Cisco press content networking fundamentals apr 2006 ISBN 1587052407

Publisher: Cisco Press Pub Date: March 30, 2006 Print ISBN-10: 1-58705-240-7 Print ISBN-13: 978-1-58705-240-8 Pages: 576 Master the application-layer protocols, including HTTP, SSL, RSTP

By Silvano Da Ros

Publisher: Cisco Press Pub Date: March 30, 2006 Print ISBN-10: 1-58705-240-7 Print ISBN-13: 978-1-58705-240-8 Pages: 576

Master the application-layer protocols, including HTTP, SSL, RSTP, RTP and FTP Design redundancy and high availability by using server load balancing, Domain Name System (DNS) directory services, Cisco DistributedDirector software,

proximity-based load balancing, and global sticky databases

Learn to switch and offload encrypted content by importing, creating, and

configuring certificates and keys in Secure Sockets Layer (SSL) termination devices Examine how to configure routers with Web Cache Communication Protocol (WCCP) and to switch content requests to content engines for serving frequently requested objects

Learn how to configure caching, live push- and pull-splitting, content acquisitioning, and pre-positioning using Cisco Application and Content Networking System (ACNS) software

Content networking is the most popular technology used to enhance network and

application performance The growth of content networking has been driven by end-user demands for richer content and lowered response times These demands have caused the field of content networking to flourish with technological advances Today many companies use content networking to add a layer of intelligence to their systems, scaling server availability and optimizing content delivery.

underlying networking technologies that content networking uses to accelerate your applications in new and unique ways You'll discover various algorithms behind content networking and learn how the Cisco Systems® product suite implements them.

In this comprehensive guide, you start with a review of the protocols required for content networking, building your knowledge of introductory concepts and applications From there, you delve into the components specific to content networking, with a focus on the content-aware Open Systems Interconnection (OSI) Layers 4 through 7 Numerous

deployment examples help you understand the more advanced topics You can use the configuration snapshots in this book as skeletal configurations for your production

network.

Following the valuable lessons taught in Content Networking Fundamentals, you'll be able

to effectively design, deploy, maintain, and troubleshoot content networks.

By Silvano Da Ros

Publisher: Cisco Press Pub Date: March 30, 2006 Print ISBN-10: 1-58705-240-7 Print ISBN-13: 978-1-58705-240-8 Pages: 576

Review Questions

Recommended Reading

Part IV: Applications for Serving Content, at the Network Edge Chapter 7 Presenting and Transforming Content

Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Index

information storage and retrieval system, without written

permission from the publisher, except for the inclusion of briefquotations in a review

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0First Printing March 2006

possible, but no warranty or fitness is implied

accompany it

The opinions expressed in this book belong to the author andare not necessarily those of Cisco Systems, Inc

Trademark Acknowledgments

All terms mentioned in this book that are known to be

trademarks or service marks have been appropriately

capitalized Cisco Press or Cisco Systems, Inc., cannot attest tothe accuracy of this information Use of a term in this book

RealNetworks, Inc

Feedback Information

At Cisco Press, our goal is the creation of in-depth technicalbooks of the highest quality and value Each book is craftedwith care and precision, undergoing rigorous development thatinvolves the unique expertise of members from the professionaltechnical community

Readers' feedback is a natural continuation of this process If

feedback@ciscopress.com Please be sure to include the booktitle and ISBN in your message

Production Manager:

Patrick Kanouse

Technical Editors: Mark

Gallo, Stefano Testa, Maurice Traynor

Luxembourg • Malaysia • Mexico • The Netherlands • New

Zealand • Norway • Peru • Philippines • Poland • Portugal •Puerto Rico • Romania • Russia • Saudi Arabia • Scotland •

Singapore • Slovakia • Slovenia • South Africa • Spain •

Sweden • Switzerland • Taiwan • Thailand • Turkey • Ukraine •United Kingdom • United States • Venezuela • Vietnam •

Study are service marks of Cisco Systems, Inc.; and Aironet,ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco,the Cisco Certified Internetwork Expert logo, Cisco IOS, theCisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems

