Re: Cisco cache engine / forced caching.

>My university currently uses Squid, but is considering deploying the Cisco
>Cache Engine and then forcing redirection of all Web access through it. I am
>trying to evaluate this approach in a systematic way. However, I can find
>nothing except very vague marketing information on the Cisco home page.

heh, tell me about it. I spent the morning talking to our local Cisco
guys which cleared up a lot of the misunderstandings we had with it.

>1. Does anyone know any technical details about the Cisco Cache Engine?

Even after this meeting, I'm still unclear on the technical details.
It was suggested that it does IMS on every request, and uses the
traditional expiry-as-proportion-of-age. Access controls are fairly
naive (ie a simple URL deny list or a simple URL accept list), and it
is expected that further access controls would be provided by the
router and/or firewall. It only caches on port 80, so it doesn't do
FTP.

Aside from that, I expect it will be blazingly fast (and for the money
it should be) as the OS is in firmware. I understand the OS is based
on their Director series architecture, but I wouldn't want to be held
to it. They are currently shipping a 24Gb / 900-concurrent-streams
version, and you have to be running a 7000-series Cisco, although they
said they were working on both smaller and larger versions of the
engine, and developing for their smaller routers.

Interestingly, because it's proxying is two-way, if you put it on the
upstream end of, say, one's 64Kb line with a web server on it, traffic
to the web server will be reduced. This kind of thing (combined with
the transparency) could make it a popular choice for ISPs.

The Cisco guy said that it would support ICP when it became an
internet standard, whatever that means.

>2. Has anyone evaluated it? Do you have even second-hand information
> about it ?

We're going to be looking at a demo model Real Soon Now, on one of our
monitored networks, so we should be able to do some good analysis on
how it affects our traffic, and especially how it affects the
downstream squid caches.

>3. Has forced caching beeng successful on any large University
>campuses?

Note that you don't *force* caching with the Cisco engine, as far as I
understand, you simply put it in the way and hope it works Any web
port 80 traffic that goes through a router that controls a cache farm
will possibly benefit from the caching (either direction).

We force our accesses through our squid cache cluster, and have quite
a lot of success with it. There is the obvious problem of ensuring
client machines are configured to use the cache, but our helpdesk is
now well trained on working with that. We use some fairly
sophisticated ACLs to allow public-access labs access to only a subset
of the net (that subset that doesn't go over our expensive fibre out
of New Zealand, mainly).

We only block port 80, so SSL, FTP and non-standard HTTP ports can
still go direct, but most people just put in the cache settings and
forget about it.

>My impression is that there will always be some Web pages which will
>not be properly served through a proxy cache, due to variations in
>the way HTTP is used. Would others concur?

I've seen a steady decline in hit rate over the past 3 or 4 years (!)
that I attribute to the increase in dynamic content. There are also a
lot of broken web servers out there :-)

--jules
Received on Thu Oct 23 1997 - 18:23:36 MDT