Cisco Press Content Networking Fundamentals Apr 2006 ISBN 1587052407

Content Networking Fundamentals

  By Silvano Da Ros ...............................................

  Publisher: Cisco Press Pub Date: March 30, 2006 Print ISBN-10: 1-58705-240-7 Print ISBN-13: 978-1-58705-240-8 Pages: 576

   A comprehensive introduction to the theory and practical applications of content networking

  

Get a strong introduction to the basic networking concepts necessary for content

networking, including network address translation, IP multicast content delivery,

quality of service, and streaming media

Master the application-layer protocols, including HTTP, SSL, RSTP, RTP and FTP

Design redundancy and high availability by using server load balancing, Domain

Name System (DNS) directory services, Cisco DistributedDirector software, proximity-based load balancing, and global sticky databases Learn to switch and offload encrypted content by importing, creating, and configuring certificates and keys in Secure Sockets Layer (SSL) termination devices Examine how to configure routers with Web Cache Communication Protocol (WCCP) and to switch content requests to content engines for serving frequently requested objects Learn how to configure caching, live push- and pull-splitting, content acquisitioning, and pre-positioning using Cisco Application and Content Networking System (ACNS) software Content networking is the most popular technology used to enhance network and application performance. The growth of content networking has been driven by end-user

demands for richer content and lowered response times. These demands have caused the

field of content networking to flourish with technological advances. Today many companies

use content networking to add a layer of intelligence to their systems, scaling server availability and optimizing content delivery.

  

Content Networking Fundamentals introduces you to content networking solutions and the

underlying networking technologies that content networking uses to accelerate your applications in new and unique ways. You'll discover various algorithms behind content networking and learn how the Cisco Systems® product suite implements them.

  

In this comprehensive guide, you start with a review of the protocols required for content

networking, building your knowledge of introductory concepts and applications. From

there, you delve into the components specific to content networking, with a focus on the

content-aware Open Systems Interconnection (OSI) Layers 4 through 7. Numerous deployment examples help you understand the more advanced topics. You can use the configuration snapshots in this book as skeletal configurations for your production network.

  

Following the valuable lessons taught in Content Networking Fundamentals, you'll be able

to effectively design, deploy, maintain, and troubleshoot content networks.

Content Networking Fundamentals

  By Silvano Da Ros ...............................................

  Publisher: Cisco Press Pub Date: March 30, 2006 Print ISBN-10: 1-58705-240-7 Print ISBN-13: 978-1-58705-240-8 Pages: 576

  

  

  

  

  

  

  

  

  

  

Copyright Content Networking Fundamentals

  Silvano Da Ros Copyright© 2006 Cisco Systems, Inc.

  Cisco Press logo is a trademark of Cisco Systems, Inc. Published by: Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 First Printing March 2006 Library of Congress Cataloging-in-Publication Number: 2005922508

Warning and Disclaimer

  This book is designed to provide information about the fundamentals of content networking. Every effort has been made to make this book as complete and as accurate as

  The information is provided on an "as-is" basis. The authors, Cisco Press, and Cisco Systems, Inc., shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it.

  The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

Trademark Acknowledgments

  All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

  RealNetworks images and information in

  courtesy of RealNetworks, Inc.: Copyright © 19952005 RealNetworks, Inc. All rights reserved. RealNetworks, Helix, Helix Proxy, RealProxy, RealPlayer, and RealMedia are trademarks or registered trademarks of RealNetworks, Inc.

Feedback Information

  At Cisco Press, our goal is the creation of in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at

  

. Please be sure to include the book

title and ISBN in your message.

  We greatly appreciate your assistance.

  Publisher: John Wait Cisco Representative: Anthony Wolfenden

  Editor-in-Chief: John Cisco Press Program Kane Manager: Jeff Brady Production Manager: Technical Editors: Mark Patrick Kanouse Gallo, Stefano Testa, Maurice Traynor Development Editor: Betsey Henkels Copy Editor: Paul Wilson Editorial Assistant: Raina Han Book and Cover Designer: Louisa Adair Composition: Mark Shirar Indexer: Tim Wright Proofreader: Kayla Dugger

  Corporate Headquarters Cisco Systems, Inc.