Capital, the Cisco Systems logo, Empowering the Internet

Generation, Enterprise/Solver, EtherChannel, EtherSwitch, Fast

Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise,the iQ logo, LightStream, MGX, MICA, the Networkers logo,

Silvano Da Ros is currently a networking consultant in Toronto

and has worked previously as a systems engineer for Cisco

Systems While at Cisco, he enjoyed working with enterpriseorganizations on emerging network solutions, including IP

telephony, content networking, and security Prior to joiningCisco, his computer science degree saw him as a software

developer, developing client-server and web applications fornumerous public and private sector agencies Silvano holds abachelor of computer science and a masters of engineering ininternetworking from Dalhousie University in Halifax, Nova

Scotia

Mark Gallo is a systems engineering manager at Cisco

Systems within the Channels organization He has led severalengineering groups responsible for positioning and deliveringCisco end-to-end systems, as well as designing and

implementing enterprise LANs and international IP networks Hehas a BS in electrical engineering from the University of

Pittsburgh and holds Cisco CCNP and CCDP certifications Markresides in northern Virginia with his wife Betsy and son Paul

Stefano Testa joined Cisco in 1998, as part of the Catalyst

6500 software development team Since moving to technicalmarketing in 2000, he's been focusing on technologies such ascontent switching, geographic load balancing, SSL acceleration,and integration with security products He is currently managing

a team of technical marketing engineers dedicated to Layers 4-7 application acceleration and security technologies Stefanoworks closely with Cisco account teams to help customers

design high-performance integrated data-centers and

application-aware solutions He also collaborates with severalCisco engineering teams on future software releases, networkmanagement, and platforms for Layers 4-7 services

Writing a book is never a singular effort, and this one certainlyrequired the help from a group of exceptionally qualified people

In particular, I'd like to give special recognition to my reviewers,Mark, Ted, Stephano, and Maurice, for their technical critique ofthis book Thanks for your unique spin on many of the concepts

in this book

The Cisco Press editorial team, including John Kane, Raina Han,and Betsey Henkels, has also been a huge factor in the

mails and phone calls during every stage of writing this book Ithas been a pleasure and honor working on this project with

successful completion of this book Thanks for your countless e-Cisco Press

Thanks to my friends at Cisco for help with ideas early on in thebook's development; Haroon Khan for the CDM screenshots;and Tim Forehand, Jamund Ferguson, and Brooke Collins fromRealNetworks for their time and effort spent on making the

RealMedia portion of this book happen

I and Cisco Press would also like to thank Niraj Jain and TedGrevers for their contributions to the book

[View full size image]

The conventions used to present command syntax in this bookare the same conventions used in the IOS Command Reference.The Command Reference describes these conventions as

follows:

Boldface indicates commands and keywords that are

entered literally as shown In actual configuration examplesand output (not general command syntax), boldface

Within Internetworking, there are numerous career fields, such

as network security, IP telephony, and Storage Area Networking(SAN) Content networking is growing so much that it has

become a discipline of its own In the past, most organizationshave given the content networking responsibility to the IT

operations or network security staff, but these days the fieldhas become so large and complex that organizations often

require dedicated content networking professionals to designand operate their content networks

The purpose of this book is to introduce content networking as

an individual field of study, and explain how numerous

application and networking concepts are married to make thediscipline a whole

This book will first introduce you to some basic underlying

networking technologies, which have been around for quite awhile but that content networking uses in new and unique ways

to accelerate your applications

Once you understand the underlying technologies, this bookuses the divide-and-conquer approach to address the singlebroad topic of content networking By further isolating and

examining content networking's constituent technologies, youavoid the blurring and generalizing that tend to occur whendiscussing content networking Covering each subtopic and itsinterdependencies in detail will give you valuable insight intothe overall topic of content networking, without minimizing theimportance of each subtechnology

to fully understand the content networking concepts discussed

in this book

Specifically, this book is an excellent resource for professionalswho

Design, implement, and maintain content networks

Are preparing for the Cisco CCNP content networking exam

Are responsible for technically justifying the purchase ofcontent networking products to their management or

purchasing departments

Although this book is designed to be read from cover-to-cover,

it was also developed so that you can easily jump between itsparts, chapters, and sections, enabling you to concentrate ononly those topics that require your focused attention As

mentioned previously, both application- and network-centricprofessionals will learn a great deal about their IT counterpart'snative technologies By allowing the reader to effectively

concentrate on particular areas, this book benefits readers fromdiverse technical backgrounds

