  
The following rule is an example of setting the port associated with the  
hostname:  
news.webhost.com:999 *  
The following rule is an example of associating an interface and priority with  
an IP address:  
news.webhost.com * 0 10.3.3.2  
The following rules are examples of establishing priorities for the hostnames:  
news.webhost.com * 0  
news.backup.com * 1  
The following rules are examples of defining pull and pullover groups.  
comp.webhost.com *  
comp.webhost.com comp.* feed  
Note  
Every line designating a pull or pullover group must be preceded by a “cache  
on demand” line as follows:  
comp.webhost.com alt.*  
comp.webhost.com alt.bicycles pull  
 
Deleting NNTP server rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select nntp, and press Enter.  
Select servers, and press Enter.  
Select delete, and press Enter. Doing so displays a list of rules. If no rules  
exist, a message displays at the bottom of the screen indicating such.  
6
7
Use the arrow keys to select the rule you want to delete and press Enter.  
Press CTRL-X to save your change and return to the previous screen.  
68  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Viewing NNTP server rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select nntp, and press Enter.  
Select servers, and press Enter.  
Select view, and press Enter. Doing so displays the file containing the  
NNTP server rules.  
Configuring NNTP access  
The appliance uses NNTP access rules to let you control user access to news  
articles that are cached. Each rule describes the access privileges for a  
particular group of clients. You can add, delete, and view access rules.  
 
Adding NNTP access rules  
1
2
3
4
5
6
7
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select nntp, and press Enter.  
Select access, and press Enter.  
Select add rules, and press Enter.  
Enter an NNTP access rule, and press Enter.  
Press CTRL-X to save the rule and return to the previous screen.  
Each rule must begin with a specific client group. You can use three ways  
to specify groups of clients: by IP range, domain, or host name. For  
example:  
ip=0.0.0.0-255.255.255.255  
ip=127.0.0.1  
domain=intel.com  
hostname=myhost.mydomain.com  
Following the client group is an access directive. The access directive is  
of the form access=value. The allowed access values are ip_allow,  
ip_deny, basic, generic, and custom. Depending on the access  
directive, you can further specify an authenticator program, users, and  
passwords, as in the following examples:  
ip=127.0.0.1 access=”generic” authenticator=”homebrew”  
user=”joe”  
hostname=myhost.com access=”basic” user=”joe” pass=”bob”  
Chapter 5 Using the Command-Line Interface  
69  
   
The following table lists the access directive options:  
If access is... authenticator is... user is...  
pass is...  
ip_allow  
ip_deny  
basic  
not required  
not required  
not required  
optional  
not required  
not required  
required  
not required  
not required  
optional  
generic  
custom  
not required  
not required  
required  
optional; but  
the only  
optional; but the  
only allowed  
allowed entry entry is the  
is the string  
“required”.  
(See the  
string “required”.  
(See the  
following  
example.)  
following  
example.)  
The following is an example of custom access:  
ip=127.0.0.1 access=”custom” authenticator=”hb” user=required pass=required  
 
Deleting NNTP access rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select nntp, and press Enter.  
Select access, and press Enter.  
Select delete, and press Enter. Doing so displays a list of rules. If no rules  
exist, a message displays at the bottom of the screen indicating such.  
6
7
Use the arrow keys to select the rule you want to delete and press Enter.  
Press CTRL-X to save your change and return to the previous screen.  
 
Viewing NNTP access rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select nntp, and press Enter.  
Select access, and press Enter.  
Select view, and press Enter. Doing so displays file containing the NNTP  
access rules.  
70  
Intel NetStructure Cache Appliance Administrator’s Guide  
Configuring Secure Socket Layer (SSL) port  
You can view and specify the ports to which SSL is restricted.  
Viewing SSL ports  
 
 
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select ssl, and press Enter.  
Select view, and press Enter. Doing so displays the ports to which SSL is  
restricted.  
Restricting SSL to specific ports  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select ssl, and press Enter.  
Select port, and press Enter. Doing so displays the current ports to which  
SSL is restricted and a field in which you can specify additional ports.  
5
Supply the ports to which SSL will be restricted, and press Enter.You can  
enter a maximum of two ports. When entering more than one port,  
separate them with blank space. Also, you must enter the complete list of  
ports even if one is already specified in the existing list.  
6
Press CTRL-X to save your changes and return to the previous screen.  
Configuring FTP options  
You can view the current FTP configuration settings, set the connection mode,  
the inactivity timeout value, and the anonymous password.  
  Configuring the FTP options  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select ftp, and press Enter.  
Select the configuration option you want to use, and press Enter:  
 
To view the current FTP configuration settings, select view, and press  
Enter. The configuration settings display on screen.  
 
To set the connection mode, select mode, and press Enter. You can  
select from three modes: PASV/PORT, PASV only, and PORT only.  
Pressing Enter makes the selection.  
Chapter 5 Using the Command-Line Interface  
71  
 
 
 
To set the inactivity timeout (the length of time the appliance waits for a  
response from the FTP server before abandoning the user’s request for  
data), select inactivity, and press Enter. Doing so causes a field to  
appear with the current setting displayed. Supply the new value and  
press Enter. Press CTRL-X to save your changes and return to the  
previous screen.  
To set the anonymous password for FTP servers that require a password  
for access, select password, and press Enter. Doing so causes a field to  
appear with the current password displayed. Supply the new value and  
press Enter. Press CTRL-X to save your changes and return to the  
previous screen.  
Setting filter rules  
The appliance uses filter rules to deny or allow particular URL requests and keep  
or strip header information. When a URL request is allowed, the appliance will  
cache and serve the requested document. When a request is denied, the client  
receives an access deniedmessage.  
You can add, delete, and view filter rules.  
  Adding filter rules  
1
2
3
4
5
6
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select filter, and press Enter.  
Select add rules, and press Enter.  
Enter a filter rule, and press Enter.  
Press CTRL-X to save the rule and return to the previous screen.  
Each rule must have the following format:  
primary destination=value secondary specifier=value action=value  
Note  
You can use more than one secondary specifier in a rule. However, you  
cannot repeat a secondary specifier.  
The following table lists the primary destination tags and their allowed  
values:  
Primary Destination  
dest_domain  
dest_host  
Allowed Value  
Requested domain name  
Requested host name  
dest_ip  
Requested IP address  
url_regex  
Regular expression to be found in a URL  
72  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
The secondary specifiers are optional. The following table lists the possible  
tags and their allowed values:  
Secondary Specifier Allowed Value  
time  
A time range, such as 08:00-14:00  
The IP address of the client  
A prefix in the path part of a URL  
A file suffix in the URL  
A requested URL port  
A request URL method; one of the following:  
  get  
src_ip  
prefix  
suffix  
port  
method  
  post  
  put  
  trace  
scheme  
A request URL protocol; one of the following:  
  HTTP  
  FTP  
The following table lists the possible action tags and their allowed values:  
Action  
Value  
action  
  ip_allow  
  ip_deny  
keep_hdr  
Enter the client request header information that  
you want to keep:  
  date  
  host  
  cookie  
  client_ip  
strip_hdr  
Enter the client request header information that  
you want to strip. You have the same options as  
keep_hdr.  
Examples  
The following rule tells the appliance to deny FTP document requests to the  
IP address 112.12.12.12.  
dest_ip=112.12.12.12 scheme=ftp action=ip_deny  
Chapter 5 Using the Command-Line Interface  
73  
The following rule tells the appliance to keep the client IP address header for  
URL addresses that contain the regular expression politicsand whose path  
prefix is /viewpoint.  
url_regex=politics prefix=/viewpoint keep_hdr=client_ip  
The following rule tells the appliance to strip all cookies to the requested host  
www.intel.com.  
dest_host=www.intel.com strip_hdr=cookie  
The following rule tells the appliance not to allow putsto the requested host  
www.intel.com.  
dest_host=www.intel.com method=put action=ip_deny  
  Deleting filter rules  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select filter, and press Enter.  
Select delete, and press Enter. Doing so causes a list of the rules to appear. If  
no rules exist, a message appears at the bottom of the screen indicating such.  
5
6
Use the arrow keys and move to the rule you want to delete, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
  Viewing filter rules  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select filter, and press Enter.  
Select view, and press Enter. Doing so displays the file containing the filter  
rules.  
Setting remap rules  
For reverse proxy caching, the appliance uses remap rules to map an origin server  
to the appropriate location on the appliance.  
Remap rules are also used to modify location headers. Origin servers might  
respond to a request with a location header that redirects the client to another  
location. Origin server location headers must be reverse mapped so that clients  
do not bypass the appliance when they make redirected requests.  
You can add, delete, and view remap rules.  
  Adding remap rules  
1
2
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
74  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
3
4
5
6
Select remap, and press Enter.  
Select add rules, and press Enter.  
Enter a remap rule, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Each rule must consist of three fields: type target replacement.  
The following table describes the proper format for each field.  
Field  
Description  
type  
Enter either one of the following:  
  map—maps an incoming request URL to the  
appropriate origin server URL.  
  reverse_map—use for location header modifying  
rules.  
target  
Enter the from URL. You can enter up to four  
components:  
replacement  
Enter the to URL. You can enter up to four  
components:  
<scheme>://<host>:<port>/<path_prefix>  
For more detailed information about remapping rules, refer to Understanding  
server acceleration mapping rules‚ on page 132.  
  Deleting remap rules  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select remap, and press Enter.  
Select delete, and press Enter. Doing so displays a list of the current remap  
rules. If no rules exist, a message appears at the bottom of the screen  
indicating such.  
5
6
Use the arrow keys and position the cursor over the rule you want to delete,  
and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
  Viewing remap rules  
1
2
3
4
Select the config menu, and press Enter.  
Select protocols, and press Enter.  
Select remap, and press Enter.  
Select view, and press Enter. Doing so displays the file containing the remap  
rules.  
Chapter 5 Using the Command-Line Interface  
75  
   
Configuring the cache  
You can configure cache storage options to do the following:  
  Enable caching of objects for different protocols.  
  Set disk storage options.  
  Set freshness properties.  
  Set caching rules.  
Enabling caching for different protocols  
You can configure the appliance to cache objects retrieved via the HTTP, NNTP,  
and FTP protocols. You can also choose to ignore or obey user requests to bypass  
the cache.  
  Enabling caching for different protocols  
1
2
3
4
Select the config menu, and press Enter.  
Select cache, and press Enter.  
Select activation, and press Enter.  
Select the configuration option you want to change.  
Note:  
You are not prompted for confirmation. Make sure you want to complete the  
action before you select one of the following options, and press Enter.  
 
 
 
 
 
 
 
To enable HTTP caching, select the first HTTP, and press Enter.  
To disable HTTP caching, select the second HTTP, and press Enter.  
To enable NNTP caching, select the first NNTP, and press Enter.  
To disable NNTP caching, select the second NNTP, and press Enter.  
To enable FTP caching, select the first FTP, and press Enter.  
To disable FTP caching, select the second FTP, and press Enter.  
To ignore user requests to bypass the cache (ignore client Cache  
Control: no-cache headers), select the first Bypass, and press Enter.  
 
To obey user requests to bypass the cache (obey client Cache Control:  
no-cache headers), select the second Bypass, and press Enter.  
After you press Enter, your selection displays at the bottom of the screen.  
76  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
Setting disk storage options  
You can configure the cache to store only objects below a certain size and to store  
a limited number of alternates.  
  Setting disk storage options  
1
2
3
Select the config menu, and press Enter.  
Select cache, and press Enter.  
Select storage, and press Enter. Doing so causes the Configure Cache  
Storage box to appear. This box shows the current settings for maximum  
object size and maximum number of alternates allowed in the cache.  
4
5
6
In the New HTTP/FTP Object Size field, type the maximum size of the  
HTTP or FTP objects that you want the appliance to cache, and press Enter.  
In the New Maximum number of alternates field, type the maximum  
number of alternates that you want the appliance to cache, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Setting object freshness options  
You can configure how fresh you want the appliance to keep your documents in  
the cache.  
  Setting freshness properties  
1
2
3
Select the config menu, and press Enter.  
Select cache, and press Enter.  
Select freshness, and press Enter. Doing so displays a list of options. Each of  
these options has several selections you can choose from. Use the arrow keys  
to position the cursor over the option you want and press Enter.  
Chapter 5 Using the Command-Line Interface  
77  
   
The following table shows the options:  
Option  
Description  
Options to Verify freshness Choosing this option lets you configure how  
the appliance asks the original content server  
to verify the freshness of objects (revalidate  
them) before serving them.  
Select from one of the following options and  
press Enter. After pressing Enter press  
CTRL-X to save your changes and return to  
the previous screen.  
  When The Object Has Expired—The  
appliance revalidates objects with explicit  
expiration dates after they expire.  
Otherwise, it uses heuristic methods to  
evaluate freshness and revalidates the  
object should it be stale.  
  When The Object Has Expired Or Has No  
Expiry Date—The appliance revalidates  
objects with explicit expiration dates after  
they expire. All other documents are  
revalidated before serving.  
  Always—The appliance always revalidates  
objects before serving them.  
  Never—The appliance never checks object  
freshness.  
Freshness information  
Specifies the minimum freshness information  
required when considering to cache a  
document.  
Select from one of the following options and  
press Enter. After pressing Enter press  
CTRL-X to save your changes and return to  
the previous screen.  
  An Explicit Lifetime—The appliance only  
caches objects with Expiresheaders or  
Cache-Control: max-ageheaders.  
  A Last Modified Time—The appliance only  
caches objects with Expiresheaders, or  
Cache-Control: max-age headers,  
or Last-Modifiedheaders.  
  Nothing—The appliance caches  
documents regardless of freshness  
headers.  
78  
Intel NetStructure Cache Appliance Administrator’s Guide  
Option (Continued)  
Description (Continued)  
Set FTP objects expiry  
FTP objects carry no time stamp or date  
information. The appliance considers them  
fresh for the amount of time specified here.  
This "freshness" time is counted from the  
time the object arrives in the cache.  
Enter the time in seconds and press Enter.  
After pressing Enter, press CTRL-X to save  
your changes and return to the previous  
screen.  
Internet Explorer options  
Versions of Microsoft Internet Explorer do not  
request cache reloads from reverse proxies  
and transparent caches when the user  
presses the browser Refresh button. This  
behavior can prevent users from manually  
reloading content directly from the origin  
servers. You can configure the appliance to  
treat Microsoft Internet Explorer requests  
more conservatively. Doing so provides  
fresher content at the cost of serving fewer  
documents from cache.  
Internet Explorer requests force a check with  
the origin server.  
Select from one of the following options and  
press Enter. After pressing Enter press  
CTRL-X to save your changes and return to  
the previous screen.  
  Never  
  For IMS Revalidation Requests  
  Always  
Configuring caching rules  
The appliance uses caching rules to determine how a particular group of URL  
addresses should be cached. You can add, delete, and view caching rules.  
Caching rules can specify:  
  Whether to cache objects  
  How long to keep (pin) particular objects in the cache  
  How long to consider cached objects as fresh  
  Whether to ignore no-cache directories from the server  
  Adding caching rules  
1
2
Select the config menu, and press Enter.  
Select cache, and press Enter.  
Chapter 5 Using the Command-Line Interface  
79  
   