  170 West Tasman Drive San Jose, CA 95134-1706 USA

  

  Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100

  European Headquarters

  Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands

  

  Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100

  Americas Headquarters Cisco Systems, Inc.

  170 West Tasman Drive San Jose, CA 95134-1706 USA

  

  Tel: 408 526-7660 Fax: 408 527-0883

  Asia Pacific Headquarters Cisco Systems, Inc.

  168 Robinson Road #22-01 to #29-01 Singapore 068912

  

  Tel: +65 6317 7777 Fax: +65 6317 7799 Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco.com Web site at

  Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe Copyright © 2003 Cisco Systems, Inc. All rights reserved. CCIP, CCSP, the Cisco Arrow logo, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, iQ Net Readiness Scorecard, Networking Academy, and ScriptShare are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet

  Step, GigaStack, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, SMARTnet, StrataView Plus, Stratm, SwitchProbe, TeleRouter, TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0303R) Printed in the USA

Dedications

  This book is dedicated to my wife, Kimberley, and parents, Mario and Catherine. Thank you for your support and encouragement.

About the Author

  

Silvano Da Ros is currently a networking consultant in Toronto

  and has worked previously as a systems engineer for Cisco Systems. While at Cisco, he enjoyed working with enterprise organizations on emerging network solutions, including IP telephony, content networking, and security. Prior to joining Cisco, his computer science degree saw him as a software developer, developing client-server and web applications for numerous public and private sector agencies. Silvano holds a bachelor of computer science and a masters of engineering in internetworking from Dalhousie University in Halifax, Nova Scotia.

About the Technical Reviewers

  Mark Gallo is a systems engineering manager at Cisco

  Systems within the Channels organization. He has led several engineering groups responsible for positioning and delivering Cisco end-to-end systems, as well as designing and implementing enterprise LANs and international IP networks. He has a BS in electrical engineering from the University of Pittsburgh and holds Cisco CCNP and CCDP certifications. Mark resides in northern Virginia with his wife Betsy and son Paul.

  Stefano Testa joined Cisco in 1998, as part of the Catalyst

  6500 software development team. Since moving to technical marketing in 2000, he's been focusing on technologies such as content switching, geographic load balancing, SSL acceleration, and integration with security products. He is currently managing a team of technical marketing engineers dedicated to Layers 4- 7 application acceleration and security technologies. Stefano works closely with Cisco account teams to help customers design high-performance integrated data-centers and application-aware solutions. He also collaborates with several Cisco engineering teams on future software releases, network management, and platforms for Layers 4-7 services.

  

Maurice Traynor is a technical team lead (networks), for HP's

  (Hewlett-Packard ) Managed Services Group, where his team architects and builds networks for a large financial institution. He has worked in the networking arena for 14 years, with jobs in pre- and post-sales systems engineering, technical consulting, and teaching.

Acknowledgments

  Writing a book is never a singular effort, and this one certainly required the help from a group of exceptionally qualified people. In particular, I'd like to give special recognition to my reviewers, Mark, Ted, Stephano, and Maurice, for their technical critique of this book. Thanks for your unique spin on many of the concepts in this book. The Cisco Press editorial team, including John Kane, Raina Han, and Betsey Henkels, has also been a huge factor in the successful completion of this book. Thanks for your countless e- mails and phone calls during every stage of writing this book. It has been a pleasure and honor working on this project with Cisco Press.

  Thanks to my friends at Cisco for help with ideas early on in the book's development; Haroon Khan for the CDM screenshots; and Tim Forehand, Jamund Ferguson, and Brooke Collins from RealNetworks for their time and effort spent on making the RealMedia portion of this book happen.

