Persistent Caching

Persistent caching is a feature of the rXg that benefits the both end-users and operators with both a perceived and actual increase in performance and as well as a decrease in uplink utilization. When enabled, the local persistent store is consulted before any request is sent to the original web server destination. The request is serviced using a local copy if one exists. If not, the request is serviced by originating a HTTP request from the rXg and transmitting the response to the original end-user or device that made the request.

The HTTP headers of the response are checked for cache control options. If the content is cacheable, it is placed into the persistent store. To keep the cached content up to date, the proxy will transmit a request to the original web server to check to see if content has modified based on an expiration timetable configured by the operator. Enabling the persistent cache is a simple way to dramatically improve the performance and reduce the WAN uplink utilization of most revenue generating networks.

Web Caches

Records in the web caches scaffold enable the rXg integrated transparent web cache. The transparent web cache utilizes persistent storage to store HTML pages and assets that transit the rXg. Enabling the web cache reduces WAN uplink utilization as commonly accessed files will be served from the rXg persistent store.

The name field is an arbitrary string descriptor used only for administrative identification. Choose a name that reflects the purpose of the record. This field has no bearing on the configuration or settings determined by this scaffold.

The note field is a place for the administrator to enter a comment. This field is purely informational and has no bearing on the configuration settings.

The Intercept SSL/TLS checkbox enables the rXg integrated HTTPS proxy. Enabling this feature tells the rXg to intercept all HTTPS traffic, determine the destination and generate an SSL certificate matching the destinaion on-the-fly. Client software will report an SSL certificate error unless the rXg SSL certificate which is used to sign all of the on-the-fly generated certificates is installed on the client device.

The WAN targets field limits the effect of the web cache settings defined by this record to traffic that is originating from or destined to the IP addresses or DNS names listed in the selected WAN targets. By default, a web cache record affects all HTTP traffic matched by the policy regardless of WAN origin / destination. Setting a WAN target causes the breadth of the web cache to be limited to the specified hosts in the manner specified by the WAN target mode.

The WAN target mode field determines the effect of choosing WAN targets. When set to ignore, all HTTP requests originating from end-users and devices selected by the associated policy will take part in the web cache except for the requests that are headed to the IP addresses and DNS names in the chosen WAN targets. Conversely, when set to cache, only the HTTP requests headed to the chosen WAN targets originating from end-users selected via the policy will be cached and all other requests will not be cached.

The policy field relates this record to a set of groups through a policy record.

Web Proxy Servers

Entries in the Web Proxy Servers scaffold define configuration profiles for the rXg integrated web proxy and cache.

The active field enables an option set. Exactly one option set may be active at any time. Enabling a particular option set will automatically disable another existing active option set.

The name field is an arbitrary string descriptor used only for administrative identification. Choose a name that reflects the purpose of the record. This field has no bearing on the configuration or settings determined by this scaffold.

The note field is a place for the administrator to enter a comment. This field is purely informational and has no bearing on the configuration settings.

The mode field affects how and when objects are cached.

The memory (diskless) option utilizes an in-memory cache that is faster than storing cached objects to disk, but sacrifices caching larger files. This mode utilizes a heap GDSF algorithm which optimizes object hit rate by keeping smaller popular objects in the cache so a request has a better chance of getting a hit. It achieves a lower byte hit rate by evicting larger (possibly popular) objects.

The disk + memory option utilizes both an in-memory cache and a disk cache, which facilitates caching larger objects, and more content in general, which optimizes uplink bandwidth utilization at the expense of performance compared to the memory-only mode. The disk cache utilizes a heap LFUDA algorithm which keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached.

The disabled (proxy-only) mode disables all object caching and is useful in conjunction with the content filtering and/or payload rewriting proxies, when caching is not desired or performance is of higher priority than optimizing uplink utilization.

The disk cache size field limits the amount of disk space to use for the disk cache when the mode field includes the disk method. This field is automatically calculated based on the size of the system's disk and cannot be set higher. Setting it lower may be desired to affect cache behavior.

The disk file size field limits the maximum size of an object cached to disk. This field may be changed to affect the byte versus object hit rate of the disk cache.

The memory file size field limits the maximum size of an object cached to memory. This field may be changed to affect the byte versus object hit rate of the memory cache.

The prefetch limit field sets an upper limit on how far (number of bytes) into the file a Range request may be to cause the web cache to prefetch the whole file. If beyond this limit, the proxy forwards the Range request as it is and the result is NOT cached. This is to stop a far ahead range request (lets say start at 17MB) from making the web proxy fetch the whole object up to that point before sending anything to the client. A size of 0 causes the web proxy to never fetch more than the client requested.

The clear cache field forces the disk cache to be flushed. It is necessary to check this field when making changes to some of the above options.

The Certificate Authority and Certificate fields are used to specify the rXg certifcate that will be used to sign the on-the-fly generated certificates used by the SSL intercept mechanism. The certificate specified here must be installed on client devices that participate an rXg policy with SSL interception enabled in order to avoid certificate errors. The Certificate Authority and Certificate fields are mutually exclusive (only one may be specified).

By default, access to rXg services are either limited to the LAN or disabled entirely. In certain cases, the operator may desire to permit accessibility to services over the WAN and/or LAN. To enable access to rXg services over the WAN, the operator should specify one or more WAN targets containing the list of allowed hosts and then set the visibility appropriately. If no WAN target is specified and WAN visibility is enabled, any node on the WAN may connect to the service. It is highly recommended that this wide-open configuration be avoided to ensure system security. If LAN visibility is included then all authenticated nodes on the LAN may access this service.