CDN Web Cache

1. How the Cache works

Web cache, as a Web caching technology, can be implemented on any intermediate network element where a user accesses a Web server. According to the definition of HTTP protocol, in one page access, the user requests from the client to the Web server in response to the request content of the interaction process, usually involves 4 key network elements: users, agents, gateways and WEB servers. When the Web cache is used as a proxy, it usually works in the forward proxy or transparent proxy mode, in which the Web cache can implement the caching and service of accessing the content copy, and the Web cache application is the most common in the gateway, which is also a typical application scenario of CDN. Gateways typically work in reverse proxy mode.

1.1 Forward Proxy

In the Forward proxy mode, users need to configure their network Access Proxy address as the address of the Cache device, and all access to the Internet by the intranet user is done through Proxy server proxy. The user can also set up a proxy server only for special applications, at which point only such access needs to be done through the proxy server proxy. Normally, the caching device of the forward proxy supports redundant configuration, which guarantees the stability and availability of the agent system. The work of the co-direction agent is as follows:

As in the example above, the user host and the proxy server are deployed in the same network environment, the user host address is 192.168.10.101, the address of the forward proxy server is 192.168.10.1, the network server address that the user wants to access is 172.16.10.200. Typically the user needs to configure the forward proxy address (192.168.10.1) and service port (8080) for the host being used, after which the request process is as follows:

• When the user is on the internet, the data transmission of its host to the external network server is transmitted to the forward proxy server first;
• The proxy server checks to see if the user request data is saved in the proxy cache, and if there is a direct return to the user, if there is no cache request content, the proxy server is responsible for sending the user host request data to the extranet destination server, while receiving and caching the external server response data, and feedback the response data to the user host.

Note: You can also complete security authentication and access control functions when performing the forward proxy functionality, such as setting up certain users to access external site points during business hours, or prohibiting access to certain external sites.

Example of a forward proxy deployment:

1.2 Reverse Proxy

In the reverse proxy (backward proxy) mode, the user does not need to configure the proxy server address, the address of the cache device is written to the DNS record as the service address of the domain being accessed, and proxy access is done using the content routing/switching capability of the cache device. The difference between a reverse proxy and other proxy methods is that the reverse proxy specifically accelerates the customization of the content, such as all of the Web content in the domain name streambc.com or all the streaming content in the domain name streamde.com.

How Reverse proxies work

The proxy server (Cache) and Application Server (server) are deployed in the same network environment, the user host address is 192.168.10.101, the application server address is 172.16.10.200, and the reverse proxy server address is 172.16.10.1, the application server's external access address is the reverse proxy server address 172.16.10.1, and the user directly accesses the proxy server to obtain the service provided by the application server without having to configure any proxy services. The approximate process is as follows:

• The user first sends the data request to the external network's reverse proxy server;
• The proxy server checks whether the data requested by the user is saved in the proxy cache and returns it directly to the user if there is one;
• If the requested content is not cached, the reverse proxy server sends the user host request data to the application server, receives the application server response data and feeds back to the user host, and caches the user requests for the content.

When performing the reverse proxy function, the proxy server responds to most of the application access requests, greatly reducing the load pressure on the application server.

1.3 Transparent Proxy

Transparent proxy mode, the user's browser does not need to configure the proxy server address, but the user's routing device needs to support the WCCP protocol (Web Cache Control Protocol) Transparent. Once the router is configured with WCCP functionality, the specified user traffic is forwarded to the cache, which is serviced by the cache. Another option is to use a layer 4 switch to transfer the user's traffic to the cache, which is served by the cache. With WCCP or layer 4 switches, you can support load balancing and distribute traffic evenly over multiple caches.

Transparent proxy can be regarded as the forward proxy mode of operation through network device or protocol, so it has many same characteristics as forward proxy.

How transparent proxies work

Similar to the way the forward proxy is deployed, user hosts and proxy servers are deployed in the same network environment with a user host address of 192.168.10.101, the address of the forward proxy server is 192.168.10.1, the target Application server address is 172.16.10.200. The approximate process is as follows:

• The user does not need to configure any proxy service when accessing the target server, and directly sets the target address of the service request to the application server IP address;
• The user host requests the data to be intercepted by the transparent agent before sending to the target host, the transparent agent checks whether the user request data is saved in the proxy cache, and returns it directly to the user if there is one;
• If the request content is not cached, the transparent proxy server sends the user host request data to the target server while listening to the extranet server in response to user request data, and the user host keeps the relevant data in the cache for the same access request in the later service network.

2. Web caching technology based on HTTP protocol

The main purpose of the Web cache technology is to satisfy the subsequent same user request by caching the content copy, using the cache device to share the user's access load to the source site, thus increasing the request response speed and user access concurrency of the web site. In the CDN system, the Web Cache uses the reverse proxy to measure the key performance metrics of the device, including: The number of user access concurrency (that is, the amount of request links), data distribution throughput (bandwidth), packet loss rate, response time, service hit ratio, etc.

2.1 Performance Indicators 2.1.1 Concurrency

The use of Web cache, on the one hand can greatly improve the number of concurrent users of web sites, improve the response speed of Web sites, on the other hand, because the Web cache itself, the hardware configuration limits its processing performance, in the design of the Web cache in the early stages need to plan the user access to handle the amount of concurrency, This enables the Web Cache to achieve the expected value of the user concurrency after the deployment is complete.