  I and Cisco Press would also like to thank Niraj Jain and Ted Grevers for their contributions to the book.

  

Icons Used in This Book

[View full size image]

Command Syntax Conventions

  The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows:

  Boldface indicates commands and keywords that are

  entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command).

  Italics indicate arguments for which you supply actual values.

  Vertical bars | separate alternative, mutually exclusive elements.

  Square brackets [ ] indicate optional elements. Braces { } indicate a required choice. Braces within brackets [{ }] indicate a required choice within an optional element.

Introduction

  Within Internetworking, there are numerous career fields, such as network security, IP telephony, and Storage Area Networking (SAN). Content networking is growing so much that it has become a discipline of its own. In the past, most organizations have given the content networking responsibility to the IT operations or network security staff, but these days the field has become so large and complex that organizations often require dedicated content networking professionals to design and operate their content networks. The purpose of this book is to introduce content networking as an individual field of study, and explain how numerous application and networking concepts are married to make the discipline a whole.

Goals and Methods

  This book will first introduce you to some basic underlying networking technologies, which have been around for quite a while but that content networking uses in new and unique ways to accelerate your applications.

  Once you understand the underlying technologies, this book uses the divide-and-conquer approach to address the single broad topic of content networking. By further isolating and examining content networking's constituent technologies, you avoid the blurring and generalizing that tend to occur when discussing content networking. Covering each subtopic and its interdependencies in detail will give you valuable insight into the overall topic of content networking, without minimizing the importance of each subtechnology.

Who Should Read This Book?

  This book is designed for any networking or application professional who requires an introduction to content networking. If you come to this book as an application professional, you will be able to obtain an introduction to the basic networking concepts from the first few chapters; this information may be superfluous to the network professional. On the other hand, networking professionals will be able to glean information about application concepts from the initial chapters to fully understand the content networking concepts discussed in this book.

  Specifically, this book is an excellent resource for professionals who Design, implement, and maintain content networks Are preparing for the Cisco CCNP content networking exam Are responsible for technically justifying the purchase of content networking products to their management or purchasing departments

How This Book Is Organized

  Although this book is designed to be read from cover-to-cover, it was also developed so that you can easily jump between its parts, chapters, and sections, enabling you to concentrate on only those topics that require your focused attention. As mentioned previously, both application- and network-centric professionals will learn a great deal about their IT counterpart's native technologies. By allowing the reader to effectively concentrate on particular areas, this book benefits readers from diverse technical backgrounds.

  are framed as background chapters to

  content networking, giving a detailed examination of both the fundamentals of networks and applications. through

   are the core content networking chapters, with each

  Chapter providing a detailed treatment of a particular subtechnology of content networking. If you intend to read all the chapters, the order in the book is an excellent sequence to use.

  The chapters of this book cover the following topics:

  

"Introducing Content Networking" This

Chapter offers general insight into the broad topic of

  content networking, including its purpose, goals, and subtechnologies.

   "Exploring the Network Layers" This Chapter examines Layers 1 through 4 of the Open Systems Interconnection (OSI) reference model, giving

  approximately equal coverage on each layer. To glue the layers together, this Chapter ends with an illustration of a with one another.

   "Introducing Switching, Routing, and Address Translation" This Chapter introduces how frames

  are switched by Layer 2 switches, how packets are routed and switched by Layer 3 routers, and how the transport segment's IP addresses and port numbers are translated by Layer 4 content switches and firewalls.

   "Exploring Security Technologies and Network Infrastructure Designs" This Chapter covers

  major topics for securing your applications and network, such as packet filtering, application inspection, and encryption, and provides design backdrops for common networking infrastructures, including WANs, campuses, and Internet Content Delivery Networks (ICDN).

   "IP Multicast Content Delivery" Streaming

  media and content distribution can consume a great deal of network bandwidth. To deal with this issue,

  provides a way to minimize potential flooding using IP multicast.

  impact of packet loss, delay, and jitter by enabling QoS features in your network.