3
4
5
6
Select rules, and press Enter.  
Select add rules, and press Enter.  
Enter a caching rule, and press Enter.  
Press CTRL-X to save your rule and return to the previous screen.  
Each rule must have the following format:  
primary destination=value secondary specifier=value action=<value  
The following table lists the supported primary destinations and their allowed  
values:  
Primary Destination  
dest_domain  
dest_host  
Allowed Value  
Requested domain name  
Requested host name  
dest_ip  
Requested IP address  
url_regex  
Regular expression to be found in a URL  
The secondary specifiers are optional. The following table lists the possible  
tags and their allowed values.  
Note  
You can use more than one secondary specifier in a rule. However, you  
cannot repeat a secondary specifier.  
Secondary Specifier  
time  
Allowed Value  
A time range, such as 08:00-14:00  
src_ip  
The IP address of the client  
prefix  
A prefix in the path part of a URL  
suffix  
A file suffix in the URL  
port  
A requested URL port  
method  
A request URL method; use one of the following:  
  get  
  post  
  put  
  trace  
scheme  
A request URL protocol; use one of the following:  
  HTTP  
  FTP  
80  
Intel NetStructure Cache Appliance Administrator’s Guide  
The following table lists the possible action tags and their allowed values:  
Action  
Value  
action  
  never-cache  
  ignore-no-cache  
pin-in-cache  
Enter the amount of time you want to keep the  
object(s) in the cache. Use the following time  
formats:  
  h for hours, e.g. 10h  
  m for minutes, e.g. 5m  
  s for seconds, e.g. 20s  
  mixed units, e.g. 1h15m20s  
revalidate  
Enter the amount of time you want to consider  
the object(s) fresh. Use the same time formats  
that are shown in pin-in-cache.  
Examples  
The following rule tells the appliance to never cache FTP documents  
requested from the IP address 112.12.12.12.  
dest_ip=112.12.12.12 scheme=ftp action=never-cache  
The following rule tells the appliance to keep in the cache for 12 hours  
documents whose URL addresses contain the regular expression  
politicsand whose the paths contain the prefix /viewpoint.  
url_regex=politics prefix=/viewpoint pin-in-cache=12h  
  Deleting cache rules  
1
2
3
4
Select the config menu, and press Enter.  
Select cache, and press Enter.  
Select rules, and press Enter.  
Select delete rules, and press Enter. Doing so displays a list of the current  
rules. If no rules exits, a message appears at the bottom of the screen  
indicating such.  
5
6
Use the arrow keys to position the cursor over the rule you want to delete and  
press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Chapter 5 Using the Command-Line Interface  
81  
   
  Viewing cache rules  
1
2
3
4
Select the config menu, and press Enter.  
Select cache, and press Enter.  
Select rules, and press Enter.  
Select view rules, and press Enter. Doing so displays the file containing the  
cache rules.  
Configuring security options  
You can control client access to the appliance and access to the Manager UI.  
Controlling client access to the appliance  
The appliance uses IP Allow rules to specify ranges of IP addresses that are  
allowed to use the appliance as a web proxy. If you want to deny access to  
specific IP addresses, do not include them in an IP Allow rule. You can add,  
delete, and view IP Allow rules.  
  Adding IP Allow rules  
1
2
3
4
5
6
Select the config menu, and press Enter.  
Select security, and press Enter.  
Select server, and press Enter.  
Select add rules, and press Enter.  
Enter an IP allow rule, and press Enter.  
Press CTRL-X to save your rule and return to the previous screen.  
Each rule must have the following format:  
src_ip=IPaddress or IPaddress_range action=ip_allow  
The IP address or range of IP addresses specified in the src_ipfield are  
allowed to use the appliance as a web proxy.  
Examples  
The following rule allows all clients to use the appliance as a web proxy:  
src_ip=0.0.0.0-255.255.255.255 action=ip_allow  
The following rule allows a specific subnet to use the appliance as a web  
proxy:  
src_ip=123.12.3.000-123.12.3.123 action=ip_allow  
  Deleting IP Allow rules  
1
2
Select the config menu, and press Enter.  
Select security, and press Enter.  
82  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
3
4
Select server, and press Enter.  
Select delete rules, and press Enter. Doing so displays a list of current rules.  
If no rules exist, a message displays at the bottom of the screen indicating  
such.  
5
6
Use the arrow keys to position the cursor over the rule you want to delete, and  
press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
  Viewing IP Allow rules  
1
2
3
4
Select the config menu, and press Enter.  
Select security, and press Enter.  
Select server, and press Enter.  
Select view rules, and press Enter. Doing so displays the file containing the  
IP Allow rules.  
Controlling access to the Manager UI  
The appliance uses Manager Allow rules to specify ranges of IP addresses that  
are allowed to access the Manager UI. If you want to deny Manager UI access to  
specific IP addresses, do not include them in a Manager Allow rule. You can add,  
delete, and view Manager Allow rules.  
  Adding Manager Allow rules  
1
2
3
4
5
6
Select the config menu, and press Enter.  
Select security, and press Enter.  
Select mgmt, and press Enter.  
Select add rules, and press Enter.  
Enter a rule, and press Enter.  
Press CTRL-X to save your rule and return to the previous screen.  
Each rule must have the following format:  
src_ip=IPaddress or IPaddress_range action=ip_allow  
The IP address or range of IP addresses specified in the src_ipfield are  
allowed to access the Manager UI.  
Examples  
The following rule allows one user to access the Manager UI:  
src_ip=123.12.3.123 action=ip_allow  
The following rule allows a range of IP addresses to access the Manager  
UI:  
src_ip=123.12.3.000-123.12.3.123 action=ip_allow  
Chapter 5 Using the Command-Line Interface  
83  
   
  Deleting Manager Allow rules  
1
2
3
4
Select the config menu, and press Enter.  
Select security, and press Enter.  
Select mgmt, and press Enter.  
Select delete rules, and press Enter. Doing so displays a list of the current  
rules. If no rules exist, a message displays at the bottom of the screen  
indicating such.  
5
6
Use the arrow keys to position the cursor over the rule you want to delete, and  
press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
  Viewing Manager Allow rules  
1
2
3
4
Select the config menu, and press Enter.  
Select security, and press Enter.  
Select mgmt, and press Enter.  
Select view rules, and press Enter. Doing so displays the file containing the  
Manager Allow rules.  
Configuring routing options  
You can configure ICP peers (parent and sibling caches), control HTTP parent  
proxy services, and configure Web cache control protocol.  
Configuring and maintaining ICP peers  
You can do the following when configuring and maintain ICP peers:  
  View and modify ICP rules  
  View current ICP settings  
  Enable ICP  
  Disable ICP  
  Enable multicast  
  Disable multicast  
  Set ICP port numbers  
  Set ICP query timeout  
Viewing and modifying ICP rules  
The appliance uses ICP rules to define parent and sibling caches. You can  
add, delete, and view ICP rules.  
84  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
 
Adding ICP rules  
1
2
3
4
5
6
7
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select rules, and press Enter.  
Select add rules, and press Enter.  
Add an ICP rule, and press Enter.  
Press CTRL-X to save your rule and return to the previous screen.  
Each rule must contain the name and configuration information for a  
single ICP peer in the following format:  
host:hostIP:cache_type:proxy_port:icp_port:MC_on:MC_IP:MC_TTL:  
The following table describes each field:  
Field  
Description  
host  
The host name of the ICP peer. The name  
localhostis reserved for the appliance.  
host IP  
The IP address of the ICP peer.  
cache_type  
The cache type. Use the following options:  
  1 to indicate an ICP parent cache  
  2 to indicate an ICP sibling cache  
Option 3 is reserved for the local host (the  
appliance itself).  
proxy_port  
icp_port  
MC_on  
The port number of the TCP port used by the  
ICP peer for proxy communication.  
The port number of the UDP port used by the  
ICP peer for ICP communication.  
Multicast on/off. Use the following options:  
  0 if multicast is not enabled  
  1 if multicast is enabled  
Chapter 5 Using the Command-Line Interface  
85  
Field (Continued)  
Description (Continued)  
MC_IP  
The multicast IP address.  
If MC_on is disabled, appliance ignores this  
field.  
MC_TTL  
The multicast time to live. Use the following  
options:  
  1 if IP multicast datagrams will not be  
forwarded beyond a single subnetwork  
  2 to allow delivery of IP multicast datagrams  
to more than one subnet (if there are one or  
more multicast routers attached to the first  
hop subnet)  
If MC_on is disabled, appliance ignores this  
field.  
Example  
The following example configuration is for three nodes: the local host,  
one parent, and one sibling:  
localhost:0.0.0.0:3:8080:3130:0:0.0.0.0:0:  
host1:123.12.1.23:1:8080:3131:0:0.0.0.0:0:  
host2:123.12.1.24:2:8080:3131:0:0.0.0.0:0:  
 
Deleting ICP rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select rules, and press Enter.  
Select delete rules, and press Enter. Doing so displays a list of current  
rules. If no rules exist, a message displays at the bottom of the screen  
indicating such.  
6
7
Use the arrow keys to position the cursor over the rule you want to delete,  
and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
86  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Viewing ICP rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select rules, and press Enter.  
Select view rules, and press Enter. Doing so causes the file containing the  
ICP rules to appear.  
Viewing current ICP settings  
You can find out if the ICP protocol is enabled or disabled, what the ICP port  
number is, whether ICP multicast is enabled or disabled, and the ICP query  
timeout by viewing the settings.  
 
Viewing ICP settings  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select view, and press Enter.  
Enabling and disabling ICP  
You can enable or disable ICP.  
 
 
Enabling ICP  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select enable-icp, and press Enter.  
Disabling ICP  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select disable-icp, and press Enter.  
Chapter 5 Using the Command-Line Interface  
87  
Enabling and disabling multicast in ICP  
You can enable or disable multicast in ICP.  
 
 
Enabling multicast in ICP  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select enable-multicast, and press Enter.  
Disabling multicast in ICP  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select disable-multicast, and press Enter.  
Setting the ICP port number  
You can set the ICP port number.  
 
Setting the ICP port number  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select port, and press Enter. Doing so causes a field to appear that has the  
current port number displayed.  
5
6
Supply the port number in the data field, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Setting the ICP query timeout  
You can set the ICP query timeout number.  
88  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Setting the ICP query timeout number  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select icp, and press Enter.  
Select timeout, and press Enter. Doing so causes a field to appear that has  
the current timeout value in seconds displayed.  
5
6
Supply the new timeout value in seconds in the data field, and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Controlling parent proxy caching  
The appliance uses parent proxy rules to set up parent proxy hierarchies with  
multiple parents and parent failover, and to configure selected URL requests to  
bypass parent proxies.  
You can enable and disable parent proxy caching as well as configure parent  
proxy caching rules.  
Note  
For the parent proxy rules to take effect, HTTP parent proxy services must be  
enabled in the Manager UI.  
  Enabling parent proxy caching rules  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select parent, and press Enter.  
Select enable, and press Enter.  
  Disabling parent proxy caching rules  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select parent, and press Enter.  
Select disable, and press Enter.  
  Adding parent proxy caching rules  
1
2
3
4
5
6
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select parent, and press Enter.  
Select rules, and press Enter.  
Select add rules, and press Enter.  
Enter a parent proxy rule, and press Enter.  
Chapter 5 Using the Command-Line Interface  
89  
       
7
Press CTRL-X to save your rule and return to the previous screen.  
Each rule must have the following format:  
primary destination=value secondary specifier=value action=value  
The following table lists the primary destinations and their allowed values:  
Primary Destination  
dest_domain  
dest_host  
Allowed Value  
Requested domain name  
Requested host name  
dest_ip  
Requested IP address  
url_regex  
Regular expression to be found in a URL  
The secondary specifiers are optional. The following table lists the possible  
tags and their allowed values:  
Secondary Specifiers  
time  
Allowed Value  
src_ip  
The IP address of the client  
prefix  
A prefix in the path part of a URL  
suffix  
A file suffix in the URL  
port  
A requested URL port  
method  
A request URL method; one of the following:  
  get  
  post  
  put  
  trace  
scheme  
A request URL protocol; one of the following:  
  HTTP  
  FTP  
The following table lists the allowed action tags and their possible values:  
Action Tag  
Allowed Value  
parent  
An ordered list of parent proxies. If the request  
cannot be handled by the last parent server in the  
list, it will be routed to the origin server.  
90  
Intel NetStructure Cache Appliance Administrator’s Guide  
Action Tag  
Allowed Value (Continued)  
round_robin  
  true  
Enter true if you want the appliance to go through  
the parent proxy list in a round-robin.  
  false  
go_direct  
  true  
Enter true if you want requests to bypass parent  
hierarchies and go directly to the origin server.  
  false  
Enter false if you do not want requests to bypass  
parent hierarchies.  
Examples  
The following rule sets up a parent proxy hierarchy consisting of the  
appliance (which is the child) and two parents, p1and p2. All get  
requests, if they cannot be served by the appliance, are routed to the first  
parent server, p1.x.com. If they are not in the first parent server, they are  
routed to the second parent server, p2.y.com. Because  
round_robin=true, the parent servers are queried in a round-robin  
fashion.  
dest_domain=. method=get parent=”p1.x.com:8080; p2.y.com:8080” round_robin=true  
The following rule tells the appliance to route all requests containing the  
regular expression politicsand the path /viewpointdirectly to the  
origin server (bypassing any parent hierarchies).  
url_regex=politics prefix=/viewpoint go_direct=true  
Every rule must contain either a parent=or go_direct=directive.  
  Deleting parent proxy caching rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select parent, and press Enter.  
Select rules, and press Enter.  
Select delete rules, and press Enter. Doing so displays a list of current rules.  
If no rules exist, a message displays at the bottom of the screen indicating  
such.  
6
7
Use the arrow keys to position the cursor over the rule you want to delete, and  
press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Chapter 5 Using the Command-Line Interface  
91  
 
  Viewing parent proxy caching rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select parent, and press Enter.  
Select delete, and press Enter.  
Select view rules, and press Enter. Doing so lists the file containing the  
parent proxy caching rules.  
Configuring WCCP options  
The appliance supports WCCP 2.0-enabled routers. If you use WCCP, you must  
specify the IP address of the router.  
You can enable, disable, configure, and view WCCP options.  
  Enabling WCCP  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select wccp, and press Enter.  
Select enable WCCP, and press Enter.  
  Disabling WCCP  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select wccp, and press Enter.  
Select disable, and press Enter.  
  Configuring WCCP options  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select wccp, and press Enter.  
configure, and press Enter. Doing so causes a menu to appear that allows you  
to configure WCCP options.  
 
To enable security, select enable security, and press Enter. Doing so  
causes two fields to appear in which you can enter and confirm the  
password. Supply the password in the top field and press Enter. Supply  
the password in the second field and press Enter. Finally, press CTRL-X  
to save your changes and return to the previous screen.  
 
 
To disable security, select disable security, and press Enter.  
To enable multicast communication, select enable multicast, and press  
Enter. Doing so causes two fields to appear. Supply the multicast  
address in the top field and press Enter. Supply the multicast TTL in the  
92  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
bottom field and press Enter. Finally, press CTRL-X to save your  
changes and return to the previous screen.  
 
To disable multicast communication, select disable multicast, and  
press Enter.  
 
 
 
 
 
To enable HTTP redirection, select enable HTTP, and press Enter.  
To disable HTTP redirection, select disable HTTP, and press Enter.  
To enable NNTP redirection, select enable NNTP, and press Enter.  
To enable NNTP redirection, select enable NNTP, and press Enter.  
To add a router, select add router, and press Enter. Doing so causes a  
field to appear. Supply the router IP and press Enter. Press CTRL-X to  
save your changes and return to the previous screen.  
 