Chapter 1 provides an introduction to content networking

Chapters 2 through 9 are framed as background chapters tocontent networking, giving a detailed examination of both thefundamentals of networks and applications Chapters 10

through 14 are the core content networking chapters, with eachChapter providing a detailed treatment of a particular

subtechnology of content networking If you intend to read allthe chapters, the order in the book is an excellent sequence touse

approximately equal coverage on each layer To glue thelayers together, this Chapter ends with an illustration of asample application flow, showing how the layers interact

Chapter 3 , "Introducing Switching, Routing, and

Address Translation" This Chapter introduces how frames

are switched by Layer 2 switches, how packets are routedand switched by Layer 3 routers, and how the transportsegment's IP addresses and port numbers are translated byLayer 4 content switches and firewalls

Chapter 4 , "Exploring Security Technologies and

Network Infrastructure Designs" This Chapter covers

major topics for securing your applications and network,such as packet filtering, application inspection, and

encryption, and provides design backdrops for common

networking infrastructures, including WANs, campuses, andInternet Content Delivery Networks (ICDN)

Chapter 5 , "IP Multicast Content Delivery" Streaming

media and content distribution can consume a great deal ofnetwork bandwidth To deal with this issue, Chapter 5

provides a way to minimize potential flooding using IP

multicast

Chapter 6 , "Ensuring Content Delivery with Quality of Service" This Chapter provides a way to minimize the

Chapter 8 , "Exploring the Application Layer" This

Chapter introduces the application layer and in particularthe protocols that pertain to content networking concepts

Sockets Layer (SSL), and FTP application layer protocols

Chapter 9 , "Introducing Streaming Media" This

Chapter covers streaming media concepts, including howvideo on demand (VoD), live, and rebroadcast events aredelivered using Real-Time Transport Protocol (RTP), Real-Time Streaming Protocol (RTSP), and Motion Picture ExpertGroup (MPEG) protocols This Chapter also compares andcontrasts Microsoft Windows, Apple QuickTime, and

Chapter 11 , "Switching Secured Content" This Chapter

shows how to switch and offload encrypted content by

importing, creating, and configuring certificates and keys inSSL termination devices, such as the Content Switching

Module (CSM) with Secure Sockets Layer (SSL) daughtercards (CSM-S) and the Content Services Switch (CSS) SSLmodules

Chapter 12 , "Exploring Global Server Load Balancing"

This Chapter shows how to design redundancy and high

availability across your sites, using the Domain Name

System (DNS), Distributed Director, proximity-based loadbalancing, and global sticky databases

Chapter 13 , "Delivering Cached and Streaming Media"

This Chapter examines how to configure your routers withWeb Cache Control Protocol (WCCP) and content switches toswitch requests to Content Engines (CE) for serving

proxy caching on your CEs using the Application and

media; standard caching services, such as web and reverse-Content Networking System (ACNS); value-added services,such as content authentication and content preloading; andcontent freshness from CEs

Chapter 14 , "Distributing and Routing Managed

Content" This Chapter explores how to configure ACNS for

content distribution and routing serivces, by configuringchannels of CEs, forwarding content to those channels, andusing content request routing technologies, such as

simplified hybrid routing and dynamic proxy auto-configuration, to route client's requests for the distributedcontent

Chapter 1 Introducing Content Networking

Networking

Chapter Goals

This Chapter provides a thorough overview of content networking to establish a general context for the more detailed topics covered in the remaining chapters The Chapter presents the overview by covering the following topics:

technologies in terms of supplying customers with end-to-end solutions for their business needs.