2.1.2 Throughput Rate

The throughput rate of Web cache refers to the amount of data that can be processed and forwarded in unit time, and the throughput rate is an important performance index to measure the processing speed of the cache device. The throughput rate of the Cache device is determined by the CPU performance, network interface card performance, data transfer bus size, disk speed, memory buffer capacity, and the effectiveness of the software to manage these components. In the actual application, the throughput rate of web Cache depends on the transmission bandwidth speed of the network and the transmission efficiency of the application protocol itself. If the network bandwidth of the Internet connection is low, the throughput bottleneck of the Web Cache device's external service will appear on the network access point.

2.1.3 Hit rate

Cache service hit rate is to provide users with content services, if the node has cached the data to be accessed, you can directly provide services to users, which is called hit; if not, the CDN needs to go to the content source server, that is, miss, need to return the source, hit rate = number of hits/total requests, The hit rate referred to here is the Cache service HTTP request hit rate.

2.1.4 Response time and packet loss rate

Request response time refers to the time that a user initiates a content access request to Liu Basketball. Getting to content is one of the most important factors in the WEB user experience. Response time is mainly determined by the following aspects.

• DNS resolution time: DNS resolution is the first step for a user to access a page or request a service, usually this time in 0.18~0.3 seconds is normal, less than 0.18 seconds is fine.
• Establish connection time: refers to the Internet Explorer and the WEB server to establish TCP/IP connection time consumption, establish connection time mainly consider the server hardware processing performance, establish the connection time in 0.15~0.3 seconds for normal, less than 0.15 seconds for good.
• REDIRECT time: The time it takes to consume a Web server redirection instruction before the first packet provided by the Web server, typically less than 0.1 seconds.
• Received first packet time: refers to the time from the end of Internet Explorer sending HTTP request to the first packet returned by the WEB server. Receiving the first packet time mainly considers the performance of the dynamic or back source, which is normal in 0.2~0.4 seconds.
• Picture download time: Usually use the 150KB size of the picture download time to evaluate the CDN element-level acceleration performance, this time in 1-2 seconds is normal.
• Total page download time: Refers to the page all the content to reach the browser time, the total download time is mainly expressed as the overall page time, different types of site evaluation criteria, usually this time required in 10 seconds.
• Packet loss rate: Refers to the number of packets lost during WEB Cache response data transmission, the ratio of packets sent, the higher the drop rate will cause the retransmission of the larger amount of data, thereby prolonging the Cache response time.

2.2 Content Storage mechanism

Storage is the container and carrier of Web cache to "persist" cached content, and the design of content storage scheme will directly affect the server hit rate, response speed and investment cost of Web cache.

Common Storage Technologies:

• Shared storage: good performance, stable and high reliability, but higher investment cost;
• Distributed System service mode: can be based on low-cost storage media to provide high-capacity, high-performance, highly reliable storage services, but the implementation of deployment technology requirements are high, and the technology may introduce additional network latency, it is more suitable for the use of streaming media services.
• Local attached storage (DAS): The Web cache object size is averaged 10~12kb, so it is appropriate to use this storage technology.

2.3 Content Update mechanism

Web Cache follows these basic rules:

1. If the HTTP response header information tells the cache not to be cached, the cache does not buffer the content.
2. If the request for a content requires authentication or secure encryption, the cache does not buffer the content.
3. If there is no ETag or last-modified header information in the HTTP response, the cache considers the lack of direct update information, which is not cacheable by default.
4. A cached copy if it contains the following information, the cache considers it to be new enough to be sent directly from the cache without sending a request to the source server:
   • Header information that contains the complete expiration time and lifetime control, and the content is still within the lifetime.
   • The browser has already used this cached copy and has checked the freshness of the content in the same session.
5. If the cached copy of the content is already old, the cache will request a checksum to the source station to determine whether the service can continue to continue using the current replica. If the original copy is not changed after the checksum, the Cache avoids retrieving the copy from the source station server.

2.3.1 between the Cache and the source station server

1. When the source station server returns a content response message to the cache, a validation message is included, and the cache saves the authentication information when the content is cached.
2. When a user requests the content, if the cache discovers that the cached content expires, the authentication information is used to generate a "conditional" request to request validation from the source server.
3. After receiving such a request, the source server compares the validation information contained in the request with its own local authentication information. If the two authentication information is equal, then a response message with a specific status code (such as 304 not Modified, which indicates that the content has not been modified) and the message body content is empty is returned, indicating that the copy can continue to be used, and if two authentication information is not equal, the source station server will send the Cache Transmits a complete response message that contains the new content.

"Conditional" authentication includes both positive and negative validation, if the request requires that the authentication information that is included with the message must be equal (using the "If-match" header of the request message) is positive authentication, if the two are not equal (using the "If-none-match" header of the request message) is a negative authentication.

Validation can be divided into strong or weak validation.

• Strong validation: It is to verify that every byte of the accessed content has not changed, because any changes will cause the corresponding validation information to change. Strong validation, such as using the ETAG, can be used in almost any situation.
• Weak validation: Only verify that the semantics of the content being accessed has not changed significantly, and that the validation information changes only when the content semantics change significantly. If the verification information can be applied to the case that does not require exact consistency, the modification time of an access content is generally considered to be weak authentication information.

2.4 Web Cache Optimization 1. HTTP Connection Aggregation

The principle of HTTP connection aggregation is to convert multiple short connections into a long connection, thus reducing the connection. HTTP connection aggregation can greatly reduce the resource consumption caused by the server's frequent opening and closing of TCP connection processing.

2. HTTP gzip compression

The method of making HTTP transfer content compression is mainly when the Web Server responds to the client by compressing the text file in gzip format and setting the HTTP header Information content-encoding field to the Gzip property.

CDN Web Cache