To delete all routers, select delete routers, and press Enter.  
  Viewing current WCCP options  
1
2
3
4
Select the config menu, and press Enter.  
Select routing, and press Enter.  
Select wccp, and press Enter.  
Select view, and press Enter.  
Configuring the Adaptive Redirection Module (ARM)  
You can configure the ARM for transparent proxy caching, set bypass rules, and  
configure load-shedding options.  
Enabling and disabling transparent redirection  
You can enable or disable transparent HTTP/NTTP.  
  Enabling transparent redirection  
1
2
3
4
Select the config menu, and press Enter.  
Select arm, and press Enter.  
Select nat, and press Enter.  
Select enable, and press Enter.  
  Disabling transparent redirection  
1
2
3
4
Select the config menu, and press Enter.  
Select arm, and press Enter.  
Select nat, and press Enter.  
Select disable, and press Enter.  
Chapter 5 Using the Command-Line Interface  
93  
       
Configuring ARM bypass rules  
The appliance uses ARM bypass rules to determine whether to bypass incoming  
client requests or to attempt to serve them transparently.  
You can add, delete, and view ARM bypass rules.  
  Adding ARM bypass rules  
1
2
3
4
5
6
7
Select the config menu, and press Enter.  
Select arm, and press Enter.  
Select bypass, and press Enter.  
Select rules, and press Enter.  
Select add rules, and press Enter.  
Add a bypass rule, and press Enter.  
Press CTRL-X to save your rule and return to the previous screen.  
You can configure three types of bypass rules:  
Rule  
Description  
Source bypass  
Configures the appliance to bypass a particular source  
IP address or range of IP addresses. For example,  
use this solution to bypass clients that do not want to  
use caching.  
Destination  
bypass  
Configures the appliance to bypass a particular  
destination IP address or range of IP addresses. For  
example, these could be destination servers that use  
IP authentication based on the client’s real IP address.  
Destination bypass rules prevent the appliance from  
caching an entire site. You will experience hit rate  
impacts if the site you bypass is popular.  
Source/  
Destination pair  
bypass  
Configures the appliance to bypass requests that  
originate from the specified source to the specified  
destination. For example, you can route around  
specific client-server pairs that experience broken IP  
authentication or out-of-band HTTP traffic problems  
when cached. Source/destination bypass rules can be  
preferable to destination rules because they block a  
destination server only for users that experience  
problems.  
94  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
The bypass rules have the following format:  
Rule  
Format  
source IP bypass bypass src src_IP  
Where src_IP can be:  
  A simple IP address, such as 1.1.1.1  
  In Classless Inter-Domain Routing (CIDR) format,  
such as 1.1.1.0/24  
  A range of IP addresses separated by a dash, such  
as 1.1.1.1-2.2.2.2  
  Any combination of the above, separated by  
commas, such as 1.1.1.0/24, 25.25.25.25,  
123.1.23.1 - 123.1.23.123  
destination IP  
bypass  
bypass dst dst_IP  
Where dst_IP can have the same format as  
src_IP  
source/  
bypass src IP_address AND dst IP_address  
destination IP  
bypass  
Where IP_addressmust be a single IP address,  
such as 1.1.1.1  
Examples  
The following examples show source, destination, and source/destination  
bypass rules:  
bypass src 1.1.1.0/24, 25.25.25.25, 128.252.11.11 - 128.252.11.255  
bypass dst 24.24.24.0/24  
bypass src 25.25.25.25 AND dst 24.24.24.0  
  Deleting ARM bypass rules  
1
2
3
4
5
Select the config menu, and press Enter.  
Select arm, and press Enter.  
Select bypass, and press Enter.  
Select rules, and press Enter.  
Select delete rules, and press Enter. Doing so displays a list of current rules.  
If no rules exist, a message displays at the bottom of the screen indicating  
such.  
6
7
Use the arrow keys to position the cursor over the rule you want to delete, and  
press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
  Viewing ARM bypass rules  
1
2
Select the config menu, and press Enter.  
Select arm, and press Enter.  
Chapter 5 Using the Command-Line Interface  
95  
   
3
4
5
Select bypass, and press Enter.  
Select rules, and press Enter.  
Select view rules, and press Enter. Doing so displays the file containing  
ARM bypass rules.  
Configuring load-shedding options  
When transparent proxy caching is enabled, the appliance handles overload  
conditions by forwarding new requests to origin servers. You can configure the  
appliance to automatically shed load if the cache-hit transaction times become  
too long.  
  Configuring load-shedding options  
1
2
3
Select the config menu, and press Enter.  
Select arm, and press Enter.  
Select shedding, and press Enter. Doing so displays a field that has the  
current value for the maximum number of connections.  
4
5
Supply the maximum number of connections in the field and press Enter.  
Press CTRL-X to save your changes and return to the previous screen.  
Configuring the host database options  
The appliance host database stores the domain name server (DNS) entries of  
servers that are contacted to fulfill user requests. You can configure and view the  
host database.  
  Configuring host database options  
1
2
3
Select the config menu, and press Enter.  
Select hostdb, and press Enter.  
Select configure, and press Enter. Doing so displays current values for the  
options you can set.  
4
Supply a value for each field you want to change, and press Enter after filling  
in each field.  
96  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
5
Press CTRL-X to save your changes and return to the previous screen.  
The following table describes the options:  
Option  
Description  
Lookup Timeout  
Specifies the timeout period in seconds for the IP address  
lookup operation in the host database.  
Foreground  
Timeout  
Specifies how long DNS entries can remain in the  
database before they are flagged as stale. For example, if  
foreground timeout is 24 hours, and a user requests an  
entry that has been in the database for 24 hours or longer,  
the entry is refreshed before being served.  
You can set the background timeout (see next item) to  
refresh entries in the background, before objects become  
stale.  
Be careful that you don’t set the foreground timeout too  
low as you might slow response time. Also, setting this  
time too high risks accumulation of incorrect information.  
Setting the foreground timeout to greater than or equal to  
the background timeout disables background refresh.  
Background  
Timeout  
Specifies how long DNS entries can remain in the  
database before they are flagged as entries to refresh in  
the background. These entries are still fresh, so they can  
be refreshed after they are served, rather than before.  
For example, suppose the foreground timeout is 24 hours  
and the background timeout is 12 hours. A user requests  
an object from my.comand 16 hours later, a user makes a  
second request for an object from my.com. The DNS entry  
for my.comhas not been refreshed in the foreground  
because the entry is not yet 24 hours old. But since the  
background timeout has expired, the appliance will first  
serve the user’s request, then refresh the entry in the  
background.  
Invalid Host  
Timeout  
Specifies how long the proxy software should remember  
that a host name is invalid. This is often called negative  
DNS caching.  
For example, if a user specifies an invalid host name, the  
appliance informs the user that it could not resolve the  
name, and the appliance gets another request for the  
same host name. If the appliance still remembers the bad  
name, it won’t try to look it up again, but will send another  
“invalid host name” message to the user.  
Re-DNS On  
Reload  
Re-resolves host names whenever clients reload pages.  
Chapter 5 Using the Command-Line Interface  
97  
Option  
Description  
DNS Resolve  
Timeout  
Specifies how long the appliance should wait for the DNS  
server to respond with an IP address, even if the client  
request has been cancelled.  
If the user abandons the request before this timeout  
expires, the appliance can still obtain the host’s IP address  
in order to cache it. The next time a user makes the same  
request, the address will be in the cache.  
Number of DNS  
Retries  
Specifies how many times the appliance should allow a  
look-up operation to fail before it abandons the operation  
and sends an “invalid host name” message to the user.  
  Viewing host database options  
1
2
3
Select the config menu, and press Enter.  
Select hostdb, and press Enter.  
Select view, and press Enter.  
Configuring logging options  
You can configure the logging options used in the appliance. The appliance is  
able to keep system logs of events and statistical information. You can enable,  
disable, configure, and view the logging options.  
  Enabling logging options  
1
2
3
Select the config menu, and press Enter.  
Select logging, and press Enter.  
Select enable, and press Enter.  
  Disabling logging options  
1
2
3
Select the config menu, and press Enter.  
Select logging, and press Enter.  
Select disable, and press Enter.  
  Configuring logging options  
1
2
3
Select the config menu, and press Enter.  
Select logging, and press Enter.  
Select collation, and press Enter. Doing so displays current values in separate  
fields. Following are default values:  
Enter Collation FTP Host:  
Collation Interval (hours): 3  
Enter Collation FTP User: admin  
Enter Collation FTP Password: admin  
Enter Collation FTP Directory: ~/logs  
98  
Intel NetStructure Cache Appliance Administrator’s Guide  
         
4
5
Supply a value for each field you want to change, and press Enter after filling  
in each field.  
Press CTRL-X to save your changes and return to the previous screen.  
  Viewing logging options  
1
2
3
Select the config menu, and press Enter.  
Select logging, and press Enter.  
Select view, and press Enter.  
Using the monitor menu  
The monitor menu lets you view the following:  
  Node performance statistics  
  Protocol performance statistics  
  Cache performance statistics  
  Other performance statistics, such as host database, DNS, and cluster  
Viewing Node statistics  
Node statistics report performance information about the appliance system.  
These statistics include document hit rates, the number of HTTP transactions per  
second, and the number of open client and server connections.  
  Viewing node statistics  
1
2
Select the monitor menu, and press Enter.  
Select node, and press Enter. Doing so causes statistics to display on the  
screen. The following table describes the statistics listed. Statistics fall into  
three categories: cache, in progress, and network.  
Statistic  
Description  
Cache  
Document Hit Rate  
The ratio of cache hits to total  
cache requests, averaged over 10  
seconds. This value is refreshed  
every 10 seconds.  
Bandwidth Savings  
The ratio of bytes served from the  
cache to total requested bytes,  
averaged over 10 seconds. This  
value is refreshed every 10  
seconds.  
Cache Percent Free  
The ratio of cache free space to  
total cache space.  
In Progress Open Server  
The number of currently open  
server connections.  
Connections  
Chapter 5 Using the Command-Line Interface  
99  
       
Statistic (Continued)  
Description (Continued)  
Open Client  
Connections  
The number of currently open  
client connections.  
Cache Transfers in  
Progress  
The number of cache transfers  
(cache reads and writes) in  
progress.  
Network  
Client Throughput  
(Mbit/sec)  
The number of bytes per second  
through node (and cluster).  
Transactions Per  
Second  
The number of HTTP transactions  
per second.  
Viewing Protocol statistics  
Protocol statistics report the appliance system’s use of the HTTP, NNTP, FTP,  
and ICP protocols.  
  Viewing protocol statistics  
1
2
Select the monitor menu, and press Enter.  
Select protocols, and press Enter. Doing so causes a list of protocols to  
appear on screen.  
3
Select the protocol you want to view and press Enter.  
The following table describes the statistics for the HTTP-trans protocol.  
Statistics  
Description  
Hits  
  Fresh—The percentage of hits that are fresh and their  
average transaction times.  
  Stale Revalidated—The percentage of hits that are  
stale and revalidated, turn out to be still fresh and  
served, and their average transaction times.  
Misses  
  Now Cached—The percentage of requests for  
documents that were not in the cache (but are now) and  
their average transaction times.  
  Server No Cache—The percentage of requests for  
documents that were not in the cache, but have server  
no-cache headers (cannot be cached); and their  
average transaction times.  
  Stale Reloaded—The percentage of misses that are  
revalidated, turn out to be changed, reloaded, and  
served; and their average transaction times.  
  Client No Cache—The percentage of misses with client  
no-cache headers and their average transaction times.  
100  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
Statistics  
Description (Continued)  
Errors  
  Connect Failures—The percentage of connect errors  
and their average transaction times.  
  Other Errors—The percentage of other errors and their  
average transaction times.  
Aborted  
Transactions  
  Client Aborts—The percentage of client-aborted  
transactions, and their average transaction times.  
  Questionable Client Aborts—The percentage of  
possibly client-aborted transactions, and their average  
transaction times.  
  Partial Request Hangups—The percentage of early  
hangups (after partial requests) and their average  
transaction times.  
  Pre-Request Hangups—The percentage of pre-request  
hangups and their average transaction times.  
  Pre-Connect Hangups—The percentage of pre-connect  
hangups and their average transaction times.  
Other  
transactions  
Unclassified—The percentage of unclassified transactions  
and their average transaction times.  
The following table describes the statistics for the HTTP protocol. Statistics  
exist for both the client and server.  
Statistics  
Description  
Client  
Total Document Bytes  
The total amount of HTTP data  
served to clients since  
installation.  
Total Header Bytes  
The total amount of HTTP  
header data served to clients  
since installation.  
Total Connections  
The total number of HTTP client  
connections since installation.  
Transactions In Progress  
Total Document Bytes  
The total number of HTTP client  
transactions in progress.  
Server  
The total amount of HTTP data  
received from origin servers  
since installation.  
Total Header Bytes  
The total amount of HTTP  
header data received from origin  
servers since installation.  
Chapter 5 Using the Command-Line Interface  
101  
Total Connections  
The total number of HTTP server  
connections since installation.  
Transactions In Progress  
The total number of HTTP server  
connections in progress.  
The following table describes the protocol for the NNTP protocol. Statistics  
and descriptions exist for Client, Server, and Operations.  
Statistics  
Description  
Client  
Open Connections  
The number of open NNTP  
connections.  
Bytes Read  
The number of NNTP client  
request bytes read since  
installation.  
Bytes Written  
Open Connections  
Bytes Read  
The number of NNTP client bytes  
written since installation.  
Server  
The number of currently open  
NNTP server connections.  
The number of bytes read from  
parent NNTP servers since  
installation.  
Bytes Written  
The number of NNTP bytes  
written to the cache since  
installation.  
Statistics  
Description  
Operations  
Article Hits  
The number of news article hits  
since installation.  
Article Misses  
The number of news article  
misses since installation.  
Overview Hits  
The number of overview hits  
since installation.  
Overview Refreshes  
The number of overview  
refreshes. An overview refresh  
occurs when the appliance  
caches a group overview on  
demand (as opposed to an  
overview pull).  
Group Hits  
Group Refreshes  
Posts  
The total number of news group  
hits.  
The total number of news group  
refreshes (updates).  
The number of posts through the  
traffic server.  
102  
Intel NetStructure Cache Appliance Administrator’s Guide  
Post Bytes  
Poll Bytes  
Feed Bytes  
The number of total bytes posted  
through the traffic server.  
The number of total bytes polled  
by the traffic server.  
The number of total bytes fed to  
the traffic server.  
The following table describes the statistics for the FTP protocol:  
Statistics  
Description  
Open Connections  
The number of open FTP connections.  
PASV Connections  
Successes  
The number of successful PASV connections  
since installation.  
PASV Connections  
Failures  
The number of PASV connection failures since  
installation.  
PORT Connections  
Successes  
The number of successful PORT connections  
since installation.  
PORT Connections  
Failures  
The number of PORT connection failures since  
installation.  
The following table describes the statistics for the ICP protocol. Statistics  
exist for queries originating from the node and for queries originating from  
ICP peers.  
Statistics  
Description  
Queries  
Originating  
from this Node  
Query  
Requests  
The number of HTTP requests that  
generate ICP query messages.  
Query  
Messages  
Sent  
The total number of ICP query  
messages sent to ICP peers. This  
number is larger than the number of  
ICP Query Requests if there are  
multiple ICP peers.  
Peer Hit  
Messages  
Received  
The number of ICP peer hit  
messages received in response to  
ICP queries from this node.  
Statistics  
Description  
Queries  
Peer Miss  
Messages  
Received  
The number of ICP peer miss  
messages received in response to  
ICP queries from this node.  
Originating  
from this Node  
(continued)  
Chapter 5 Using the Command-Line Interface  
103  
Total  
Responses  
Received  
The number of response messages  
received from ICP peers (siblings and  
parents).  
Average ICP  
Message  
Response  
Time  
The average time for an ICP peer to  
respond to an ICP query message  
from this node. This is a cumulative  
average value.  
Average ICP  
The average time for an HTTP  
Request Time request (that is sent to ICP) to receive  
an ICP response. This is a cumulative  
average value.  
Queries  
Originating  
from ICP Peers  
Query  
Messages  
Received  
The number of ICP query messages  
received from remote ICP peers  
(siblings and parents).  
Remote Query The number of successful cache  
Hits  
lookups in response to queries from  
ICP peers.  
Remote Query The number of unsuccessful cache  
Misses  
lookups in response to queries from  
ICP peers.  
Successful  
Responses  
Sent to Peers  
The number of successful ICP  
messages written in response to ICP  
queries from remote ICP peers.  
Viewing Cache statistics  
Cache statistics report information about the cache size, bytes used, object look-  
up operations, object reads, object writes, update operations, and remove  
operations.  
  Viewing Cache statistics  
1
2
Select the monitor menu, and press Enter.  
Select cache, and press Enter. Doing so causes the statistics to display on the  
screen. The following table describes the statistics.  
Statistics  
Description  
Cache Bytes Used  
Cache Size  
The number of bytes currently used.  
The number of bytes devoted to the cache.  
Cache Lookups  
Completed  
The number of completed cache lookups (for  
ICP hits) since installation.  
Cache Lookups Failed  
The number of ICP misses since installation.  
Cache Reads  
Completed  
The number of cache reads completed since  
installation(NNTP,HTTP,andFTP).  
104  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
Statistics (Continued) Description (Continued)  
Cache Reads Failed  
The number of cache read misses since  
installation(NNTP,HTTP,andFTP).  
Cache Writes  
Completed  
The number of completed cache writes since  
installation(NNTP,HTTP,andFTP).  
Cache Writes Failed  
The number of cache write failures since  
installation(NNTP,HTTP,andFTP).  
Cache Updates  
Completed  
The number of cache HTTP updates completed  
since installation.  
Cache Updates Failed  
The number of cache HTTP update failures  
since installation.  
Cache Removes  
Completed  
The number of cache removes completed since  
installation(includesNNTP,HTTP,andFTP  
removes).  
Cache Removes Failed The number of cache remove failures since  
installation(includesNNTP,HTTP,andFTP  
removes).  
Viewing Other statistics  
Other statistics report information about host database lookups, DNS lookups,  
cluster connections, and logging.  
  Viewing host database statistics  
1
2
3
Select the monitor menu, and press Enter.  
Select other, and press Enter.  
Select hostdb, and press Enter. Doing so causes the statistics to display on  
the screen. The following table describes the statistics.  
Statistic  
Description  
Total Lookups  
The total number of lookups in the appliance  
host database since installation.  
Total Hits  
The total number of host database lookup hits  
since installation.  
Average TTL (min)  
The average time-to-live in minutes.  
Chapter 5 Using the Command-Line Interface  
105  
   
