NETWORK INFRASTRUCTURE -- CACHE AND CARRY -- Network Appliance's NetCache might be the best tool for improving end-user response time and decreasing WAN bandwidth
Oct. 06, 2000 (InternetWeek - CMP via COMTEX) -- Why download the same data over and over again from the Internet, consuming expensive bandwidth? Why tie up your Web server sending the same static content over and over again? Internet caching software has long been used to act as a temporary store for static content such as HTML pages and their graphics. When you consider that even an old server, using a slow processor and a small hard disk, has much higher throughput than a T1 line, it's hard to find compelling reasons for not using Internet caching.
Caches traditionally take the form of a specialized application running on a server. The most familiar is a Linux/Unix application called squid (www.squid-cache.
org), but caches are also available on other operating systems such as NetWare and Windows. When executed on a server that's also acting as a proxy server or firewall server where Internet traffic is already flowing through the server anyway, adding caching functions to that server makes a lot of sense.
But what about situations where there isn't a general-purpose server acting as a proxy or firewall because those functions are embedded in dedicated appliances? Or when enterprises want advanced features, such as the ability to cache streaming multimedia? Or when it's desirable to set up a cache for external use-that is, as a load-reducing front end to a business's Web servers? In those cases, a dedicated cache appliance, like Network Appliance Inc.'s NetCache C1100, is a very good solution.
Thin Cache
The NetCache C1100 is a 1-U (1.75-inch) high, rack-mountable server appliance based on an Intel Celeron processor. It runs a microkernel operating system and applications developed by Network Appliance. Cache data is stored on an internal 9 GB hard drive; the appliance communicates with the outside world via two 10/100 Ethernet ports and a serial port for accessing its console. Other than that, plus a power switch, a floppy drive and a few LEDs, there's not much to look at. Inside the box, there's not much to see either, save 256 MB of 100MHz PC100 RAM, an Intel Celeron processor and a 9-GB Ultra2 SCSI 2 hard drive. (Interestingly, there are still two SIMM sockets empty, along with room for a second hard drive.)
For our testing, we devised two scenarios for the NetCache. We first set it up inside our firewall to use it as an HTTP cache for use by browsers on our LAN. We then set it up to cache outgoing traffic on the Web server and our end-user traffic.
Initial configuration of the NetCache is through a serial-port console. Once the appliance has been given its first IP address, it can be managed either via Telnet or by using a Web-based interface. For the first test, we had connected only one of NetCache's ports to our Fast Ethernet LAN, so the console-based utility was used to assign a static IP address to that port, eth0, and to configure its network characteristics. A simple text-based "wizard" interface walked us through the initial configuration.
It's interesting to note that most other appliances come with Windows-based utilities, designed to be executed on a workstation connected to the LAN, which "discover" the appliances and configure their network parameters. Although the serial-port access is less convenient-because sometimes it might be difficult to get physical access to the NetCache and then snake a serial cable down to a laptop for the initial network configuration-in the end it's equally effective.
Once live on the network, we browsed to NetCache's console using Netscape 4.08 on a Windows 98 notebook, Internet Explorer 5.0 on a Windows 2000 Professional workstation and IE 4.5 on our iMac running MacOS 8.6. Because it is a straightforward HTML-based interface, it worked fine on all three platforms. We were very pleased with the Web interface; it was simpler than the interface included with other Network Appliance products we've evaluated, including their Filers, and it provided copious context-sensitive, online help and full online documentation in HTML format.
From the management perspective, NetCache can be monitored via SNMP. During a separate product evaluation of Neon Software Inc.'s CyberGauge 3.0, we were able to monitor the throughput of NetCache's Ethernet interfaces remotely using SNMP, as well as to include thoroughput information on network-health reports from Concord Communications Inc.'s eHealth suite. Network Appliance also provides a snap-in to Hewlett-Packard's OpenView management suite, which we did not use for this review.
Multifaceted Caching
We spent most of our effort evaluating NetCache as a tool for improving end-user response time and for reducing bandwidth utilization. In that role, NetCache is ideal. We initially configured it on the LAN using just one of its Ethernet ports. We assigned it an IP address; told it where to find our firewall; and instructed some of our workstations to use it as their HTTP, FTP and NNTP proxy.
In some cases, as on our network, there are several Web servers running on TCP ports other than 80, so we configured NetCache to handle those as well.
We immediately noticed improved Web performance on the LAN and could see the server's effectiveness when downloading complex pages with many graphics or ads: The server's ability to "pre-fetch" multiple HTTP objects simultaneously, and then serve them to the client browser at Ethernet speeds, made a visible difference. This was very apparent when comparing identical page loads made from a workstation using NetCache with simultaneous page loads from a workstation connected directly to the firewall. Subsequent page loads were even faster.
The downside is that all users had to be manually configured to use the NetCache appliance on our non-DHCP network, which would require a lot of end-user support work on a large network. In a production network, such a policy could be enforced by configuring the firewall to only pass traffic originating at the cache server; which would stop users from bypassing the cache, which they might do to avoid its content-filtering restrictions.