   "Exploring the Application Layer" This Chapter introduces the application layer and in particular discussed throughout the book, including HTTP, Secure Sockets Layer (SSL), and FTP application layer protocols.

   "Introducing Streaming Media" This Chapter covers streaming media concepts, including how

  video on demand (VoD), live, and rebroadcast events are delivered using Real-Time Transport Protocol (RTP), Real- Time Streaming Protocol (RTSP), and Motion Picture Expert Group (MPEG) protocols. This Chapter also compares and contrasts Microsoft Windows, Apple QuickTime, and RealNetworks streaming technologies.

   "Exploring Server Load Balancing" This Chapter shows how to design redundancy and high

  availability into your server farms by configuring load distribution algorithms, health checks, session persistence, and Layer 57 load balancing on your content switches.

  

"Switching Secured Content" This Chapter

  shows how to switch and offload encrypted content by importing, creating, and configuring certificates and keys in SSL termination devices, such as the Content Switching Module (CSM) with Secure Sockets Layer (SSL) daughter cards (CSM-S) and the Content Services Switch (CSS) SSL modules.

  

"Exploring Global Server Load Balancing"

This Chapter shows how to design redundancy and high

  availability across your sites, using the Domain Name System (DNS), Distributed Director, proximity-based load balancing, and global sticky databases.

  

"Delivering Cached and Streaming Media" This Chapter examines how to configure your routers with Web Cache Control Protocol (WCCP) and content switches to frequently requested objects. These frequently requested objects can include the following: HTTP and streaming media; standard caching services, such as web and reverse- proxy caching on your CEs using the Application and Content Networking System (ACNS); value-added services, such as content authentication and content preloading; and content freshness from CEs.

  content distribution and routing serivces, by configuring channels of CEs, forwarding content to those channels, and using content request routing technologies, such as simplified hybrid routing and dynamic proxy auto- configuration, to route client's requests for the distributed content.

  Part I: Overview of Content Networking context for the more detailed topics covered in the remaining chapters. The Chapter presents the overview by covering the following topics: Definition of content networkingGives a general definition of the field. The underlying technologiesDefines content networking with respect to the Open System Interconnection (OSI) and TCP/IP protocol stacks. Purpose and goals of content networkingInforms the reader of the motivation

  Cisco content networking solutionsIntroduces Cisco content networking

technologies in terms of supplying customers with end-to-end solutions for their

business needs.

  Since the early 1990s, web applications have grown considerably in scope. The web applications of the 1990s included only informational and advertising content, but by now they have become a robust suite of critical business functions. Cisco Systems, Inc., is a prime example of an organization that depends heavily on and promotes the web for most of its business functions, both internally and externally. Internally at Cisco, employees attend training seminars, book flights, fill out vacation requests, and reserve customer demonstration equipment online. Additionally, their phone system, corporate communications, remote access, and e-learning systems are run over the web. External customer-facing functions including ordering hardware, downloading software, requesting customer support, and receiving training are all completed over the web as well.

  Not only have high-tech industries like Cisco been rapidly adopting web technologies, but seemingly old-fashioned brick- and-mortar companies are relying now more than ever on web- based portals for greater productivity gains, increased revenues, and cost savings. In turn, the increasing dependence of organizations on the use and growth of networked applications to ensure that success has grown to levels never seen before. This heavy reliance on web content has spurred organizations to achieve network cost savings and application acceleration to ensure continual growth and prosperity.

Defining Content Networking

  Content networking involves elements from all aspects of network computing, from high-level applications to underlying network protocols. Understanding of the basics of both computer networking and applications developed for networks is a crucial prerequisite to obtaining a deeper understanding of content networking. Thus, this book covers the following three network entities to help you better understand this wide- reaching field:

  

Originator The originator (or an origin server) provides

  content for requesting clients. The content can range from live video, software downloads, and file transfers to e-mail, static informational data, and dynamic fully-interactive multimedia. The applications may include e-learning, corporate communications, e-commerce, hosting services, and enterprise client/server applications, among many others.