  Viewing DNS statistics  
1
2
3
Select the monitor menu, and press Enter.  
Select other, and press Enter.  
Select dns, and press Enter. Doing so causes the statistics to display on the  
screen. The following table describes the statistics.  
Statistic  
Description  
Total Lookups  
The total number of DNS lookups (queries to  
name servers) since installation.  
Successes  
The total number of DNS lookup successes  
since installation.  
Average Lookup Time  
(msec)  
The average DNS lookup time.  
  Viewing cluster statistics  
1
2
3
Select the monitor menu, and press Enter.  
Select other, and press Enter.  
Select cluster, and press Enter. Doing so causes the statistics to display on the  
screen. The following table describes the statistics.  
Statistic  
Description  
Bytes Read  
The number of bytes read by this node from  
other nodes in the cluster since installation.  
Bytes Written  
The number of bytes this node has written to  
other cluster nodes since installation.  
Connections Open  
Total Operations  
Network Backups  
The total number of intracluster connections  
opened since installation.  
The total number of cluster transactions since  
installation.  
The number of times this node encountered  
intracluster network congestion and reverted to  
proxy-only mode since installation.  
Clustering Nodes  
The number of clustering nodes.  
106  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
  Viewing logging statistics  
1
2
3
Select the monitor menu, and press Enter.  
Select other, and press Enter.  
Select logging, and press Enter. Doing so causes the statistics to display on  
the screen. The following table describes the statistics.  
Statistic  
Description  
Currently Open Log  
Files  
The number of access log files (formats) that are  
currently being written.  
Space Used For Log  
Files  
The current amount of space being used by the  
logging directory, which contains all of the  
access and error logs.  
Number of Access  
Events Logged  
The current number of access events that have  
been written to log files. This counter represents  
one entry in one file, so that if multiple formats  
are being written, a single access will create  
multiple-access event log entries.  
Number of Access  
Events Skipped  
The number of skipped access events.  
Number of Error Events The current number of events that have been  
Logged written to the access error log.  
Using the expert menu  
The expert menu lets you invoke a command shell. From the shell, you can  
execute the following commands to access features not included in the  
command-line interface or the Manager UI: date, ifconfig, iostat,  
ipnat, kill, last, less, ls, mpstat, netstat, ping, ps,  
print_bypass, pwd, snoop, tail, top, traceroute,  
traffic_line, vmstat, and who.  
Note  
Note  
For information on these UNIX commands, refer to Sun’s Product  
  Entering expert mode  
1
Select the expert menu, and press Enter. Doing so causes control to switch to  
the Unix operating system.  
To return to the CLI, enter exit at the operating system’s command-line  
prompt.  
Chapter 5 Using the Command-Line Interface  
107  
     
Using the save menu  
The save menu lets you save the current appliance configuration to a floppy disk.  
  Saving the current configuration to a floppy disk  
1
2
Select the save menu, and press Enter. Doing so causes the system to prompt  
you to insert a blank floppy disk.  
Insert a floppy disk into the floppy disk drive, and press Enter. Doing so  
causes the appliance to copy all the current configuration settings to the  
floppy disk. After the operation, a message displays on screen indicating the  
copy was successful and asks you to take the floppy out.  
Note  
Do not leave the floppy inside the drive after saving the configuration. Doing so  
will cause remote boot and halt operations to malfunction.  
Using the load menu  
The load menu lets you copy a previously saved appliance configuration file from  
a floppy disk.  
  Loading a previously saved configuration from a floppy  
1
Select the load menu and press Enter. Doing so causes the system to prompt  
you to insert a floppy disk into the drive.  
2
Insert the floppy disk containing a previously saved configuration in the  
floppy disk drive, and press Enter. Doing so causes the appliance to copy the  
configuration from the floppy disk and load it on the system. After the  
operation, a message appears on the screen indicating the copy was  
successful.  
Using the logoff menu  
The logoff menu disconnects you from the appliance and logs you out of the  
system.  
  Logging off the system  
1
Select the logoff menu and press Enter. Doing so causes the system to  
disconnect you and return control to the VT100 terminal emulator window.  
108  
Intel NetStructure Cache Appliance Administrator’s Guide  
           
Chapter 6  
Troubleshooting Problems  
this chapter to help you find a solution. If the information in this chapter doesn’t solve  
your problem, refer to the Intel NetStructure Caching Appliance Product Support booklet  
that came with your system.  
This chapter provides information on the following topics:  
  Rebooting your system‚ on page 110  
  Upgrading software‚ on page 111  
109  
       
operating system to reboot. Rebooting the appliance is not the same as starting  
and stopping the caching software on your system. For instructions on how to  
start and stop the caching software by using the command-line interface (CLI),  
refer to Starting the appliance‚ on page 55 and Stopping the appliance‚ on  
page 55. For information on how to start or stop the caching software by using  
the Manager UI, refer to Using the Server Basics page‚ on page 24.  
You can reboot the appliance in a controlled manner through the CLI. If you find  
the appliance in a state where you can’t reboot it in a controlled manner, you can  
reboot it by pressing the Reset button located on the front panel. You should use  
this reboot method as a last resort. (For exact location of the Reset button, refer to  
the Intel NetStructure Cache Appliance Quick Start Guide.)  
Note  
During a reboot operation, the system maintains the state of the caching software.  
For example, if the caching software is running when the reboot operation is  
initiated, they will still be running after the reboot. On the other hand, if the  
caching software is not running at the time of the reboot, it will remain off after  
the reboot. However, during the system reboot, caching operations cease  
regardless of whether or not the caching software is running at the time of the  
reboot.  
Rebooting your system from the CLI  
You can reboot the appliance from the command-line interface.  
  Rebooting the appliance from the CLI  
1
2
3
Select the expert menu, and press Enter.  
Select reboot, and press Enter.  
Wait approximately four to five minutes for the appliance’s operating system  
to properly shut down and then restart.  
Rebooting your system from the front panel  
You can reboot the appliance from the front panel.  
  Rebooting the appliance from the front panel  
1
Press the system’s Reset button. (For exact location of the Reset button, refer  
to the Intel NetStructure Cache Appliance Quick Start Guide.)  
2
Wait approximately two to three minutes for the appliance’s operating system  
to shut down and then restart.  
110  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Upgrading software  
Periodically the caching application that runs on the Intel NetStructure Cache  
Appliance might need upgrading or might need to have a patch applied. In this  
case, visit Intel’s ISP web site at http://www.intel.com/isp and go to the product  
page for your appliance. That page contains information on the latest software  
versions and patches that might apply.  
Chapter 6 Troubleshooting Problems  
111  
 
Appendix A  
NetStructure Cache Appliance.  
This chapter covers the following topics.  
  Web proxy caching‚ on page 114  
  Transparent proxy caching‚ on page 120  
  Server acceleration‚ on page 128  
  Understanding cache hierarchies‚ on page 135  
  News article caching‚ on page 138  
  Carrier-class architecture‚ on page 143  
113  
       
Web proxy caching  
The Intel NetStructure Cache Appliance is a high-performance caching proxy  
server. It is designed to efficiently handle multiple client connections  
simultaneously and supports HTTP, FTP, NNTP, ICP, and WCCP 2.0 protocols.  
Caching  
The idea behind Web caching is to store copies of frequently accessed documents  
close to users and serve this information to them on demand. Users get their  
information faster, and Internet bandwidth is freed up for other tasks.  
Proxy server  
Users direct their requests to Web servers all over the Internet. For a caching  
server to serve these requests, it must act as a Web proxy server. A Web proxy  
server fields user requests to arbitrary Web servers and either serves the requests,  
or forwards them on to the origin server (the Web server that contains the original  
copy of the requested information).  
Transparent  
and explicit  
proxy caching  
The proxy supports both transparent proxy caching, where the user’s client  
software is unaware that it is communicating with a proxy, and explicit proxy  
caching, where client software (typically a browser) must be expressly pointed at  
the proxy. Transparent proxy caching is discussed in more detail on page 120.  
A day in the life of a cache request  
Here is an overview of the steps that take place as the appliance acts as a proxy  
cache and serves a user request.  
Step 1  
Step 2  
Step 3  
other Web object.  
With the object address in hand, the appliance looks up the requested object in its  
object database (cache).  
If the object is in the cache, the appliance checks to see if the object is fresh  
enough to serve. (See Ensuring cached object freshness‚ on page 115 for details.)  
If the object is fresh, the appliance serves it to the user as a cache hit (Figure 1).  
returned document  
3
Intel NetStructure Cache Appliance  
request  
1
hit  
cache  
a cache hit  
2
client  
Figure 1  
A cache hit  
114  
Intel NetStructure Cache Appliance Administrator’s Guide  
           
Step 4  
Step 5  
If the data in the cache is stale, the appliance connects to the origin server and  
asks if the document is still fresh. If the document is still fresh, the appliance  
sends the cached copy to the user immediately.  
If the object is not in the cache (a cache miss) or the server indicates that the  
cached copy is no longer valid, the appliance gets the document from the Web  
server, simultaneously streaming it to the user and the cache (Figure 2).  
Subsequent requests for the object will be served faster.  
3
The Intel Cache simultaneously caches  
and serves the document to the client  
server  
Intel NetStructure Cache Appliance  
request  
1
cache  
miss  
2
a cache miss  
client  
Figure 2  
A cache miss  
Caching is more complex than the preceding overview suggests. In particular, the  
overview does not answer these questions:  
  How does the Intel NetStructure Cache Appliance ensure freshness given the  
different protocols it supports?  
  How does the appliance revalidate stale HTTP objects?  
  How does the appliance test an HTTP object for freshness?  
  How does the appliance decide to serve an HTTP object?  
  How do you configure the appliance’s HTTP freshness options?  
  How does the appliance serve correct HTTP alternates?  
  How does the appliance treat requests for objects that cannot or should not be  
cached?  
The following sections discuss these questions.  
Ensuring cached object freshness  
The Intel NetStructure Cache Appliance handles object freshness differently  
FTP  
FTP documents stay in the cache for a time period specified by the system  
administrator. See Freshness‚ on page 36.  
NNTP  
News articles are refreshed each time the appliance polls parent news servers for  
changes in group lists, article overview lists, and article updates. See Maintaining  
the cache: updates and feeds‚ on page 141.  
Appendix A Caching Solutions and Performance  
115  
     
HTTP  
Web documents support optional author-specified expiration dates. The appliance  
adheres to these expiration dates; otherwise it picks an expiration date based on  
how frequently the document is changing and on administrator-chosen freshness  
guidelines. In addition, documents can be revalidated, checking with the server if  
a document is still fresh.  
Revalidating objects  
If an HTTP object is stale, the Intel NetStructure Cache Appliance revalidates the  
object. A revalidation is a query to the origin server that asks if the object is  
unchanged. The result of a revalidation could be:  
  The object is still fresh; the appliance resets its freshness limit and serves the  
object.  
  A new copy of the object is available; the appliance caches the new object,  
replacing the stale copy, and serves the object to the user simultaneously.  
  The object no longer exists on the origin server; the appliance does not serve  
the cached copy.  
  The origin server does not respond to the revalidation query. The appliance  
serves the stale object along with a 111 Revalidation Failed warning.  
HTTP object freshness tests  
Here’s how the Intel NetStructure Cache Appliance determines an HTTP  
document’s freshness:  
Expires header test:  
Some documents come with Expiresheaders or max-ageheaders that  
explicitly define how long the document can be cached. A simple comparison  
of the current time with the expiration time determines whether or not the  
document is fresh.  
Last-Modified / Date header test:  
If no expiration information exists, the appliance can use the Last-  
Modifiedand Dateheaders to estimate a freshness limit. The Last-  
Modifiedheader indicates how long ago a document was modified. If a  
document was last modified two years ago, it is unlikely to suddenly change,  
so the appliance can cache it safely for a while. But if the document just  
changed five minutes ago, it might be quite volatile, and the appliance should  
not cache it very long. The appliance stores an object for some percentage of  
the time (F) that elapsed since the object last changed. The percentage is 10%  
by default:  
freshness limit = F * (Date - Last-Modified)  
In the above formula, the Dateheader provides the date the object was sent  
to the appliance and the Last-Modifiedheader provides the date the object  
was last modified on the origin server.  
116  
Intel NetStructure Cache Appliance Administrator’s Guide  
         
For example, if a document was last modified 32 days ago and was sent to the  
appliance two days ago, the document is considered fresh in cache for three  
days after it was sent. (This assumes a factor of 10%.) So for this situation,  
the document is considered fresh for one more day.  
that have not changed for long periods, cache administrators might want to  
place an upper boundary on the freshness limit. With this boundary in place  
the freshness limit becomes the smaller of the two values: the boundary or the  
computed freshness limit. For information on how to configure an upper  
boundary, refer to the Freshness section of the Configure: Cache page of the  
Default test:  
For documents that do not have Expiresheaders or do not have both Last-  
Modifiedand Dateheaders, you can specify an absolute freshness limit in  
the Freshness section of the Configure: Cache page. See Freshness‚ on  
page 36.  
Revalidate rules:  
Revalidate rules apply specific freshness limits to specific HTTP or FTP  
objects. From the command-line interface, you can set freshness limits for  
objects originating from particular domains or IP addresses, objects with  
URL addresses that contain specified regular expressions, and objects  
requested by particular clients. See Configuring caching rules‚ on page 79.  
Deciding whether to serve HTTP objects  
Even though a document might be fresh in the cache, clients or servers could  
have constraints that prevent them from retrieving the document from the cache.  
For example, a client might request that a document not come from a cache, or if  
it does, the document cannot have been cached for more than 10 minutes.  
The Intel NetStructure Cache Appliance bases the servability of a cached  
document on Cache-Controlheader fields. These headers can appear in both  
client requests and server responses.  
The following cache-control header fields affect whether objects are served:  
  The no-cachefield, sent by clients, tells the appliance to serve no objects  
directly from the cache; always revalidate.You can configure the appliance to  
ignore client no-cache fields. See Cache activation‚ on page 35.  
  The max-agefield, sent by servers, is compared to the document age; if the  
age is less than the max-age, the document is fresh and can be served.  
Appendix A Caching Solutions and Performance  
117  
   
