Cisco policy routing can use source IP address for deciding to pass traffic to the cache engine. The cache engine, normaly can be configured to exempt destination. I believe that this fixes both issues. Expecting the customer to be able to have a clue to go to a www page is a bit much, tho. Some customers have setup IP based authentication on their NT server, but can't figure out how to configure SLL which wouldn't be cached, and would be more secure. The burden of making this work is on the cache operator. Also it turns out that the sites with the most problems with the cache are the ones paying the least money for service. Its hard to feel very sorry for a $20/month dialup customer, who is connecting to his coporate site with a broken NT server. If customers are using proxy's that break, its easy enough for them to speak ICP, and still get the same operational conditions, as far as the ISP side is concerned. As far as the asmetric routing issue, the traffic INSIDE the ISP isn't asmetric, and shouldn't need to be cached. I don't really see the problem here. (But it could be me.) In message <Pine.A41.3.96-heb-2.07.980627214536.55182A-100000@max.ibm.net.il>, Hank Nussbacher writes:
On Fri, 26 Jun 1998, Paul Gauthier wrote: From what I have seen, the Alteon/Inktomi/Netcache/Cisco solutions do *not* allow for an unlimited bypass list - both based on destination or source IP address. When that happens, the ISP, Digex in this case, can have a simple authenticated web page where a customer can add their CIDR block to a bypass list in the transparent proxy. Till then, all the bashing will continue.
Add to the things that will break - simplex or asymetrric routing. More and more customers are ordering simplex satellite lines. Imagine a European company that buys a 512kb line from an ISP but also buys a T1 simplex satellite line to augment b/w. The http request goes out with the sat-link CIDR block as source. The request hits the transparent proxy for a USA based page. The proxy retrieves the page from the USA, using its expensive transAtlantic link. Page hits the proxy. Now the transparent proxy needs to deliver the page. But the requestors IP address is located at some satellite provider in the USA (previously discussed here), so the transparent proxy routes the page back across the Atlantic for delivery via the satellite simplex line.
Same problems happen with assymetric routing. I blv Vern has a study that shows that 60% of all routes on the Internet are assymetric.
Bottom line: w/o bypass based on source or destination, the bashing will continue.
--- Jeremy Porter, Freeside Communications, Inc. jerry@fc.net PO BOX 80315 Austin, Tx 78708 | 512-458-9810 http://www.fc.net