  Network infrastructure The network infrastructure

  delivers the content. The network can be either a private or public network, composed of a number of underlying protocols and concepts, such as TCP/IP and Ethernet, plus the content networking services and intelligent network services discussed in this book.

  

Recipient The recipient (or client) requests the content.

  The recipient can range from PC desktop client applications, such as web browsers and video players to cell phones, personal data assistants (PDAs), television sets, IP phones, and many more. entities. Related content networking concepts highlighted in the will be discussed in detail throughout this book.

  

Figure 1-1. Relationship Between Recipient,

Network, and Originator Content Network Entities

[View full size image]

  In the past few decades, TCP/IP has become the most common networking protocol, and its original intention has remained as it remains a simple method to deliver a payload from one location to another. Indeed, in the recent past, the only service the network provided to an application was packet delivery, with either guaranteed or best-effort service levels. Moreover, clients were aware of only a few basic details concerning the origin server, such as name and services provided. The originators were completely unaware of details about their requesting clients, except those anticipated and hard-coded into the application by its developer. Neither knew much more about the network on which content was delivered and received than how to interface into it. Until recently, the function of the network remained separate from the applications that ran on it. In the past few years, acknowledging the new and increasing demands for the network to add value to applications, the Cisco development team has pushed its networking software toward implementing content networking technologies. Slowly, existing network devices were extended with a few of the application protocols and intelligent network services shown in . Eventually, however, a vast new suite of content-based products was created, resulting in the robust content networking solutions that exist today. As you will see throughout this book, content networking provides numerous services to accelerate content delivery and encompasses all aspects and protocols included within the three entities shown in .

  Content networking is a new paradigm of computing and communications. Concentration has shifted from both computers and networks, individually, toward the creation of a collective system called a content network, encompassing characteristics of both computers and networks. Thus, content networking can be broadly defined as content-awareness by not only the originator of the content but by all three basic network entities. As you may find, however, content networking is somewhat vague when defined generally. In the remainder of networking in terms of the following three specific categories:

  

Understanding the Underlying Technologies

  The need for the network to add value to applications is advanced by a growing thirst for more robust applications, which are able to respond instantaneously. Traditional networking software operated at intelligence levels too low to accelerate services, which were governed by these aggressive demands. However, a network installed with Cisco content networking software can be seamlessly enabled for content- awareness and thus easily fulfill such demands.

  This book focuses on the content-aware Layers 4 through 7 of the OSI model. The OSI model is a standard reference for understanding networks and developing other standards. OSI is used most commonly as a detailed reference for which vendors develop networking protocol stacks, which in turn can themselves become standards.

  Consider each layer of the OSI model to be a process responsible for a set of actions to be performed on an item of information on behalf of upper layers. When the item is processed at one layer, it is passed directly to the next layer for processing. Each layer also communicates indirectly with adjacent layers on other devices and specifies the addressing and identification details used among them. Whereas devices connect physically to each neighbor at Layer 1, all layers above Layer 1 connect logically to the same layer on the communicating device. For Layers 2 and 3, the communicating devices are often switches and routers, respectively. For example, a workstation can connect logically at Layer 2 to another workstation through a Layer 2 switch. For Layer 4, the communicating device is often a firewall, or any network device capable of maintaining transport state information. In traditional networks, for Layers 5 through 7, the communication with one another over the network. illustrates the OSI model in traditional networks. The dotted lines represent inter-process communication between adjacent layers.

Figure 1-2. The OSI Reference Model in Traditional Networks

  Before content networking, intermediary devices in the network would stop processing information at Layers 2, 3, and 4 in switches, routers, and firewalls, respectively. Within content networking devices, however, the processing continues up the protocol stack in order to add intelligence to the information exchanged between the communicating applications, as networking devices are specialized for Layers 5 through 7 processing, they have numerous capabilities to process information at Layers 1 through 4.

