How Edge Cache Works

Edge Cache enables single-sided caching of Internet-based content, including web objects, videos and software updates. Edge Cache requires only one Exinda appliance.

When web objects are downloaded from the Internet or across WANWide Area Network links, Edge Cache stores them at the edge of the network. When subsequent requests come for the same material, the content is quickly delivered from Edge Cache, without the need to download the data again over the WAN. The result is the ability to experience LANLocal area network speeds of WAN objects, and provide users with a better network experience.

Edge Cache also supports HTTPS sites allowing the appliance to be a forward proxy and decrypt content for caching. This is important as more and more applications and services are moving to the cloud. These SaaS-based applications are typically delivered over HTTPS and so to be effective, Edge Cache must support caching this HTTPS traffic.

Edge Cache also offers cache statistics, which provide insight into the amount of repetitive data being off-loaded from the WAN link, how cacheable the network data is, and how frequently the cache is being accessed.

Caching Internet-based Content

To cache web traffic, a client-side Exinda appliance is put in line with the traffic. When a network user visits a URL with cacheable content, Edge Cache first determines if the content is available in its cache. If not, Edge Cache retrieves the content from the URL. Upon retrieving the content, it is stored in the cache with its expiry date as specified on the source website. This assumes that the content is cacheable and falls within the Edge Cache setting parameters, such as size of object and whether or not the URL is blacklisted. The next time a network user visits the same URL, Edge Cache determines that the content is available in the cache and that the content is not stale by looking at the object expiry date. The content is then served to the client from the cache, rather than retrieving from the URL over the WAN.

Edge Cache uses a least recently used (LRU) algorithm for expiring cached data to make room for new objects. This means the most popular and most used content is stored the longest. You also have the ability to manually clear the entire cache if desired.

Edge Cache operates as a transparent proxy since it is running on an inlineIn network terminology, an inline device receives packets and forwards them to their intended destination. Routers, firewalls and switches are examples of inline devices. The inline designation also alerts you the device is critical to network function. If the device goes down, network traffic is affected. device. As a result, your browsers do not need to be configured with an explicit proxy configuration.

Caching Encrypted Internet-based Content

VERSION INFO

As of version 7.0.2, Edge Cache can cache HTTPS content, as well as HTTP content.

When the network user visits an HTTPS URL, if HTTPS caching is not enabled, Edge Cache is unable to determine what is being requested because the traffic is encrypted, including the URL being requested. Even if it could cache the encrypted data, the next request for the same HTTPS URL would not contain the same cached data because the encryption pattern would be different. By enabling HTTPS caching, Edge Cache is able to act as a forward proxy, and retrieve the content from the server, decrypt it, and provide it to the client over an encrypted communication channel. Later requests can then be served from the cache.

To support this feature, you need to upload a trusted certificate to the appliance, which is then used by Edge Cache to sign all dynamically generated site certificates. All client devices must trust this certificate as a signing authority.

To cache encrypted web traffic, the client tries to communicate with the HTTPS web server. The Exinda appliance intercepts, keeping the communication open with the client. Then Edge Cache tries to establish a conversation with the server. Upon receiving the certificate details from the server, Edge Cache extracts the certificate details, constructs a new certificate and signs it using the signing certificate that was loaded and specified in the Edge Cache settings. Edge Cache then presents this new certificate to the client. The client trusts this certificate because the details match its HTTPS URL request as the client has previously been told to trust anything signed by this signing certificate (see below). The communication negotiation between the client and Edge Cache is now complete. The client then requests the specific web object from Edge Cache as if it were the server. Edge Cache then requests the web object from the server over its previously established trusted connection. The server provides the content to Edge Cache, which then stores the content, if applicable. The connection with the server can be closed. Edge Cache then serves the content to the client and the connection with the client can then be closed.

Sequence of operations for caching encrypted traffic using Edge Cache

When determining whether the content should be stored in the cache, Edge Cache evaluates whether it is the appropriate size and whether it is white- or black-listed. The whitelist and blacklist can consist of source IPInternet protocol, destination IP, source domain, and destination domain. Note that the domains are resolved using DNSDomain Name Server, so the resulting IP addresses are reverse mapped to determine the domain that is used to configure the Edge Cache engine.

The next time a client requests the same content, the same negotiation happens where the client requests a secure communication channel with the server, the Exinda appliance intercepts and forms a secure communication channel with the server, forges the certificate and establishes a secure communication channel with the client (on behalf of the server). The client then requests the specific web content. Edge Cache determines that the requested content is available in cache and serves it to the client. Edge Cache then closes the communication channels with both the server and the client.

Sequence of operations for use of previously cached objects from encrypted sites using Edge Cache

Licensing

The Edge Cache Acceleration feature is a separately licensed component. To see if you are licensed for Edge Cache, go to Configuration > System > Setup > License. You are licensed for Edge Cache, if Max Edge Cache Connections is listed and is greater than 0. For more information refer to Licensing information.

Please contact your local Exinda representative if you wish to enable this feature.

Overview - Configuration & Usage

To use Edge Cache,you'll need to ensure all the required configuration is set.

  • Configure the Edge Cache settings, including:
  • indicating what size of objects you want to cache
  • specifying how long you are willing to let Edge Cache wait for a response from the WAN when fetching objects
  • specifying the signing certificate and private key if you plan to cache content from HTTPS sites
  • specifying blacklisted sites to not cache, or specifying to only cache whitelisted sites (for HTTPS sites only)
  • clearing out the cache, if desired.

NOTE

Before version 7.0.2, Edge Cache requires you to restart the Edge Cache process after making any modifications to the Edge Cache configuration. With 7.0.2 and later, the Edge Cache process automatically restarts when needed.

For more information refer to Edge Cache Configuration.

Once Edge Cache is configured and started, you can monitor the caching performance.

Related topics

Edge Cache Configuration

Edge Cache Report