  The min-freshfield, sent by clients, is an acceptable freshness tolerance.  
The client wants the object to be at least this fresh. If a cached document does  
not remain fresh at least this long in the future, it is revalidated.  
  The max-stalefield, sent by clients, permits the appliance to serve stale  
documents provided they are not too old. Some browsers might be willing to  
take stale documents in exchange for improved performance, especially  
during periods of poor Internet availability.  
The appliance applies Cache-Controlservability criteria after HTTP freshness  
criteria. For example, a document might be considered fresh, but if its age is  
greater than its max-age, it is not served.  
Configuring HTTP freshness options  
Cache Appliance:  
  How often to revalidate (when to consider objects stale). See Configuring  
HTTP revalidation below.  
  Whether to cache documents without freshness information. See Configuring  
  Whether to use an upper boundary to determine if the Last-Modified / Date  
freshness limit is too long.  
  What absolute freshness lifetime to use when estimating the freshness of  
documents without Expiresor Last-Modifiedheaders.  
See Freshness‚ on page 36 for instructions.  
Configuring HTTP revalidation  
The following HTTP revalidation options are available:  
  Always revalidate (everything is considered stale).  
  Never revalidate (everything is considered fresh).  
  Revalidate all objects without Expiresheaders. Evaluate the freshness of  
objects with Expiresheaders by first checking the Expiresheader, and  
then checking Cache-Controlheaders.  
118  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
  Evaluate freshness as follows:  
1
Use the Expiresheader test, if applicable, otherwise go to step 2. If the  
object is stale, revalidate. If it is fresh, check the Cache-Controlheaders.  
2
Use the Last-Modified/ Dateheader test, if applicable, otherwise go to  
step 3. If the object is fresh according to the Last-Modified/ Datetest,  
check the Cache-Controlheaders for any freshness restrictions.  
3
Use the absolute freshness limit specified in the Freshness section of the  
Configure: Cache page. Revalidate if the age is past the freshness limit.  
Configuring HTTP cachability  
The following HTTP cachability options are available:  
  Cache only documents that have Expiresheaders  
  Cache only documents that have Expiresor Last-Modifiedheaders  
  Do not restrict caching  
Caching HTTP alternates  
Some Web servers answer requests for the same URL by serving a variety of  
objects. The content of these objects can vary widely, according to whether a  
server delivers content for different languages, targets different browsers with  
different presentation styles, or delivers variable content at different times of the  
Header information identifies alternates.You can configure the Intel NetStructure  
Cache Appliance to cache all alternates according to a particular header. For  
example, if you tell the appliance to vary on the User-Agentheader, the  
appliance caches all the different user-agent versions of documents it encounters.  
To configure caching of alternates, see Variable content‚ on page 38.  
To cache or not to cache?  
Appliance to cache or not cache an object:  
NNTP  
FTP  
You can limit article caching to specific news groups. See Blocking particular  
groups‚ on page 140.  
You can configure never-cache rules for specific types of FTP documents by  
using the command-line interface. See Configuring caching rules‚ on page 79.  
HTTP  
The appliance responds to caching directives from clients and origin servers, as  
well as configured options in the Manager UI and the command-line interface.  
Appendix A Caching Solutions and Performance  
119  
         
The following table lists the HTTP caching directives that the appliance follows.  
Directive source  
Caching directives  
administration  
options  
  Don’t cache objects with URL addresses containing ?,  
;, /cgior end in .asp.  
  Don’t cache objects served in response to the Cookie:  
header.  
  Set never-cache rules from the command-line  
interface. Refer to Configuring caching rules‚ on  
page 79.  
client  
Don’t cache objects with the following request headers.  
You can override some of these directives using  
administration options.  
  Cache-Control: no-store header  
  Cookie: header  
  Authorization: header  
Web server  
Don’t cache objects with the following response headers.  
You can override some of these directives using  
administration options.  
  Cache-Control: no-store  
  www-Authenticate: header  
  Set-Cookie: header  
  Cache-Control: no-cache header  
  Pragma: no-cache header  
  Expires: header with value of 0 (zero) or a past date  
Transparent proxy caching  
In nontransparent proxy caching, client browsers must be configured to send Web  
requests to the Intel NetStructure Cache Appliance proxy. Many sites have no  
direct control over user browser settings, making it necessary for site  
administrators to tell users to configure their browsers to direct requests to the  
proxy.  
Transparency solves this problem. The transparency option enables the appliance  
browser settings. It does this by redirecting the traffic flow into the cache after it  
This section provides the following:  
  An overview of how the appliance serves requests transparently. See Serving  
requests transparently‚ on page 121.  
  A discussion of interception strategies supported by the Intel NetWorking  
Cache Appliance. See Interception strategies‚ on page 121.  
120  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
  Information on how the ARM changes packet addresses. See ARM  
redirection‚ on page 125.  
  A description of the appliance’s adaptive bypass scheme. See Appliance  
adaptive bypass‚ on page 126.  
Here’s how the Intel NetStructure Cache Appliance transparent interception  
works:  
Step 1  
Step 2  
Step 3  
The appliance intercepts client requests to origin servers. Several appliance  
deployment methods exist so that interception can take place. See Interception  
strategies‚ on page 121 for details.  
The Adaptive Redirection Module (ARM) redirects requests destined for origin  
servers to the appliance application. See ARM redirection‚ on page 125 for  
details.  
A very small number of clients and servers do not work correctly through  
proxies. The appliance identifies these problem clients and servers dynamically,  
and the ARM adaptively disables interception for these clients and servers,  
passing their traffic unimpeded to the original server. Also, clients and servers  
can be manually exempted from caching by configuring the ARM. See Adaptive  
interception bypass‚ on page 126 for more information.  
Step 4  
Step 5  
The appliance receives and begins processing the intercepted client requests as  
usual. If a request is a cache hit, the appliance serves the requested document or  
news article. If a request is a miss, the appliance retrieves the document from the  
origin server and serves it to the client.  
On the way back to the client, the ARM changes the source IP address to the  
Interception strategies  
Appliance are:  
  Layer 4-aware switch. See Using a layer 4-aware switch to filter  
transparency requests‚ on page 122.  
  Cisco IOS-based router using the Web Cache Control Protocol (WCCP). See  
Using a WCCP-enabled router for transparency‚ on page 123.  
  Policy-based routing. See Using policy-based routing to filter transparency  
requests‚ on page 124.  
How client request traffic reaches the appliance depends on network topology. In  
a complex network, you must decide which clients are to be served transparently  
and make sure that the appliance is positioned to intercept their requests. The  
Appendix A Caching Solutions and Performance  
121  
       
appliance, or routers or switches feeding it, is often deployed at a major artery or  
aggregation pipe to the Internet.  
The following sections provide more details about the Intel NetStructure Cache  
Appliance’s transparency routing solutions.  
Using a layer 4-aware switch to filter transparency requests  
Layer 4-aware switches can rapidly redirect supported protocols to the Intel  
NetStructure Cache Appliance, while passing all other Internet traffic through  
directly to its destination. Figure 3 illustrates this scenario for HTTP.  
Layer 4-aware switches offer the following features, depending on the particular  
switch:  
  A layer 4-aware switch can sense downed hosts on the network and redirect  
traffic.  
  Single layer 4-aware switches that feed several appliances balance loads  
among the nodes. Different switches might use different load-balancing  
methods, such as round-robin or hashing. If a node goes down, the switch  
automatically redistributes the load. When the node returns to service, some  
switches automatically return the node to its previous workload, so that the  
node cache need not be repopulated; this feature is called cache affinity.  
Intel recommends that you do not enable the virtual IP failover in this  
situation, because layer 4-aware switch failover is already in operation.  
Internet  
end users  
L4 switch  
all  
all  
80  
Intel NetStructure Cache Appliance  
Using a layer 4-aware switch to filter HTTP requests  
Figure 3  
122  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Using a WCCP-enabled router for transparency  
A WCCP 2.0-enabled router can send all port 80 (HTTP) traffic to the Intel  
NetStructure Cache Appliance, as shown in Figure 4. After the WCCP router  
sends port 80 traffic, the ARM readdresses port 80 to the appliance proxy port (by  
default, port 8080). Then the appliance processes the request as usual, retrieving  
the requested document from the cache if it is a hit and sending the response back  
to the client. Along the way, the ARM readdresses the proxy port in the response  
header to port 80 (undoing the readdressing it did on the way to the appliance).  
The user then sees the response exactly as if it were sent directly from the origin  
server. In addition to port 80 (HTTP) traffic, WCCP 2.0 supports more protocols  
including NNTP (port 119 traffic).  
internet  
Cisco IOS router  
end users  
all  
all  
80  
switch or hub  
Intel NetStructure Cache Appliance 1, 2, and 3  
Figure 4  
Using a Cisco IOS router to send port 80 traffic to several Intel NetStructure  
Cache Appliances  
WCCP provides the following routing benefits:  
  The WCCP-enabled router and the appliance exchange heartbeat messages,  
letting each other know they are running. The WCCP router automatically  
reroutes port 80 and port 119 traffic if the appliance goes down.  
  If several appliances receive traffic from a WCCP router, WCCP balances the  
load among them. The group of appliances is called a WCCP cache farm.  
Appendix A Caching Solutions and Performance  
123  
   
  The appliance handles node failure in WCCP cache farms. If one node goes  
down, its load is redistributed among the remaining nodes.  
  In WCCP, you can use multiple routers. Traffic flowing through multiple  
routers can share the same pool of caches.  
In Figure 4, appliances 1, 2, and 3 form a WCCP cache farm.  
If the appliance in the WCCP-enabled routing scheme has an ARM bypass rule,  
the rule causes the appliance to forward particular client requests directly to the  
origin server, bypassing the appliance. Bypassed requests are unchanged by the  
ARM; they retain their client source IP addresses. See Adaptive interception  
bypass‚ on page 126 for details.  
In WCCP 2.0, you can exclude certain router interfaces from redirection. The  
appliance bypass rules can work if you exclude the router interface on which it is  
connected from using WCCP. To do so, set the router configuration command ip  
wccp redirect exclude in (refer to Cisco’s WCCP documentation for  
information about router configuration).  
If a WCCP router serves several nodes, as in Figure 4, the router balances their  
loads. The router sends each node requests aimed at a particular range of IP  
addresses, so that each node is responsible for caching content residing at  
particular IP addresses.  
The appliance also supports cache affinity. If a node fails and then restarts, the  
appliance returns the node to its former load distribution. The node’s cache need  
not be repopulated.  
The WCCP cache farm acts as a simple form of distributed cache. A WCCP-  
enabled network device distributes traffic to individual appliances based on the IP  
address of the destination Web server. Each node caches objects requested from a  
particular set of Web servers, which belong to that node’s assigned range of  
destination IP addresses.  
Virtual IP  
failover not  
recommended  
If you are running clustered appliances, Intel recommends that you do not enable  
virtual IP failover in WCCP environments. The appliance’s WCCP failover  
mechanism handles node failures and restarts. See Virtual IP failover‚ on  
page 146 for details about virtual IP failover.  
Using policy-based routing to filter transparency requests  
Instead of the WCCP protocol, you can use the policy-routing capabilities of a  
router to send traffic to the Intel NetStructure Cache Appliance. WCCP or an L4  
switch is generally preferable to policy-based routing because it has a  
performance impact on the router and does not support load balancing or  
heartbeat messaging.  
124  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
Figure 5 illustrates policy-based routing for HTTP objects. This routing scheme  
has the following characteristics:  
  All client Internet traffic is sent to a router that feeds the appliance.  
  The router sends port 80 (HTTP) traffic to the appliance and sends the  
remaining traffic to the next hop router.  
  The ARM translates intercepted requests into appliance requests so they can  
be served.  
  Translated requests are sent to the appliance.  
  Web documents to be served transparently are readdressed by the ARM on  
the return path to the client, so that the documents appear to have come  
straight from the origin server.  
An appliance cluster with virtual IP failover adds reliability; if one node fails,  
another node can take up its transparency requests. See Virtual IP failover‚ on  
page 146.  
world wide web  
router  
end users  
non  
80  
non port:80 traffic  
all  
80  
port:80 traffic  
Intel NetStructure Cache Appliance  
Using a router to filter HTTP requests  
Figure 5  
ARM redirection  
The ARM can make two changes to an incoming packet’s address: its destination  
IP address and its destination port.  
  Typically, HTTP packet destination IPs and ports are readdressed with the IP  
address of the Intel NetStructure Cache Appliance and the appliance’s HTTP  
proxy port (usually port 8080).  
Appendix A Caching Solutions and Performance  
125  
     
  NNTP packet destination IPs are readdressed with the IP address of the  
appliance. If the appliance uses a port other than 119 for NNTP, the  
destination NNTP port is readdressed as well.  
Adaptive interception bypass  
The Intel NetStructure Cache Appliance contains an adaptive learning module  
that recognizes inter operability problems caused by transparent proxy caching  
and automatically bypasses the traffic around the proxy without operator  
intervention.  
Web proxies are very common in corporate and Internet use, so the frequency of  
inter operability problems is extremely rare. However, when problems do exist,  
the reasons usually can be attributed to the following:  
  Client software bugs (homegrown, noncommercial browsers).  
  Server software bugs.  
  Applications that send non-HTTP traffic over HTTP ports as a way of  
defeating security restrictions.  
  Server IP authentication. In this case the Web server limits access to itself to a  
few client IP addresses. Since the appliance IP address is different it cannot  
get access to the server. A server limiting IP addresses is not infrequent.  
Limitations occur because ISPs dynamically allocate client IP dial-up  
addresses and use more secure cryptographic protocols.  
Appliance adaptive bypass  
The appliance watches for certain protocol inter operability errors, and as it  
detects errors, it configures the ARM to bypass the proxy for the clients and/or  
servers causing the errors.  
In this way, the very small number of clients or servers that do not operate  
correctly through proxies are auto detected and routed around the proxy, so they  
can continue to function normally (but without the improvement of caching).  
Dynamic  
rules are  
Dynamically generated bypass rules are purged after the appliance restarts.  
temporary  
More about bypass rules  
The ARM can bypass the proxy based on the client IP address, the destination  
server IP address, or both.  
You can manually configure bypass rules to direct requests from certain clients or  
to particular servers. For example, you might want client IP addresses that did not  
pay for a caching service to be steered around the cache, while paying-clients can  
obtain the benefits of caching. Or you can remove some servers from caching  
lists, because the servers don’t want to have their pages cached.  
126  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
Static and dynamic (adaptive) bypass  
Bypass rules can be either static or adaptive. Adaptive bypass rules are  
dynamically generated if you configure the appliance to bypass in the case of  
non-HTTP port 80 traffic or HTTP errors.  
Static and  
dynamic rules  
Static and dynamic rules look exactly the same. However, the appliance creates  
dynamic rules when it encounters particular problems, such as non-HTTP port 80  
traffic or HTTP errors.  
Configuring bypass options  
You can bypass requests based on the following criteria:  
  Requests from particular users (identified by source IP addresses); set static  
source bypass rules from the command-line interface  
  Requests to particular Web sites (identified by destination IP addresses); set  
static destination bypass rules from the command-line interface  
  Requests from specific sources to specific destinations; set static  
source/destination bypass rules from the command-line interface  
Bypass rules fall into these categories:  
Source bypass:  
This rule tells the appliance to bypass a particular source IP address or range  
of IP addresses. For example, you can use this rule to bypass clients that want  
to opt out of a caching solution. Source bypass rules are not dynamically  
generated.  
Destination bypass:  
This rule tells the appliance to bypass a particular destination IP address or  
range of IP addresses. For example, these could be Web servers that use IP  
authentication based on the client’s real IP address. Destination bypass rules  
can be dynamically generated.  
Hit-rate  
impact  
Destination bypass rules prevent the appliance from caching an entire site.  
You will experience hit rate impacts if the site you bypass is popular.  
Source/destination pair bypass:  
This rule tells the appliance to bypass requests that originate from the  
specified source to the specified destination. For example, you can route  
around specific client-server pairs that experience broken IP authentication or  
out-of-band HTTP traffic problems when cached.  
Source/destination rules can be dynamically generated.  
Reducing  
hit-rate impact  
Source/destination bypass rules might be preferable to destination rules  
because they block a destination server only for those particular users that  
experience problems.  
Appendix A Caching Solutions and Performance  
127  
     