After several weeks, we moved NetCache to a new location: between our firewall appliance and our Internet connection. By placing the NetCache in that location, we were able to guarantee that all network traffic would filter through NetCache. By configuring it to only cache TCP port 80 traffic and let all other traffic pass through without inspection, we could improve Web access to all users without needing to reconfigure any browsers.
With the cache server acting as a funnel for incoming traffic, if NetCache ever did fail, all Internet access would be cut off until the device was bypassed by physically moving a few Ethernet cables.
There's also the risk that a hacker would be able to subvert NetCache, but the server has clear options for setting up access control lists and for authenticating authorized users. If we were using NetCache in this mode on a production network-being paranoid-we would probably sandwich it between two firewalls.
When we had NetCache set up between the firewall and the Internet connection, we also configured it to cache incoming HTTP requests and data going out from our publicly accessible Web server.
We could see the data flow in action as "hits" on some objects on our Web site such as logos and static pages that weren't incremented when we browsed to the site from an external IP address, but were incremented when we told our browser to "refresh"-a command that tells the NetCache not to fulfill the request from its cache. Network Appliance calls this feature Web Accelerator.
Overall, we were very pleased with NetCache's features and functions as a cache. The only criticism is that some pages pulled from external Web sites were cached when they shouldn't have been; one obvious example was financial information pulled from cnnfn.com.
Retrieving the latest data required a manual "refresh" of the browser to bring in the current information when the NetCache was in use, but not when the browser was connected directly to the firewall. It's likely that fiddling around more with NetCache's various administrative parameters would have solved this problem.
NetCache C1100 includes other features that we didn't evaluate for this review. It contains some content-filtering functions that block undesirable Web sites as extra-price options, requiring a paid subscription to Network Appliance's SmartFilter service. The cache also has special features to cache Microsoft Media Streaming Protocol (MMS), Real-Time Streaming Protocol (RTSP) and Apple QuickTime traffic, but those features also require extra-cost licenses.
No Peeking!
When we think about appliances, we think about toasters, microwave ovens, and vacuums: no user-serviceable parts inside.
The NetCache C1100's sheet-metal cabinet was designed with that same philosophy: There's nothing the customer can or should do to repair the hardware. In fact, small stickers cover the doors warning "Warranty void if seal is removed." So, although we peeked inside our borrowed review server, most customers really shouldn't. Trust us: There's nothing to see inside anyway.
One of the things you won't see, by the way, is hardware redundancy. There's only a single power supply, a single hard disk and a single processor, none of which are user-serviceable. This is a potential single point of failure for the NetCache.
The solution, Network Appliance says, is to set up redundant caches. NetCache can be installed as part of an existing cache hierarchy, or two NetCaches may work in tandem. But configuring such a cache hierarchy or cluster is complex and varies depending upon the topology and requirements of a network.
Takeover, a Network Appliance NetCache-specific clustering feature that we could not test because we only had a single appliance consists of two NetCache appliances that can be configured to failover for each other by specifying reciprocal IP addresses. Each cache listens for the other's heartbeat, and if a cache fails, the other takes over its IP address. Note that in order to use the Takeover feature, one of the two Ethernet interfaces on each cache must be dedicated to keeping the two caches in sync, thus providing the failover functionality.
Because NetCache does not employ redundant hardware, in the event of a single device crash, a network might well crash, as is the case for all proxy, cache, firewall and other similar devices that don't have a failover or redundancies built-in.
For a much higher price, the company does offer the C700 series of cache appliances, built on the same hardware platform as the F700 series network-attached file appliances, which include multiple hot-swap power supplies, Fibre Channel RAID disks and other high-availability enhancements.
Worth The Cache?
We didn't find out the NetCache C1100's cost until we were nearly through with the review-its price certainly isn't a bargain. A price of nearly $4,000 for a basic Celeron-based PC with a 9-GB hard disk and 256-MB RAM and $2,000 for the software puts the package up there with systems based on other general-purpose operating systems.
A similar Celeron-based PC running Linux and the free squid cache software, by comparison, might cost $1,000 to $1,500. And setting up a beefier server running Windows or NetWare, or one with redundant hardware, would be closer to NetCache's price. On the other hand, none of those solutions would offer the simplicity of the NetCache appliance.
For a small office that's looking to speed up response time and get more mileage out of a DSL connection, the Linux/squid approach might be fine-if there are Linux experts on hand to set it up.
For a larger location, NetCache can handle considerable bandwidth. It's highly configurable and manageable via its Web-based interface and SNM; it fits in 1U of rack space, and it has support for content filtering and multimedia caching. With all that figured in, the dedicated appliance approach offered by NetCache C1100 is the better value.
Alan Zeichick is principal analyst with Camden Associates and is a contributing editor to InternetWeek. He can be reached at zeichick@camdenassociates.com.
--- NetCache C1100 Network Appliance Santa Clara, CA (408) 367-3000 www.networkappliance.com/products/netcache/c1100_ds.html
Price: $5,950 ($3,950 for the hardware and $2,000 for the NetCache software license)
internetwk.com |