  

Figure 1-3. The OSI Reference Model in Content

Networks

[View full size image]

  TCP/IP is the predominant network protocol suite of the Internet today. It is based on the OSI reference model, but its details are specific to the requirements of today's networks.

  This book focuses on characteristics of the OSI model as they pertain to TCP/IP.

  will explain the lower four layers of the OSI model with respect protocols. Although these lower layers are essential to understanding almost all content networking technologies, this book focuses more on subjects related to the upper-three OSI layers. These layers are rarely referenced separately in this book and are therefore combined and referred to collectively as "Layers 5 through 7," or simply "Layers 57."

Tip

  For an example trace of an actual application message passing through each layer of the TCP/IP

  

Purpose and Goals

  In most aspects of life, a need or problem often encourages creative efforts to meet the need or solve the problem. That is, necessity is often the mother of invention. This also pertains to network computing, where development is spurred by ever increasing end-user demands for richer content, more bandwidth, and increased reliability. To fulfill these demands, first you must address the following four areas:

  

Scalability and Availability

  Different types of applications require increases to their performance levels. For example, a web application may require enhancements to its functionality and intelligence (that is, the computer programming code), and the current computer system does not have the resources to yield the same levels of performance as before. Another example might be with a corporate communication application, in which the number of participants has increased and been distributed over a large geographic region. These types of situations may require an increase in the scalability and availability of an application.

  Content networking extends scalability services to the application by providing room for future growth without changing how the application works and with minimal changes to the network infrastructure. Scalability services include the following technologies, which will be discussed in detail throughout this book:

  

Content edge delivery Positioning application content

  away from the origin server, and in closer proximity to clients, scales the application by offloading requests to the content network.

  Enhanced content delivery with IP multicast, stream-

splitting, and resource reservation IP multicast and

  stream-splitting scales the network by avoiding replication of identical flows over the same network link, thus minimizing end-to-end bandwidth consumption of content delivered to a large number of users. Resource reservation scales the application by manipulating network parameters to expedite application traffic delivery.

  Content transformation and prioritization

  Transformation provides conversion of content within the network without further burdening of origin servers. Prioritization enables custom network delivery of application traffic.

  

Flash crowd protection Protection against sudden, but

  valid, traffic spikes directed toward an application is important to maintaining service levels to customers.

  Increasing Application Availability

  The general idea behind designing a system for availability is identical to the first, without changing the overall structure of the existing individual components. Availability services include the following, which will be discussed throughout this book:

  

Content switching Increases availability by replicating

  origin server content across numerous identical systems, either within the same data center or across globally distributed data centers.

  Session redundancy Session redundancy provides failover

  from one network device, such as a firewall or load balancer, to an identical device without dropping existing TCP connections.

  Router redundancy Protocols, such as Hot Standby Router

  Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP), provide router gateway redundancy by having two routers or load balancers share a virtual IP (VIP) and MAC address for clients to use as their default gateway. If either fails, the other will take over within seconds.

  

IP routing redundancy Dynamic IP routing protocols,

  such as OSPF, EIGRP, and IS-IS, provide availability within a routing domain by maintaining multiple paths to each network in the routing table.

  Layer 2 switching redundancy Spanning tree and Cisco

  Etherchannel provides Layer 2 redundancy in a switched environment.