Server acceleration  
In Web proxy caching, the Intel NetStructure Cache Appliance handles arbitrary  
Web requests to distant Web servers on behalf of a set of users. Server  
acceleration (also known as reverse proxy caching or virtual Web hosting) is  
slightly different. In server acceleration, the appliance is the Web server to which  
the user is trying to connect. The Web server host name resolves to the appliance,  
which is acting as the real Web server.  
Having a fast, scalable, fault-tolerant appliance absorb the main Web server  
request traffic can improve the speed and quality of service of Web serving,  
reducing load and hot spots on the backup Web servers, while still maintaining  
the publishing environment available on the backup Web servers.  
If the appliance has the desired object in cache, it serves the document quickly. If  
the document is not in cache, the appliance requests the document from another  
backup Web server that has all the content. A configuration table specifies which  
backup Web server has the required content.  
A Web host can maintain a scalable appliance serving engine and maintain a set  
of low-cost, low-performance, less reliable PC Web servers as the backup  
servers. A single appliance can act as the virtual Web server for multiple backup  
Web servers, as shown in Figure 6.  
requests for  
world wide web  
www.janes_books.com  
and jazz.flute.org  
resolve to virtual IP of  
Intel NetStructure  
Cache Appliance  
server  
real.janes_books.com  
Intel  
NetStructure  
Cache  
The Intel NetStructure  
server  
Cache Appliance serves  
documents on behalf of  
real.janes_books.com  
and big.server.net  
big.server.net hosts jazz.flute.org  
Appliance  
Figure 6  
Intel NetStructure Cache Appliances as server accelerator (reverse proxy) for  
a pair of Web servers  
128  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Advantages of server acceleration  
Server acceleration advantages are similar to Web proxy caching:  
  The appliance is optimized for speed and multiple user connections and can  
be deployed close to users.  
  Serving cached documents saves network bandwidth.  
Server acceleration offers the following server advantages:  
  Web servers can be off-loaded, providing overload insurance. An appliance  
cluster dynamically mirrors content from heavily loaded Web servers.  
  Web administration is centralized. Administrators maintain the Web server(s)  
being accelerated, and the appliances do the job of distributing content.  
Note  
Server acceleration described here applies to HTTP requests.  
How server acceleration works  
When a browser makes a request, it normally sends that request directly to the  
origin server. When the appliance is in reverse proxy mode, it must intercept the  
request for that origin server.  
Interception occurs by setting up the DNS entry for the origin server (the origin  
server’s advertised host name) to resolve to the appliance’s IP address. If the  
appliance is clustered, using a virtual IP address provides added reliability (if a  
node fails, another node takes on the virtual IP address of the failed node).  
When the appliance is set up as the Web server, the browser connects to it rather  
than to the origin server (see Figure 6). The origin server cannot have the same  
name as the advertised host name, or there would be a DNS conflict.  
Retrieving requested documents  
Because the appliance is advertised as the origin server, it needs to act as a Web  
server rather than a proxy server, meaning that it receives server requests, not  
proxy requests. In this case, the appliance constructs a proxy request from the  
server request and then satisfies the proxy request.  
In HTTP, server requests differ from proxy requests. The main difference is that  
server requests don’t specify the entire URL, just the path. A server request might  
look like this:  
GET /index.html HTTP/1.0  
HOST: real.janes_books.com  
Appendix A Caching Solutions and Performance  
129  
     
Whereas the corresponding proxy request would look like this:  
GET http://real.janes_books.com/index.html HTTP/1.0  
HOST: real.janes_books.com  
The appliance can construct a proxy request from a server request by using the  
You might have noticed a small problem. The correct proxy request must contain  
the host name of the origin server, not the advertised host name that names  
servers associated to the appliance. The advertised host name is what appears in  
the host header. For example, for the origin server real.janes_books.comin  
Figure 6, the server request and host header would be:  
GET /index.html HTTP/1.0  
HOST: www.janes_books.com  
And the correct proxy request should be:  
GET http://real.janes_books.com/index.html HTTP/1.0  
HOST: real.janes_books.com  
Document  
routing  
rewrite rules  
To translate www.janes_books.comto real.janes_books.com, the  
appliance needs a set of document routing rewrite rules by which it can refer to  
the full paths on the Web servers it is accelerating. These rules are stored in the  
remap.configfile. In the preceding example, the rule to map  
www.janes_books.comto real.janes_books.comwould be:  
map www.janes_books.com real.janes_books.com  
Two types of rules exist: map rules and reverse-map rules.  
  Map rules specify the location of content that the appliance is accelerating;  
they enable the appliance to translate a URL requested by a client into one  
that represents the accelerated content.  
  Reverse-map rules translate origin server redirects to clients. If an origin  
server sends a redirect response to a client, the appliance translates the  
redirect so that the client is redirected to the appliance, instead of being  
redirected around it. For more information on reverse-map rules, see Web  
server redirects‚ on page 131.  
For detailed descriptions of both map rules and reverse-map rules, see  
Understanding server acceleration mapping rules‚ on page 132 and Examples of  
rules and translations‚ on page 133.  
The map rule for the other Web server illustrated in Figure 6, big.server.net,  
which hosts jazz.flute.org, might look as follows:  
map jazz.flute.org big.server.net/jazz/  
130  
Intel NetStructure Cache Appliance Administrator’s Guide  
This map rule specifies the path /jazzfor jazz.flute.orgon the server  
big.server.net.  
Generally, you use reverse proxy mode to support more than one origin server. In  
this case, all of the advertised host names resolve to the IP address or virtual IP  
address of the appliance (see Figure 6). Using host headers, the appliance is able  
those servers.  
If the appliance receives requests from older browsers that do not support host  
headers, then it can route these requests directly to a specific server, or send the  
browser to a URL containing information about the problem. See Setting server  
accelerator options‚ on page 43.  
Web server redirects  
Web servers often send redirect responses back to browsers. Redirects tell  
browsers to go to different pages. Web servers redirect for a variety of reasons.  
One reason is to balance server load. For instance, if a server is overloaded, it  
might redirect browsers to a less loaded server. Another reason might be when  
Web pages have moved to different locations. When the appliance is configured  
in server acceleration mode, it must readdress redirects from origin servers so  
that browsers are redirected to the appliance, not to another Web server.  
To readdress redirects, the appliance uses reverse-map rules. For example, the  
reverse-map rule required to convert redirects from real.janes_books.com  
(if the appliance assumes the associated name www.janes_books.com) would  
be:  
In general, when setting up document rewrite rules, each map rule should have  
You create and modify document reverse-map rules from the Server Acceleration  
section of the Routing page. See Setting server accelerator options‚ on page 43  
for more information on how to create reverse-map rules. For more information  
about how reverse-map rules work, see the following section, Examples of rules  
and translations.  
Appendix A Caching Solutions and Performance  
131  
   
Understanding server acceleration mapping rules  
Rewrite rules each consist of three space-delimited fields: type, target, and  
replacement.  
  Typeindicates the type of rule.  
  Targetspecifies the URL from which the request originates.  
  Replacementspecifies the URL the appliance uses in place of the target  
URL.  
Using map  
rules  
When the appliance receives a request as a server accelerator, it first constructs a  
complete request URL from the relative URL and its headers. The appliance then  
compares the complete request URL with its list of target (from) URL addresses,  
looking for a match. For the request URL to match a target URL, the following  
conditions must be true:  
  The scheme of both URL addresses must be the same.  
  The host in both URL addresses must be the same.  
If the request URL contains an unqualified hostname, it will never match a  
target URL with a fully qualified host name.  
  The ports in both URL addresses must be the same.  
If no port is specified in a URL, the default port for the scheme of the URL is  
used.  
  The path portion of the target URL must match a prefix of the request URL.  
If the appliance finds a match, it translates the request URL into the replacement  
URL in the rule. It sets the host and path of the request URL to match the  
replacement URL. The appliance removes the prefix of the path that matched the  
target URL and substitutes for it the path from the replacement URL.  
Note  
Cross-scheme mappings are not permitted. For example, you cannot map HTTP  
requests to FTP replacements.  
Using  
reverse-map  
rules  
Reverse mappings rewrite the location headers in origin server responses instead  
of the headers in the user agent requests. Origin servers use location headers to  
redirect clients to another location.  
For example if there is a directory /pubon an origin server at  
www.molasses.com, and a user agent sends the request to that server for /pub,  
the server will probably reply with a redirect to http://www.test.com/pub/  
to let the client know that it was a directory it had requested, instead of a  
document. (A common use of redirects is to normalize URL addresses so that  
clients can bookmark documents properly.)  
The appliance uses reverse mappings to prevent redirects from origin servers  
from causing clients to bypass the appliance in favor of direct access to the origin  
servers.  
132  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
In a typical Server Accelerator configuration, there should be a reverse-map rule  
for every map rule, with the origin URL and replacement URL of the map rule  
reversed.  
Examples of rules and translations  
The following examples illustrate several important cases of rewrite rules.  
This map rule does not specify a path prefix in the target or replacement:  
map http://www.x.com/ http:/server.hoster.com/x/  
Example 1  
This rule results in the following translations:  
User Request  
Translated Request  
http://www.x.com/Widgets/  
index.html  
http://server.hoster.com/x/Widgets/  
index.html  
http://www.x.com/cgi/form/  
submit.sh?arg=true  
http://server.hoster.com/x/cgi/  
form.submit.sh?arg=true  
Example 2  
Map rules with path prefixes specified in the target:  
map http://www.y.com/marketing http://marketing.y.com/  
map http://www.y.com/sales http://sales.y.com  
map http://www.y.com/engineering http://engineering.y.com/  
map http://www.y.com/ http://info.y.com/  
These rules result in the following translations:  
User Request  
Translated Request  
http://www.y.com/marketing/projects/  
manhattan/specs.html  
http://marketing.y.com/projects/  
manhattan/specs.html  
http://www.y.com/marketing/projects/  
boston/specs.html  
http://info.y.com/marketing/projects/  
boston/specs.html  
http://www.y.com/engineering/  
marketing/requirements.html  
http://engineering.y.com/marketing/  
requirements.html  
Example 3  
The order of the rules matters:  
map http://www.g.com/ http://external.g.com/  
map http://www.g.com/stuff http://stuff.g.com  
These rules result in the following translation:  
User Request  
Translated Request  
http://www.g.com/stuff/a.gif  
http://external.g.com/stuff/a.gif  
Appendix A Caching Solutions and Performance  
133  
 
In these examples, the second rule is never applied because all URL addresses  
that match the second rule also match the first rule. The first rule takes  
precedence because it appears earlier in the remap.configfile.  
Example 4  
A mapping with a path prefix specified in the target and replacement:  
map http://www.h.com/a/b http://server.h.com/customers/x/y  
This rule results in the following translation:  
User Request  
Translated Request  
http://www.h.com/a/b/c/d/  
doc.html  
http://server.h.com/customers/x/y/c/d/  
doc.html  
http://www.h.com/a/index.html  
Translation fails  
Example 5  
Reverse mapping:  
map http://www.x.com/ http://server.hoster.com/x/  
reverse_map http://server.hoster.com/x/ http://www.x.com/  
These rules result in the following translations:  
User Request  
Translated Request  
http://www.x.com/  
Widgets  
http://server.hoster.com/x/Widgets  
User Request  
Origin Server Header  
Translated Header  
http://www.x.com/  
Widgets  
http://server.hoster.com/ http://www.x.com/  
x/Widgets/  
For  
browsers that  
do not support  
host headers  
When accelerating multiple servers, the appliance is unable to route to URL  
addresses from older browsers that do not send the Host:header. The best  
solution is to direct the user to a page that explains the situation and advises a  
browser upgrade or provides a link directly to the origin server, bypassing the  
appliance. For information on how to do this, see Setting server accelerator  
options‚ on page 43.  
134  
Intel NetStructure Cache Appliance Administrator’s Guide  
Understanding cache hierarchies  
Cache hierarchies consist of levels of caches that communicate with each other.  
Hierarchical caching can give you information about the local access  
requirements of your users; this information might not appear in a large central  
cache. The Intel NetStructure Cache Appliance supports several types of cache  
hierarchies, but all cache hierarchies recognize the concepts of parent and child  
caches.  
In a cache hierarchy a parent cache is a cache higher up, to which the appliance  
appliance is a parent.  
In the event of a cache miss, instead of forwarding the request to a distant origin  
server, it might be faster to try another nearby cache in the hierarchy. If a  
forwarded request is a miss on the parent cache, the parent cache forwards the  
request to the origin server. See Figure 7‚ on page 136 for an illustration. The  
appliance supports multiple parent caches; if a request misses on all parents, the  
appliance chooses a specific parent to forward the request to the origin server.  
The Intel NetStructure Cache Appliance can function as a member of the  
following cache hierarchies:  
  HTTP cache hierarchy  
  ICP (Internet Cache Protocol) hierarchy  
  NNTP hierarchy  
The following sections describe these cache hierarchies.  
HTTP cache hierarchies  
The Intel NetStructure Cache Appliance supports HTTP cache hierarchies, using  
other Intel NetStructure Cache Appliances or even other caching products as  
parents or children in a chain of interdependent caches.You can create small,  
regional caches (for an organizational department or for users in a defined  
geographic area), and link them to larger parent caches, defining larger areas.  
If a regional cache does not have a requested document (a cache miss) and HTTP  
parent caching is enabled, the appliance forwards the HTTP request to a parent  
cache in the hierarchy rather than contacting the origin server. If the parent cache  
(or caches) cannot serve the object they can forward the request to other caches  
further up in the hierarchy.  
The appliance supports multiple HTTP parent caches and parent failover. This  
feature gives the appliance a sequence of parent caches to query if the first parent  
cache misses.  
Appendix A Caching Solutions and Performance  
135  
             
For information on how to enable parent caching from the Manager UI, see the  
parent caching section on the Configure: Routing page (see Setting HTTP  
parent caching options‚ on page 40). For information on how to enable parent  
failover using the command-line interface, see Controlling parent proxy caching‚  
on page 89.  
New York  
Intel NetStructure Cache Appliance  
returned  
3
document  
cache  
hit  
parent cache  
Baltimore  
Intel NetStructure Cache Appliance  
request  
1
cache  
miss  
2
end user  
Figure 7  
forwarded request  
A cache hierarchy in action  
ICP cache hierarchies  
Internet Cache Protocol (ICP) is a protocol for proxy caches to exchange  
information about their content. ICP query messages ask other caches if they are  
storing a particular URL. ICP response messages reply with a hit or miss answer.  
Peer,  
sibling, and  
parent caches  
ICP hierarchies employ sibling caches as well as parent caches. Sibling caches  
exist at the same hierarchical level, while parent caches exist one level up in the  
hierarchy. A cache exchanges ICP messages only with specific ICP peers. An ICP  
peer can be a sibling cache or a parent cache.  
If the Intel NetStructure Cache Appliance has ICP enabled, it sends out ICP  
queries to its sibling caches in the event of a cache miss on an HTTP request. If  
there are no hits on siblings, the appliance sends ICP queries to ICP parents. If  
there are no hits on ICP parents, the appliance forwards the request to its HTTP  
parents. If there are no HTTP parent caches established, the appliance forwards  
the request to a selected ICP parent cache (which resolves the request by  
communicating with the origin server).  
136  
Intel NetStructure Cache Appliance Administrator’s Guide  
         
How an ICP  
hit can be a  
miss  
If the appliance receives a hit message from an ICP peer, then it sends the HTTP  
request to that peer. It might turn out to be an actual miss, because the original  
HTTP request contains header information that is not communicated by the ICP  
query. For example, the hit might not be the requested alternate. If an ICP hit  
turns out to be a miss, the appliance forwards the request to either its HTTP  
parent caches or to the origin server.  
For information on now to enable and configure ICP options using the Manager  
UI, see the ICP section of the Configure: Routing page (see Setting ICP options‚  
on page 41). For information on how to configure ICP options using the  
command-line interface see Configuring and maintaining ICP peers‚ on page 84.  
NNTP cache hierarchies  
Using an Intel NetStructure Cache Appliance as parent to another group of  
appliances can reduce load on a parent news server and take advantage of the  
large number of concurrent connections that server supports.  
Bombay  
Intel NetStructure  
Cache Appliance  
Parent Cache  
Parent  
NNTP  
Server  
Zurich  
London  
Paris  
Madrid  
Oslo  
Intel NetStructure Cache Appliance Child Caches  
Figure 8  
Hierarchy of news caching servers  
In Figure 8 above, the parent news server for each of the child appliances is the  
parent appliance. The parent appliance is a child cache to the distant parent news  
server.  
Appendix A Caching Solutions and Performance  
137  
   
News article caching  
The Intel NetStructure Cache Appliance can function as a news server or a  
caching news server. News, also known as USENET and discussions, is a system  
of online discussion groups. NNTP is the protocol used to retrieve and distribute  
these discussion groups. The appliance supports NNTP as specified in RFC 977  
and many common and proposed extensions.  
To read news articles, users need a news reader, such as Netscape Communicator  
or Microsoft Internet Explorer, and access to a news server. The appliance is a  
caching news server. It can be configured to sit transparently between users and a  
parent or backing news server, increasing responsiveness for the user and  
decreasing network bandwidth use and the load on the parent news server.  
Intel NetStructure  
Cache Appliance  
users  
Intel NetStructure  
Cache Appliance  
Parent  
NNTP  
Server  
users  
Figure 9  
Intel NetStructure Cache Appliances caching news articles for a distant  
NNTP server  
The appliance provides many options that you can configure for supporting  
parent NNTP servers. The rest of this section describes the appliance’s NNTP  
features.  
138  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
The appliance as a news server  
As a news server, the Intel NetStructure Cache Appliance does the following:  
  Maintains lists of supported news groups  
  Accepts news feeds for each supported news group  
  Serves requested articles to users  
  Accepts and numbers user postings to the supported news groups  
The appliance as a caching proxy news server  
As a caching proxy news server for a particular news server, the Intel  
NetStructure Cache Appliance does the following:  
  Maintains lists of the news groups on its parent NNTP servers. You can  
configure the frequency that the appliance updates its copies of group lists.  
  Caches and serves article overview lists on demand. You can also tell the  
appliance to pull article overview lists from the parent news server  
periodically.  
  Caches and serves articles on demand. The appliance can also accept news  
feeds, like any news server.  
  Caches and serves miscellaneous LIST files, such as subscription files.  
  Sends user postings to the parent news server.  
When clients issue news requests, the appliance intercepts these requests and  
serves them from its cache, reducing traffic to parent news servers. If a particular  
overview or article is not in the cache, the appliance forwards requests to the  
parent server.  
Supporting several parent news servers  
The Intel NetStructure Cache Appliance can cache articles for several news  
servers.You specify the parent news servers for the appliance from the command-  
line interface (see Configuring NNTP servers‚ on page 65). For each parent news  
server, the appliance can cache some or all of that server’s news groups.  
Appendix A Caching Solutions and Performance  
139  
       
Some of the possible parent configurations that the appliance supports are as  
listed below:  
Several news servers supplying the same groups:  
Several news servers can be configured to redundantly serve the same groups,  
providing enhanced reliability. The appliance provides the following features  
for managing these configurations:  
 
 
Priorities  
If the appliance has to contact a parent news server for information  
about a group supplied by several news servers, then it contacts the  
news server with the highest priority.  
Round-robin  
If several parent news servers supplying the same group have the same  
priority, the appliance selects a parent news server in round-robin  
fashion.  
 