Since the early 1990s, web applications have grown

considerably in scope The web applications of the 1990s

included only informational and advertising content, but by nowthey have become a robust suite of critical business functions.Cisco Systems, Inc., is a prime example of an organization thatdepends heavily on and promotes the web for most of its

business functions, both internally and externally Internally atCisco, employees attend training seminars, book flights, fill outvacation requests, and reserve customer demonstration

equipment online Additionally, their phone system, corporatecommunications, remote access, and e-learning systems arerun over the web External customer-facing functions includingordering hardware, downloading software, requesting customersupport, and receiving training are all completed over the web

as well

Not only have high-tech industries like Cisco been rapidly

and-mortar companies are relying now more than ever on web-based portals for greater productivity gains, increased

adopting web technologies, but seemingly old-fashioned brick-revenues, and cost savings In turn, the increasing dependence

of organizations on the use and growth of networked

applications to ensure that success has grown to levels neverseen before This heavy reliance on web content has spurredorganizations to achieve network cost savings and applicationacceleration to ensure continual growth and prosperity

Content networking involves elements from all aspects of

network computing, from high-level applications to underlyingnetwork protocols Understanding of the basics of both

computer networking and applications developed for networks

is a crucial prerequisite to obtaining a deeper understanding ofcontent networking Thus, this book covers the following threenetwork entities to help you better understand this wide-

reaching field:

Originator The originator (or an origin server) provides

content for requesting clients The content can range fromlive video, software downloads, and file transfers to e-mail,static informational data, and dynamic fully-interactive

multimedia The applications may include e-learning,

corporate communications, e-commerce, hosting services,and enterprise client/server applications, among many

others

Network infrastructure The network infrastructure

delivers the content The network can be either a private orpublic network, composed of a number of underlying

protocols and concepts, such as TCP/IP and Ethernet, plusthe content networking services and intelligent networkservices discussed in this book

Recipient The recipient (or client) requests the content.

The recipient can range from PC desktop client applications,such as web browsers and video players to cell phones,personal data assistants (PDAs), television sets, IP phones,and many more

Figure 1-1 illustrates the relationships among these three

Figure 1-1 will be discussed in detail throughout this book

Figure 1-1 Relationship Between Recipient, Network, and Originator Content Network Entities

[View full size image]

In the past few decades, TCP/IP has become the most commonnetworking protocol, and its original intention has remained asvalid today as when it was conceived in the late 1960s That is,

location to another Indeed, in the recent past, the only servicethe network provided to an application was packet delivery, witheither guaranteed or best-effort service levels Moreover, clientswere aware of only a few basic details concerning the origin

server, such as name and services provided The originatorswere completely unaware of details about their requesting

clients, except those anticipated and hard-coded into the

application by its developer Neither knew much more about thenetwork on which content was delivered and received than how

to interface into it

Until recently, the function of the network remained separatefrom the applications that ran on it In the past few years,

acknowledging the new and increasing demands for the network

to add value to applications, the Cisco development team haspushed its networking software toward implementing contentnetworking technologies Slowly, existing network devices wereextended with a few of the application protocols and intelligentnetwork services shown in Figure 1-1 Eventually, however, avast new suite of content-based products was created, resulting

in the robust content networking solutions that exist today Asyou will see throughout this book, content networking providesnumerous services to accelerate content delivery and

encompasses all aspects and protocols included within the threeentities shown in Figure 1-1

Content networking is a new paradigm of computing and

communications Concentration has shifted from both

computers and networks, individually, toward the creation of acollective system called a content network, encompassing

characteristics of both computers and networks Thus, contentnetworking can be broadly defined as content-awareness by notonly the originator of the content but by all three basic networkentities As you may find, however, content networking is

somewhat vague when defined generally In the remainder ofthis Chapter, you explore a more detailed definition of content

networking software can be seamlessly enabled for content-This book focuses on the content-aware Layers 4 through 7 ofthe OSI model The OSI model is a standard reference for

understanding networks and developing other standards OSI isused most commonly as a detailed reference for which vendorsdevelop networking protocol stacks, which in turn can

themselves become standards

Consider each layer of the OSI model to be a process

responsible for a set of actions to be performed on an item ofinformation on behalf of upper layers When the item is

processed at one layer, it is passed directly to the next layer forprocessing Each layer also communicates indirectly with

adjacent layers on other devices and specifies the addressingand identification details used among them

information In traditional networks, for Layers 5 through 7, theapplications running on the client and origin server are in logical

illustrates the OSI model in traditional networks The dottedlines represent inter-process communication between adjacentlayers

