Web caching
Web caching is a form of object caching that accelerates web applications and web servers by reducing bandwidth usage, server load, and perceived latency.
Web caching involves storing HTML pages, images, videos, servlet responses, and other web-based objects for later retrieval. These objects are stored in the web cache storage location defined by the config system storage
command. You can also go to System > Advanced to view the storage locations on the FortiProxy unit hard disks in the System Storage Setting section.
There are three significant advantages to using web caching to improve HTTP performance:
- Reduced bandwidth consumption because fewer requests and responses go over the WAN or Internet
- Reduced web server load because there are fewer requests for web servers to handle
- Reduced latency because responses for cached requests are available from a local FortiProxy unit instead of from across the WAN or Internet
When enabled in a web-caching policy, the FortiProxy unit caches HTTP traffic processed by that policy. A web-caching policy specifies the source and destination addresses and destination ports of the traffic to be cached.
Web caching caches compressed and uncompressed versions of the same file separately. If the HTTP considers the compressed and uncompressed versions of a file as the same object, only the compressed or uncompressed file will be cached.
You can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform. FortiProxy high-performance web-caching virtual appliances address bandwidth saturation, high latency, and poor performance caused by caching popular internet content locally for carriers, service providers, enterprises and educational networks.
The FortiProxy unit supports the following:
- KVM hypervisor
- VMware hypervisor
- Xen hypervisor
- Hyper-V hypervisor
Collaboration web caching
Collaboration web caching allows multiple FortiProxy units within one organization to share all cached objects.
Cache-sharing requests are broadcasted from one FortiProxy unit to one or more destination FortiProxy units to prevent loops. The first FortiProxy unit to respond to a cache-sharing request is accepted, and the rest of the responses are ignored. Cache data from a remote (destination) FortiProxy unit participating in collaboration web caching is not saved to the local (source) FortiProxy disk; instead the data is saved to the local memory cache.
NOTE: Sending and receiving cache-sharing requests can impact the performance of FortiProxy units that participate in collaboration web caching. The performance impact depends on how many cache-sharing requests are being handled.
Use the following commands to connect a source FortiProxy unit to a destination FortiProxy unit for collaboration web caching:
config wanopt cache-service
set collaboration enable
set device-id “fch-1”
config dst-peer
edit “peer-id”
set ip xxx.xxx.xxx.xxx
next
end
end
Use the following commands to identify all FortiProxy units participating in collaboration web caching:
config wanopt cache-service
set collaboration enable
set device-id “peer-id”
set acceptable-peers any
end
Use the following commands to allow a FortiProxy unit to accept cache-sharing requests:
config wanopt cache-service
set collaboration enable
set acceptable-peers any
end
For example, use the following commands to allow a destination FortiProxy unit to accept cache-sharing requests from a single source FortiProxy unit:
config wanopt cache-service
set collaboration enable
set acceptable-peers src-peer
set device-id “peer-id”
config src-peer
edit “fch-1”
set ip xxx.xxx.xxx.xxx
next
end
Web-caching topologies
FortiProxy web caching involves one or more FortiProxy units installed between users and web servers. The FortiProxy unit can operate in both Network Address Translator (NAT) and transparent modes. The FortiProxy unit intercepts HTTP requests for web objects accepted by web cache policies, requests the web objects from the web servers, caches the web objects, and returns the web objects to the users. When the FortiProxy unit intercepts subsequent requests for cached web pages, the FortiProxy unit contacts the destination web server just to check for changes.
Most commonly the topology uses a router to route HTTP and HTTPS traffic to be cached to one or more FortiProxy units. Traffic that should not be cached bypasses the FortiProxy units. This is a scalable topology that allows you to add more FortiProxy units if usage increases.
Web-caching topology with web traffic routed to FortiProxy units
You can also configure reverse proxy web caching. In this configuration, users on the Internet browse to a web server installed behind a FortiProxy unit. The FortiProxy unit intercepts the web traffic (HTTP and HTTPS) and caches pages from the web server. Reverse proxy web caching on the FortiProxy unit reduces the number of requests that the web server must handle, leaving it free to process new requests that it has not serviced before. Because all traffic is to be cached, the FortiProxy unit can be installed in transparent mode directly between the web server and the Internet.
Reverse proxy web-caching topology
The reverse proxy configuration can also include a router to route web traffic to a group of FortiProxy units operating in transparent mode. This solution for reverse proxy web caching is also scalable.
Reverse proxy web-caching topology with web traffic routed to FortiProxy unit
When web objects and video are cached on the FortiProxy hard disk, the FortiProxy unit returns traffic back to client using the cached object from cache storage. The clients do not connect directly to the server.
When web objects and video are not available in the FortiProxy hard disk, the FortiProxy unit forwards the request to original server. If the HTTP response indicates it is a object that can be cached, the object is forwarded to cache storage, and the HTTP request is served from cache storage. Any other HTTP request for the same object will be served from cache storage as well.
The FortiProxy unit forwards HTTP responses that cannot be cached from the server back to the client that originated the HTTP request.
All non-HTTP traffic and HTTP traffic that is not cached by FortiProxy will pass through the unit. HTTP traffic is not cached by the FortiProxy unit if a web cache policy has not been added for it.