 
Failover  
If a request to a parent server fails, the appliance tries the next server in  
the round robin (of the same priority) and then servers of lower priority.  
Background retries  
Failed servers are retried in the background and are used (restored to  
their specified priority) when they become available.  
Several servers supplying different groups:  
Several news servers can be configured with news servers supplying different  
(disjoint) groups. You can use this feature to spread the load based on group.  
Nonstandard ports and network interfaces  
You can configure the interface from which to connect to a parent news server  
port. You can also configure the port on the parent server to which the  
appliance connects.  
Blocking particular groups  
You can block particular groups on specified news servers. Clients do not see  
blocked groups in news server group lists. For information on how to list all  
block groups by using the from the command-line interface, see Configuring  
NNTP servers‚ on page 65.  
Clustering  
You can configure large clusters of Intel NetStructure Cache Appliances to act as  
a single large virtual cache that has all the storage and serving power of the  
aggregate. The high-performance object store maintains all articles, overview  
lists, group lists, and LIST files across the cluster. This information is updated at  
configured intervals so that users and child caches see a consistent view of news.  
140  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
Two types of clusters are supported: soft clusters and management-only clusters.  
A soft cluster consists of multiple appliances that use an external clustering  
responsibilities. A management-only cluster also consists of multiple appliances  
whose functions are managed through a proprietary communications protocol  
accessible through the Manager UI. A management-only cluster does not use an  
external clustering device.  
For more information about clustering, see Clustering‚ on page 144.  
Transparency  
The Intel NetStructure Cache Appliance can transparently intercept NNTP traffic  
bound for a well known NNTP server. By transparently intercepting, caching,  
and serving the NNTP data from a centralized parent news server, the appliance  
simplifies migration and administration while both increasing responsiveness and  
decreasing network use.  
Posting  
The Intel NetStructure Cache Appliance sends user article postings to the parent  
news server. You can specify the parent news server that receives postings for a  
particular group or set of groups from the command-line interface. For  
procedural information, see Configuring NNTP servers‚ on page 65. When acting  
as the news server (accepting article feeds), the appliance accepts postings.  
With background posting, the appliance queues posted articles until the posting  
news server can accept the posted article.  
Maintaining the cache: updates and feeds  
The Intel NetStructure Cache Appliance can maintain the freshness of its cache  
by:  
  Updating its cache on demand  
  Actively retrieving (pulling) updates at configured intervals  
  Accepting news feeds  
You can configure the following options from both the Manager UI and the  
command-line interface:  
Pull the overview information for specified groups:  
For all groups designated as pullover, the server will retrieve the overview  
database information (using the OVER/XOVERcommands) automatically and  
periodically. Pulling overview information can be useful for high volume  
groups that are frequently read but from which only a subset of the articles  
are accessed.  
Appendix A Caching Solutions and Performance  
141  
           
Pull the articles for specified groups:  
For all groups designated as pull, the appliance will retrieve the articles  
automatically and periodically. Pulling groups is useful when you do not  
want to or cannot set up a full or partial feed.  
Dynamically subscribe to specified groups:  
The appliance can monitor the usage pattern for groups, and those for which  
the overview database is very frequently accessed can be treated as pullover  
groups. Likewise, those for which the articles are very frequently accessed  
can be treated as pull groups.  
Take a partial feed (push) for specified groups:  
For all groups designated as push, the appliance verifies that it has any  
requested articles and retrieves them from the parent server if they are not  
available locally. Partial feeds are useful for groups where some articles are  
always accessed, or for shifting article transport to a time of day when  
bandwidth is cheaper or more plentiful.  
Take a full feed for some or all groups:  
For all groups designated as feed, the appliance does not connect to the parent  
news server, and instead acts like a conventional news server. In particular, if  
a cache miss occurs, the appliance does not forward the request to a parent  
news server.  
You can use full feeds for very high volume groups in which most or all the  
articles are accessed. You can also use them for shifting article transport to a  
Caution  
Taking a full feed is not recommended as the server will have no way to  
retrieve an article if it is lost for any reason (e.g. such as lack of space or  
hardware failure).  
For information on how to configure update frequencies by using the Manager  
UI, see the Configure: Protocols page (Using the Protocols page‚ on page 30).  
For information on how to control the appliance’s caching behavior for specific  
news groups from the command-line interface, see Configuring NNTP servers‚  
on page 65.  
Configuring Access control  
You can configure different types of user authentication based on source domain,  
host name, or IP range from the command-line interface. See Configuring NNTP  
access‚ on page 69 for more information.  
142  
Intel NetStructure Cache Appliance Administrator’s Guide  
         
Obeying NNTP control messages  
By default, the Intel NetStructure Cache Appliance periodically checks the parent  
server for new groups, cancelled articles, and new articles for nonfeed news  
groups. If you have enabled these periodic checks in the Configure: Protocols  
page, you do not need to configure the appliance to obey NNTP control  
messages. See Configuring NNTP‚ on page 31 for more information.  
However, you can configure the appliance to obey NNTP control messages. In  
particular, you can enable the appliance to obey cancel, addgroup, and  
rmgroup messages in the Configure: Protocols page of the Manager UI. For  
example, if you select Obey cancel control messages, the appliance pulls  
cancelmessages automatically to obey them.  
Client bandwidth throttling  
You can limit the amount of bandwidth allotted to clients for downloading  
articles. Clients that attempt to exceed the bandwidth limit will have each  
operation slowed to keep their bandwidth consumption to the limit. See  
Configuring NNTP‚ on page 31 for more information.  
Carrier-class architecture  
The Intel NetStructure Cache Appliance is designed for carrier class operation. It  
offers the following:  
  High performance  
  High availability  
  Node fault tolerance  
  Expansion capabilities  
  Centralized management  
Performance  
By combining Intel NetStructure Cache Appliance nodes into clusters, you can  
multiply individual performance. The following sections describe the appliance’s  
performance features.  
Self-tuning DataFlow core  
A streaming DataFlow I/O core transfers data to and from disk and network  
connections. This core adapts to both TCP network dynamics and disk  
performance dynamics to result in fast and continuous data flow through  
many thousands of simultaneous connections.  
Appendix A Caching Solutions and Performance  
143  
             
Fine-grained parallelism  
The appliance uses a highly parallel application that can manage hundreds of  
thousands of concurrent activities by combining kernel multithreading with  
an internal scheduling system called Nanothreading.  
Raw-disk object store  
The appliance stores all cached documents in a custom, high-speed database  
called the object store. The object store is a streaming database that supports  
storing alternate versions of the same object, varying on spoken language or  
browser type.  
Alias-free caching  
The object store uses content-fingerprinting technology to recognize when  
two URL addresses refer to the same content, and shares the content copy in  
cache. Thus, the appliance caches identical content only once. The alias-free  
cache frees cache space and provides a higher aggregate hit rate for the same  
cache size.  
Fast space reclamation  
A space-reclamation algorithm ensures the appliance collects and removes  
stale data. This garbage collection runs continuously and in real time.  
RAM caching  
To serve popular objects fast and reduce load on disks, the appliance  
maintains a small RAM memory cache of extremely popular objects.  
Clustering  
The appliance uses soft clustering and managed clustering to meet the  
performance needs of today and to scale to the needs of tomorrow. You can  
increase the Intel NetStructure Cache Appliance performance incrementally  
by adding new nodes to the cluster. For more information about clustering,  
see Clustering‚ on page 140.  
Fast DNS resolver  
The appliance includes a fast, asynchronous DNS resolver to streamline  
conversion of host names to IP addresses.  
Host database  
The appliance maintains a database of information about  
 
 
 
 
Internet hosts  
DNS information  
HTTP versions of hosts  
Host reliability and availability information  
For information about how you can configure the host database, see Using the  
Host Database page‚ on page 44.  
144  
Intel NetStructure Cache Appliance Administrator’s Guide  
             
Advanced protocol features  
The appliance supports  
 
Performance features of the emerging HTTP 1.1 protocol, such as  
 
A rich set of commands to optimize the performance of NNTP  
browsing, including support for RFC 977, such as the OVER, PAT,  
XREPLIC and NEXT/PREV commands, and all common extensions.  
 
 
Caching of all NNTP data types and reception of news article feeds. See  
News article caching‚ on page 138.  
FTP caching, Internet Cache Protocol (ICP) messaging, and the SNMP  
protocol for network management.  
The appliance contains a high-speed core TCP/IP network packet engine  
called the Adaptive Redirection Module (ARM). This packet engine supports  
high-speed interception of traffic for transparency, supports automatic bypass  
of sites that do not function properly with proxy caches, and efficiently  
streams data to the Intel NetStructure Cache Appliance. See Transparent  
proxy caching‚ on page 120 for more information.  
High-availability  
The Intel NetStructure Cache Appliance contains high-availability features that  
work together to increase reliability, minimizing the impact of hardware or  
software failures. The following sections describe these features.  
Alarms  
The appliance signals an alarm for any detected failure condition. Alarms are  
presented on the Manager UI, and can be configured to send email or page  
support personnel.  
Pending alarms are indicated on the Dashboard of the Manager UI as a red lamp,  
as shown in Figure 10.  
Appendix A Caching Solutions and Performance  
145  
     
Figure 10 The Monitor Dashboard  
The appliance also supports email notification for alarms. You set the email  
address to which alarms are sent from the command-line interface.  
Virtual IP failover  
The virtual IP failover option is available to clustered Intel NetStructure Cache  
Appliances. When virtual IP failover is enabled, the appliance maintains a pool of  
virtual IP addresses that it assigns to the nodes in the cluster. These addresses are  
virtual only in the sense that they are not tied to a specific machine; the appliance  
has the flexibility to assign them to any node in the cluster. To the outside world,  
these virtual IP addresses are the addresses of the appliance cluster.  
The appliance handles virtual IP failover in the following ways:  
  By maintaining cluster communication. Nodes automatically exchange  
statistics and configuration information through multicast communication. If  
multicast heartbeats are not received from one of the cluster nodes, the other  
nodes recognize it as unavailable.  
  By reassigning IP addresses of failed nodes to operational nodes within  
approximately 30 seconds. This feature allows service to continue without  
  By using the ARP rebinding process to handle IP reassignment. With this  
process, the IP addresses are assigned to new network interfaces, and the new  
assignment is broadcast to the local network.  
You assign virtual IP addresses through the Manager UI as described in Setting  
virtual IP addressing options‚ on page 26. Note that virtual IP addresses must be  
pre-reserved like all IP addresses, before they can be assigned to an appliance.  
146  
Intel NetStructure Cache Appliance Administrator’s Guide  
     
Load shedding  
Overload conditions, such as network outages, misconfigured routers, or security  
attacks, can slow down the Intel NetStructure Cache Appliance’s response time.  
to forward overload requests directly to origin servers, bypassing the cache.  
When the overload condition dissipates, the appliance automatically returns to  
full caching mode.  
You can configure the appliance to shed load if HTTP hit transaction times  
become large. See Configuring load-shedding‚ on page 28 for instructions on  
configuring load shedding options.  
Node fault tolerance  
The appliance tolerates failures on any of the cache disks. The two classes of  
failures that the appliance handles are partial disk failures and total disk failures:  
  A partial failure is one in which a small portion of a disk becomes unusable.  
If this occurs the appliance marks that portion of disk as corrupt and  
continues to use the rest of the disk while avoiding the corrupt portion.  
  A total disk failure is one in which the hard drive becomes unusable. In this  
case, the appliance marks the entire disk as corrupt and continues using the  
remaining disks.  
For either failure, an alarm is sent to the Manager UI indicating which disk failed  
so that an administrator can replace it. The appliance maintains two boot images  
should the primary drive completely fail.  
Note  
If all of the cache disks fail, the appliance operates in proxy-only mode.  
Expansion capabilities  
The Intel NetStructure Cache Appliance automatically detects the addition or  
removal of nodes.  
If you connect an additional node to a cluster, you need only install the appliance  
software on the new node, making sure that the cluster name and port  
assignments match those of the existing cluster. The new node is recognized  
automatically.  
If a node fails or is shut down and removed, and if virtual IP failover is enabled,  
then requests destined for the missing node are handled by another node in the  
cluster.  
Appendix A Caching Solutions and Performance  
147  
     
Centralized administration  
The Intel NetStructure Cache Appliance incorporates many native command and  
control features for carrier-class system management and administration. The  
following list provides an overview of these features:  
Single system image  
The appliance maintains a single system image for every node configured  
into the appliance cluster.  
Multicast management protocol  
The appliance uses a multicast management protocol to manage the cluster’s  
single system image. Information about cluster membership, configuration,  
and exceptions is shared across all managers in the cluster, and the appliance  
automatically propagates configuration changes to all nodes in the cluster.  
Node discovery  
The appliance automatically detects new appliance nodes on your network  
and adds them to the cluster, propagating the latest configuration information  
to the newcomer. This feature provides a convenient way to bootstrap new  
machines.  
Browser-based management interface  
The Manager UI is a Web-based interface that you can access through a  
browser. You can configure management access to the Manager UI through  
password authentication. See Chapter 4‚ Configuring the Appliance for  
Command-line interface  
In addition to the Manager UI, the appliance supports a command-line  
interface (CLI). The CLI provides a text-based interface that lets you  
configure the system’s network addresses and control, configure, and monitor  
the appliance. See Chapter 1‚ Using the Command-Line Interface for more  
information.  
SNMP  
The appliance supports SNMP access for reading statistics and sending traps  
(SNMP alarms). The appliance integrates into existing SNMP-managed  
networks, appearing as additional managed device.  
SNMP is a standard way of managing everything that is a part of your  
network environment. SNMP-compliant devices or agents store data about  
themselves in Management Information Bases (MIBs) and return this data to  
the SNMP managers. SNMP managers probe devices for status and SNMP  
agents report whether a device is functioning properly.  
Note  
The Intel NetStructure Cache Appliance supports two MIBs: MIB-2 (a  
standard MIB) and the Intel NetStructure Cache Appliance MIB. You can  
148  
Intel NetStructure Cache Appliance Administrator’s Guide  
   
enable SNMP access to either one or both of these MIBS on your Intel  
NetStructure Cache Appliance. See Enabling SNMP agents‚ on page 29.  
If a device fails, it can send a warning message or an SNMP trap to the  
SNMP monitoring station. All SNMP agents require you to configure the trap  
destination IP address before they can send traps. This configuration varies  
Client ACL  
In addition to supporting SSL security, the appliance also supports client  
access control lists (ACLs). The appliance serves only requests from clients  
whose IP addresses are on the ACL. You can edit the ACL from the  
command-line interface (see Chapter 1‚ Using the Command-Line Interface).  
Appendix A Caching Solutions and Performance  
149  
Appendix B  
Error Messages  
  HTML messages sent to clients‚ on page 152 describes the HTML error messages that  
the Intel NetStructure Cache Appliance sends to browser clients (not to be confused  
with standard HTTP response codes)  
  Standard HTTP response messages‚ on page 154 describes the standard HTTP  
response codes that web servers send to browser clients  
151  
       