Figure 1-2 The OSI Reference Model in

Traditional Networks

Before content networking, intermediary devices in the networkwould stop processing information at Layers 2, 3, and 4 in

switches, routers, and firewalls, respectively Within contentnetworking devices, however, the processing continues up theprotocol stack in order to add intelligence to the informationexchanged between the communicating applications, as

illustrated in Figure 1-3 Bear in mind that, although content

to TCP/IP-based routing and switching and their related

understanding almost all content networking technologies, thisbook focuses more on subjects related to the upper-three OSIlayers These layers are rarely referenced separately in thisbook and are therefore combined and referred to collectively as

In most aspects of life, a need or problem often encouragescreative efforts to meet the need or solve the problem That is,necessity is often the mother of invention This also pertains tonetwork computing, where development is spurred by ever

increasing end-user demands for richer content, more

bandwidth, and increased reliability To fulfill these demands,first you must address the following four areas:

system does not have the resources to yield the same levels ofperformance as before Another example might be with a

corporate communication application, in which the number ofparticipants has increased and been distributed over a largegeographic region These types of situations may require anincrease in the scalability and availability of an application

Scaling the Application

application by providing room for future growth without

changing how the application works and with minimal changes

to the network infrastructure Scalability services include thefollowing technologies, which will be discussed in detail

throughout this book:

Content edge delivery Positioning application content

away from the origin server, and in closer proximity to

clients, scales the application by offloading requests to thecontent network

splitting, and resource reservation IP multicast and

Enhanced content delivery with IP multicast, stream-stream-splitting scales the network by avoiding replication

of identical flows over the same network link, thus

minimizing end-to-end bandwidth consumption of contentdelivered to a large number of users Resource reservationscales the application by manipulating network parameters

to expedite application traffic delivery

Content transformation and prioritization

Transformation provides conversion of content within thenetwork without further burdening of origin servers

Prioritization enables custom network delivery of applicationtraffic

Availability services include the following, which will be

discussed throughout this book:

Content switching Increases availability by replicating

origin server content across numerous identical systems,either within the same data center or across globally

distributed data centers

Session redundancy Session redundancy provides failover

from one network device, such as a firewall or load

balancer, to an identical device without dropping existingTCP connections

Router redundancy Protocols, such as Hot Standby Router

Protocol (HSRP) and Virtual Router Redundancy Protocol(VRRP), provide router gateway redundancy by having tworouters or load balancers share a virtual IP (VIP) and MACaddress for clients to use as their default gateway If eitherfails, the other will take over within seconds

IP routing redundancy Dynamic IP routing protocols,

such as OSPF, EIGRP, and IS-IS, provide availability within arouting domain by maintaining multiple paths to each

network in the routing table

Layer 2 switching redundancy Spanning tree and Cisco

Etherchannel provides Layer 2 redundancy in a switchedenvironment

Availability does not necessary follow scalability For example,you can scale the disk drive capacity of a computer system byadding another hard drive, but if any one of those drives fails,loss of data is certain Only when replication across the system

around since the mid-1990s, with such protocols as HSRP andVRRP However, application redundancy built directly into thenetwork is a newer concept that follows the same basic

premise That is, it enables any individual component to failwithout significantly affecting overall performance In the sameway that HSRP protects against network faults, application

redundancy provides application and business continuity in theevent of unexpected application failure

Scheduled hitless application upgrades to replicated origin

servers are possible with content networking availability

services By taking one server down at a time and allowing

existing connections to complete prior to upgrading, the entireserver farm remains available Chapter 9, "Introducing

Streaming Media," discusses Cisco's content networking

availability services

Looking at some simple probabilities, let us say that a singleorigin server is shown to be available 95.5 percent of the time,based on the empirical behavior data of the application The 4.5percent downtime in this example may account for scheduledserver upgrades and unexpected system crashes A simple