  Availability does not necessary follow scalability. For example, you can scale the disk drive capacity of a computer system by adding another hard drive, but if any one of those drives fails, occurs, such as with use of the RAID protocol in this example, is availability possible. Router gateway redundancy has been around since the mid-1990s, with such protocols as HSRP and

  VRRP. However, application redundancy built directly into the network is a newer concept that follows the same basic premise. That is, it enables any individual component to fail without significantly affecting overall performance. In the same way that HSRP protects against network faults, application redundancy provides application and business continuity in the event of unexpected application failure. Scheduled hitless application upgrades to replicated origin servers are possible with content networking availability services. By taking one server down at a time and allowing existing connections to complete prior to upgrading, the entire server farm remains available.

  origin server is shown to be available 95.5 percent of the time, based on the empirical behavior data of the application. The 4.5 percent downtime in this example may account for scheduled server upgrades and unexpected system crashes. A simple formula to estimate the probability of an entire server farm failing is

  PServerfarm_Failure = 1 PIndividual_Failuren = 1 (1 PIndividual_Success)n

  In this formula, n is the number of redundant servers and PIndividual_Success is the proportion of time that the original server is measured as available.

  Replicating the system above and distributing load between two percent availability. In order to achieve "five nines of availability," or 99.999 percent uptime, how many servers are needed? With three servers, we would have 1 (1 0.955)3 = 0.99990 = 99.998 percent, and with four servers, 1 (1 0.995)4 = 0.99999 = 99.999 percent. Therefore, with this simple formula, four redundant servers are required to provide 99.999 percent availability. But is this math a practical way to calculate availability? The answer is: it depends. Balancing the load across numerous identical servers is not necessarily transparent at the application level. Depending on the type of application, its logic may require modification in order to support a load balanced environment. As a result, the probability of failure may not decrease as steadily for certain applications as for others, when new nodes are added to the farm.

  When designing a network application, there are many questions for you to consider in addition to those addressed by the simple math discussed previously:

  What is the type of application? Where should the content be located and is local high- availability sufficient or should cross-site availability be considered? What are the security concerns and is encryption necessary?

  Throughout this book, these questions and more like them will be answered when discussing concepts and configuring content network examples and scenarios.

  Bandwidth and Response Times

  In the 1990s, users accepted waiting upwards to 10 seconds for viewable content to download to browsers or for network file copies to complete. With the inexpensive increases in bandwidth availability to the desktop, which now reach gigabits per second, and through enhanced last-mile Internet access technologies, waiting more than a few seconds is no longer acceptable. However, within the network core, building additional infrastructure to increase bandwidth and decrease response times can be extremely expensive. Fortunately, in the past, various technologies have been used to make upgrades less expensive. Consider the following examples of using technology to increase capacity and add services without requiring modification to the existing infrastructure:

  Voice over IP (VoIP) for converging voice into existing IP networks makes it possible to avoid the need to maintain a separate analog voice network. Note that a significant investment in the existing IP network is essential before VoIP services are rolled out. Storage Area Networking (SAN) for transporting storage communication protocols, such as Small Computer System Interface (SCSI) and Fibre Channel over existing IP networks, uses existing high-availability networks for storage. For cross-continent satellite links, 500 millisecond round trip time (RTT) is common, which can cause issues for some delay-sensitive TCP-based applications. Applications can create multiple TCP streams that increase window sizes and other TCP-based solutions to circumvent these issues. The expensive alternative is to install cross-continent submarine fiber optics. Modem data compression methods increase the capacity of

  Emerging Internet last-mile technologies, such as aDSL, are used to better use available frequency on existing telephone lines to support data and analog voice simultaneously. In a similar fashion, content networking makes better use of existing infrastructure by using technology instead of brute network upgrades. Content access is accelerated and bandwidth costs are saved by copying content in closer proximity to the requesting clients. Placing content surrogates toward the edge of the network and away from the central location decreases end-to-end packet latency. Furthermore, placing content at the edge eliminates the need to transit the WAN, enabling other types of traffic to use the WAN and possibly eliminate the need to upgrade WAN capacity.

Customization and Prioritization

  As you will see throughout this book, inserting intelligence and decision-making capabilities into a network is central to the concept of content networking. Adding intelligence to the network while leaving the origin servers free to provide the services they were designed to perform is vital to the enhancement of application performance. In particular, customization and prioritization offers many benefits to applications that require increased efficiency.

