CacheGuard-OS
User's Guide - Version UF-2.0.2

Load Balancing & Sharing

CacheGuard's scalable architecture allows you to share the total Web traffic among multiple installed appliances. All appliances may share their cached Web contents with each other. To do so appliances use their "internal" network interface to communicate with each other. In a load-balanced architecture all appliances should be configured to use the same "peer" ports number. Default peer ports are 8081 and 8082 for the "icppeer" port and "httppeer" port, respectively. Use the following commands to change these values:

• port icppeer <port-number>
• port httppeer <port-number>
• apply

Sharing "cached data" is a good mechanism of load balancing and can be implemented using an explicit method or an implicit method.

Explicit Load Balancing / Sharing

The explicit method consists in affecting explicitly an appliance to a network. In this configuration, each end user should appoint a specific appliance as his or her Web proxy. This way, different end users will use different appliances while sharing its cached contents together. When using the explicit method, it is recommended to configure an access policy in which end users are not allowed to connect to all appliances. This way the Web traffic is distributed explicitly between installed appliances.

Example

Consider the network "172.18.2.0/255.255.255.0" in which we want to implement two appliances in an explicit load-sharing configuration: Let us say "cachguard1" and "cachguard2" are our two appliances. To implement this configuration we decide to assign "cachguard1" to clients having an IP address included in the range "172.18.2.1-128" and "cachguard2" to clients having an IP address included in the range "172.18.2.129-254".

To deploy this configuration we inform all end users to configure their Web browser to use the appropriate Web proxy to access the internet. To implement this we configure our appliances as follows:

The following commands should be executed on the "cacheguard1":

• ip internal 172.18.2.1 255.255.255.0
• peer share add 172.18.2.129
• access web add internal 172.18.2.0 255.255.255.128
• apply

And the following commands on the "cacheguard2":

• ip internal 172.18.2.129 255.255.255.0
• peer share add 172.18.2.1
• access web add internal 172.18.2.128 255.255.255.128
• apply

Now the target network is configured to use both appliances in a peer-sharing configuration.

Implicit Load Balancing / Sharing

The implicit method consists in configuring deployed appliances in HA (High Availability) mode. Refer to the High Availability section for further information on how to implement the implicit load balancing / sharing.

Chaining CacheGuards

Two or more appliances may be chained to link end users to the internet. In such a configuration each appliance contributes to optimise and secure Web traffic. For instance a remote appliance may be installed as a main frontal gateway connected directly to the internet so that a local appliance uses the latter as its "next" peer.

Example

Consider an ISP (Internet Service Provider) having a main central appliance installed on its internet backbone. This ISP provides secured and optimised Web access to several subscribers through a private WAN (an MPLS network for instance) and CacheGuard technologies. Since all subscribers use the main central appliance this later has to support important Web traffic loads. Therefore the central appliance should be installed using robust and powerful hardware components (Huge RAM, multi CPUs, Raid 10 HD, redundant power supply...). Also it is recommended to use the HA (High Availability) mode for strategic appliances. In this example the internal network interface IP address for the main central appliance is 10.0.0.254 / 255.255.255.0.

A second appliance located at the subscriber location links local clients to the internet. This local appliance uses the main remote appliance as its "next" peer. The external network interface IP address for this local appliance is 10.5.0.1 / 255.255.255.0.

As the WAN linking the local appliance to the remote central appliance has a low-level bandwidth (Let say 2 Mbps), the compression feature should be activated on the remote appliance. We also activate the caching feature in this appliance to share cached data between all subscribers.

The local subscribers' appliance is seen as a previous appliance for the remote one. To set this configuration up, the following commands should be executed on the main central appliance:

• ip internal 10.0.0.254 255.255.255.0
• peer previous add 10.5.0.1 255.255.255.255
• mode compress on
• mode cache on
• apply

Note that, the local appliance uses the "proxy" port of the remote appliance for Web traffic (and not its "peer" ports). To configure the local appliance use the following commands:

• ip external 10.5.0.1 255.255.255.0
• peer next add 10.0.0.254
• mode cache on
• mode compress off
• apply

In the above example, as local Web users are connected using an ethernet network, the compression feature doesn't offer any optimisation so it's not activated. But the caching may save the precious bandwidth of the WAN so the caching feature is activated on the local appliance.