The appliance returns detailed error messages to browser clients when there are  
problems with the HTTP transactions requested by the browser. These response  
messages correspond to standard HTTP response codes, but provide more  
information. A list of the more frequently encountered HTTP response codes is  
provided on page 154.  
The following table lists the appliance’s hard-coded HTTP messages and their  
corresponding HTTP response codes.  
HTTP  
Title  
code  
Description  
Access Denied  
403  
You are not allowed to access the  
document at location <URL>.  
Bad HTTP request for  
FTP Object  
400  
500  
504  
Bad HTTP request for FTP object.  
Cache Read Error  
Error reading from cache. Please retry  
request.  
Connection Timed Out  
Server has not sent any data for too long  
a time.  
Content Length Required 400  
Could not process this request because  
no Content-Length was specified.  
Cycle Detected  
Forbidden  
400  
403  
Your request is prohibited because it  
would cause an HTTP proxy cycle.  
<port_number> is not an allowed port  
for SSL connections.  
(You have made a request for a secure  
SSL connection to a forbidden port  
number.)  
FTP Authentication  
Required  
401  
You need to specify a correct username  
and password to access the requested  
FTP document <URL>.  
FTP Connection Failed  
FTP Error  
502  
502  
Couldnotconnecttotheserver< server  
name>.  
The FTP server <server name> returned  
an error. The request for document  
<URL> failed.  
152  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
HTTP  
code  
Title  
Description  
Host Header Required  
400  
An attempt was made to transparently  
proxy your request, but this attempt failed  
because your browser did not send an  
HTTP “Host” header. Please manually  
configure your browser to use http://  
<proxy_name>:<proxy port>  
as an HTTP proxy. Please refer to your  
browser’s documentation for details.  
Alternatively, end users can upgrade to a  
browser that supports the HTTP “Host”  
header field.  
Host Header Required  
400  
Your browser did not send a Host HTTP  
header field and therefore the virtual host  
being requested could not be determined.  
To access this web site correctly, you will  
need to upgrade to a browser that  
supports the HTTP Host header field.  
HTTP Version Not  
Supported  
505  
400  
The web server <server name> is  
using an unsupported version of the  
HTTP protocol.  
Invalid HTTP Request  
Could not process this < client  
request HTTP method> request for  
<URL>.  
Invalid HTTP Response 502  
The host <server name> did not return  
the document <URL> correctly.  
Malformed Server  
Response  
502  
502  
504  
502  
504  
The host <server name> did not return  
the document <URL> correctly.  
Malformed Server  
Response Status  
The host <server name> did not return  
the document <URL> correctly.  
Maximum Transaction  
Time exceeded  
Too much time has passed transmitting  
document <URL>.  
No Response Header  
From Server  
The host <server name> did not return  
the document <URL> correctly.  
Not Cached  
This document was not available in the  
cache, and you (the client) only accept  
cached copies.  
Not Found on Accelerator 404  
The request for <URL> on host <server  
name> was not found. Check the location  
and try again.  
NULL  
502  
The host <host name> did not return  
the document <URL> correctly.  
Appendix B Error Messages  
153  
HTTP  
code  
Title  
Description  
Proxy Authentication  
Required  
407  
Please login with username and  
password.  
Server Hangup  
502  
The server <host name> closed the  
connection before the transaction was  
completed.  
Temporarily Moved  
302  
406  
The document you requested, <URL>,  
has moved to a new location. The new  
location is <new URL>.  
Transcoding Not  
Available  
Unable to provide the document <URL> in  
the format requested by your browser.  
Tunnel Connection Failed 502  
Could not connect to the server <host  
name>.  
Unknown Error  
Unknown Host  
502  
500  
The host <host name> did not return the  
document <URL> correctly.  
Unable to locate the server named <host  
name> the server does not have a DNS  
entry. Perhaps there is a misspelling in  
the server name, or the server no longer  
exists. Double-check the name and try  
again.  
Unsupported URL  
Scheme  
400  
Cannot perform your request for the  
document <URL> because the protocol  
scheme is unknown.  
Standard HTTP response messages  
The following standard HTTP response messages are provided for your  
information. For a more complete list and descriptions, see the Hypertext  
Transfer Protocol — HTTP/1.1 Specification.  
Message  
200  
Description  
OK  
202  
Accepted  
204  
No Content  
Partial Content  
Multiple Choices  
Moved Permanently  
Found  
206  
300  
301  
302  
303  
See Other  
304  
Not Modified  
154  
Intel NetStructure Cache Appliance Administrator’s Guide  
 
Message  
400  
Description  
Bad Request  
401  
Unauthorized; retry  
Forbidden  
403  
404  
Not Found  
405  
Method Not Allowed  
Not acceptable  
Request Timeout  
Internal server error  
Not Implemented  
Bad Gateway  
406  
408  
500  
501  
502  
504  
Gateway Timeout  
Appendix B Error Messages  
155  
Glossary  
Alternates  
Cache hit  
Different versions of the same web object.  
Some web servers answer requests to the same  
URL with a variety of objects. The content of  
these objects can vary widely, depending on  
whether a server delivers content for different  
languages, targets different browsers with  
different presentation styles, or delivers  
An object in the cache that can be served  
directly to the client.  
Cache miss  
An object that is not in the cache or that is in  
the cache but no longer valid. In both cases, the  
Intel NetStructure Cache Appliance must get  
the object from the Origin server.  
variable content at different times of the day.  
ARM  
Caching web proxy server  
Adaptive Redirection Module. Used in  
transparent proxy caching, ARM is an Intel  
NetStructure Cache Appliance component that  
redirects intercepted client traffic destined for  
an origin server to the Intel NetStructure Cache  
Appliance application. Before the traffic is  
redirected by the ARM, it is intercepted by an  
L4 switch or router.  
A web proxy server with local cache storage  
that allows the proxy to fulfill client requests  
locally, using a cached copy of the origin  
server’s previous response.  
CGI  
Common Gateway Interface. A set of rules that  
describe how a web server and another piece of  
software (a CGI program) located on the same  
machine communicate.  
Cache  
Stores copies of frequently accessed objects  
close to users and serves them to users when  
requested. See also Object store.  
The most common directory name on a web  
server in which CGI programs are stored.  
Cache hierarchy  
Levels of caches that communicate with each  
other. All cache hierarchies recognize the  
concepts of Parent cache and Child cache.  
Child cache  
A cache lower in a Cache hierarchy for which  
the Intel NetStructure Cache Appliance is a  
parent. See also Parent cache.  
157  
       
Cluster  
FTP  
A group of the Intel NetStructure Cache  
Appliance nodes that are configured to act as a  
single large virtual cache. For information on  
File Transfer Protocol. A protocol based on  
TCP/IP for reliable file transfer.  
Full clustering  
Management-only clustering and Soft Cluster.  
An Intel NetStructure Cache Appliance cluster  
distributes its cache across its nodes into a  
single, virtual object store, rather than  
replicating the cache, node by node. See also  
Management-only clustering.  
Configure mode  
One of two modes in the Intel NetStructure  
Cache Appliance Manager. Configure mode  
lets you configure the Intel NetStructure Cache  
Appliance from a web browser. See also  
Monitor mode.  
Hyper Text Transfer Protocol. The client-server  
protocol upon which the World Wide Web is  
based.  
Configure page  
A web-based page that appears on the Manager  
UI when you click on an active button while in  
Configure mode. See also Monitor page.  
ICP  
Internet Cache Protocol. A protocol for proxy  
caches to exchange information about their  
content.  
Cookie  
A piece of information sent by a web server to  
a web browser. The browser software saves the  
information and sends it back to the server  
whenever the browser makes additional  
requests from the server. Cookies enable web  
servers to keep track of users.  
Intel NetStructure Cache Appliance  
Manager  
The Intel NetStructure Cache Appliance’s  
browser-based interface consisting of a series  
of web pages that enable you to monitor  
performance and change configuration settings.  
DNS  
Domain Name Service. The Intel NetStructure  
Cache Appliance includes a fast, asynchronous  
DNS resolver to streamline conversion of host  
names to IP addresses.  
IP  
Internet Protocol. The lowest-layer protocol  
under TCP/IP responsible for end-to-end  
forwarding and long packet fragmentation  
control.  
Explicit proxy caching  
A configuration option where client software  
(typically a browser) must be specifically  
configured to send web requests to the Intel  
NetStructure Cache Appliance proxy.  
IP Allow rule  
Specifies ranges of IP addresses allowed to use  
the appliance as a web proxy.  
158  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
ISP  
node and cluster information.  
Internet Service Provider. An organization that  
provides access to the Internet.  
Monitor mode  
JavaScript  
One of two modes in the Intel NetStructure  
Cache Appliance Manager. Monitor mode lets  
you monitor the Intel NetStructure Cache  
Appliance’s performance from a web browser.  
See also Configure mode.  
A network-oriented programming language  
specifically designed for writing programs that  
can be safely downloaded to your computer  
through the Internet.  
Monitor page  
L4 switch  
A web-based page that appears on the Manager  
UI when you click on an active button while in  
Monitor mode. See also Configure page.  
An ethernet switch that can control network  
traffic flow using Level 4 rules. The switch can  
intercept desired client protocol packets and  
direct them to a proxy for transparent  
operation.  
MRTG  
Multi Router Traffic Grapher. A graphing tool  
provided with the Intel NetStructure Cache  
Appliance that enables you to monitor the Intel  
NetStructure Cache Appliance’s performance.  
Manager  
A functional software module resident in the  
appliance that acts as an interface between the  
status of the appliance and the Manager UI.  
News server  
Manager Allow rule  
A web server you can access to read and post to  
usenet news groups.  
Specifies ranges of IP addresses allowed to  
access the Manager UI.  
NNTP  
Management-only clustering  
Network News Transfer Protocol. A protocol  
used to distribute, inquire, retrieve, and post  
news articles.  
An Intel NetStructure Cache Appliance option  
where all nodes in a cluster automatically share  
configuration information through a  
proprietary communications protocol. See also  
Full clustering.  
Object store  
A custom high-speed database where the Intel  
NetStructure CacheAppliance stores all cached  
objects.  
MIB  
Management Information Base. The set of  
parameters that an SNMP management station  
can query in the SNMP agent of a network  
device (for example, a router). The Intel  
NetStructure Cache Appliance supports two  
MIBs: MIB2 (a well-known standard MIB) and  
the proprietary Intel NetStructure Cache  
Origin server  
The web server that contains the original copy  
of the requested information.  
Glossary  
159  
             
Parent cache  
SNMP  
A cache higher up in a Cache hierarchy, to  
which the Intel NetStructure Cache Appliance  
can send requests.  
Simple Network Management Protocol. A set  
of standards used for communication with  
devices connected to a TCP/IP network.  
SNMP-compliant devices (agents) store  
information about themselves in MIBs and  
provide this information to SNMP Managers.  
POP  
1. Point of Presence. Usually a city or location  
to which a network can be connected, often  
Soft Cluster  
Multiple appliances that use an external  
clustering device such as an L4 Switch or  
router to handle load balancing and routing  
responsibilities.  
2. Post Office Protocol. The basic protocols for  
addressing e-mail.  
Proxy server  
See Web proxy server.  
SSL  
Secure Sockets Layer. A protocol that enables  
encrypted, authenticated communications  
across the Internet. Used mostly in  
browsers.  
Reverse proxy  
A option that allows the Intel NetStructure  
server for convenient geographical distribution  
of server content. Reverse proxy also off loads  
static content service from servers building  
dynamic content and provides a peak load  
buffer or surge protector for web servers.  
Sometimes referred to as Server acceleration.  
TCP  
Transmission Control Protocol. An Internet  
Standard transport layer protocol. TCP  
provides reliable end-to-end communication by  
using sequenced data sent by IP.  
Router  
A device that handles the connection between 2  
or more networks. Routers look at destination  
addresses of the packets passing through them  
and decide which route to send them on.  
Transparent proxy caching  
A configuration option that enables the Intel  
NetStructure Cache Appliance to intercept and  
respond to Internet requests without requiring  
users to reconfigure their browser settings. It  
does this by intercepting traffic destined for an  
origin server and redirecting that traffic  
through the cache.  
Server  
The software engine resident in the appliance  
that enables the appliance to cache objects.  
Server acceleration  
URL  
See Reverse proxy.  
Uniform Resource Locator. The address that  
defines the route to a file on the web or other  
Internet facility.  
160  
Intel NetStructure Cache Appliance Administrator’s Guide  
       
Virtual IP failover  
Web server  
An option available to clustered Intel  
NetStructure Cache Appliances, where the  
appliance maintains a pool of virtual IP  
addresses that it assigns to the nodes of a  
cluster. If a node fails, the remaining nodes  
mask the fault and take over the failed node’s  
virtual interface.  
A computer that provides World Wide Web  
services on the Internet. See also Origin server.  
WPAD  
Web Proxy Auto-Discovery. A protocol that  
allows clients to automatically locate a web  
proxy, providing the benefits of a proxy  
without the need for explicit client  
configuration.  
WCCP  
Web Cache Control Protocol. A protocol used  
by Cisco IOS-based routers to redirect traffic  
during transparent proxy caching.  
Web proxy server  
Forwards client requests to Origin servers. The  
proxy server may deny requests according to  
filter rules or security limitations.  
Glossary  
161  
 
A
F
adaptive bypass 126  
Adaptive Redirection Module  
about 145  
what it does 121  
alternates 119  
ARM  
ensuring 115  
HTTP 116  
G
about 145  
WCCP and 124  
what it does 121  
H
host database  
about 144  
B
configuring 44  
bypass  
options 127  
bypass rules  
dynamic 127  
static 127  
ICP  
about 136  
configuring 41  
peer 136  
C
cache affinity 122  
Cache-Control headers 117  
child cache 135  
clustering  
ICP cache hierarchies 136  
ipnat.conf 125  
management-only 141  
Configuring HTTP 30  
Configuring Protocols 30  
Configuring SNMP agents 29  
content fingerprinting 144  
M
Manager UI, accessing 12  
MIBs 148  
MRTG  
accessing 22  
D
dataflow core 143  
disk failure tolerance 147  
DNS resolver 144  
163  
 
N
news server  
features 138  
NNTP  
access control 32  
about 128  
caching 139  
configuring 31  
feed groups 32  
object freshness 141  
push groups 32  
configuring 43  
Setting Virtual IP addressing 26  
enabling 29  
O
object store 144  
online help 15  
about 120  
origin server 114  
P
parent cache 135  
configuring HTTP 40  
HTTP 135  
about 146  
parent failover 135  
performance 143  
pin-in-cache 81  
proxy caching  
about 114  
WCCP  
checking 44  
explicit and transparent 114  
HTTP alternates 119  
whether to cache 119  
pull group 142  
pullover group 141  
push group 142  
R
RAM cache  
about 144  
redirects 131  
revalidation 116  
reverse proxy  
about 128  
164  
Intel NetStructure Cache Appliance Administrator’s Guide  

Maxtor One Touch STM302504OTB3E5 RK User Manual
Linn IKEMI &amp; GENKI User Manual
La Crosse Technology World Time Center WS 7092U User Manual
Hitachi SH G1000 User Manual
Gourmet Standard Coffee Brewing Systems User Manual
GE ZBD6700 User Manual
Fujitsu MHS2030AT User Manual
Clarion DB538RMP User Manual
Atmel Corp Computer Accessories AT91EB42 User Manual
ALCATEL Mobile Phones 306 User Manual