  Two forms of customization are available with content networking: request redirection and automatic content transformation.

  

Request redirection Clients requesting content can be

  redirected by the content network to various versions of an application, based on the following client criteria:

  • Browser/media player types and cookies
  • Phone and PDA features, such as screen resolutions and operating systems

  Request redirection is beneficial because application developers need only create multiple versions of the same content and publish them to separate application servers. The customization is transparent to clients with different criteria. The various versions appear to be the same, because the name and IP address used to access the application are the same.

  Automatic content transformation Content

  transformations by the network can be transparent to the clients and origin servers. A popular example of this is transformation of content from one markup language to another. The criteria for this example can be client browser or media player type.

  To provide prioritization to application traffic, you can enable various QoS mechanisms within the network:

  Packet Queuing and Scheduling Various content

  networking technologies can be used to classify applications into categories. Once applications are classified, the network can use these categories to sort applications into delivery priority and queue for transmission on the link.

  Resource Reservation Protocol (RSVP) RSVP enables an

  application to allocate bandwidth on the network prior to sending data. When the data is sent, the network will send the traffic based on the promised bandwidth from the original reservation request. available bandwidth for specific applications using shaping and policing. Shaping provides soft limits on bandwidth consumption and enables applications to rise above given thresholds. Traffic policing is strict and will thus drop traffic when thresholds are reached.

  Please refer to

Chapter 4 , "Exploring Security Technologies and Network Infrastructure Designs," for information on these QoS technologies. Security, Auditing, and Monitoring Given the public nature of the Internet, secure communication

  is a high priority for organizations with publicly available services. For any organization investing resources in developing products and services protecting them from ending up in unwanted hands are critical steps in its network design.

  However, securing a network is not a trivial task. A typical enterprise network may include e-mail, database transactions, web content, video, and instant messaging. The vast number of tools available for designing and implementing network security from different vendors makes the security design task even more difficult. To protect your network, Cisco offers numerous levels of security for deploying secure content networks.

Securing Content on the Network

  Cisco SAFE Security Blueprint for Enterprises discusses Cisco's security solutions in terms of practical scenarios that apply to the majority of enterprise networks. The SAFE architecture highlights every basic security measure available for Cisco networks and recommends configuration options for deploying designing and deploying content networks. On all fronts of the design, successfully securing Cisco content networks requires security at all layers of the OSI model. To reduce the chance of security problems occurring and to help detect them when they do occur, you can use TCP/IP filtering and network security auditing.

TCP/IP Filtering

  Access Control Lists (ACLs) in Cisco IOS are useful for permitting or denying requests to services that are available within the network. Because standard ACLs are stateless, TCP flows are not stored in memory, and every packet is applied to the ACL regardless of the TCP flow it is a part of. On the other hand, stateful ACLs provide various means to track TCP flows to ensure that packets belong to a valid flow before filtering traffic. An important factor to consider when performing TCP/IP filtering is whether IP subnets are used to divide servers into groups. If not, and there are no plans to feasibly subnet the IP address space, firewalls operating transparently, at Layer 2 of the OSI model, can be used instead. Layer 2 firewalls are convenient for environments in which the IP addressing scheme is not subnetted, but servers are logically grouped according to the required security policies. The server groups can be cabled to different firewall ports and filtered according to appropriate security policies. This gives the ability to statefully secure groups from one another, even if they are on the same IP subnet.

  To group servers based on IP subnets in a switched environment, use virtual LANs (VLAN). You can use VLANs within Cisco IOS ACLs or firewalls to either statelessly or statefully control traffic between logical groups of clients and private VLANs (PVLAN). PVLANs prevent malicious behavior between hosts on the same VLAN, by blocking all traffic between private switch ports, and enabling only traffic that originates from these ports to traverse configurable public ports.

Network Security Auditing

  Various forms of network auditing are available to designers of Cisco networks: