Applies To:

Show Versions Show Versions

Manual Chapter: Accelerating HTTPS Traffic with an Asymmetric WebAccelerator System
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Accelerating HTTPS traffic with an asymmetric WebAccelerator system

Operating asymmetrically, the WebAccelerator™ system caches objects from origin web servers and delivers them directly to clients. The WebAccelerator system handles both static content and dynamic content, by processing HTTPS responses, including objects referenced in the response, and then sending the included objects as a single object to the browser. This form of caching reduces server TCP and application processing, improves web page loading time, and reduces the need to regularly expand the number of web servers required to service an application.

About the Web Acceleration profile

When used by Local Traffic Manager™ without an associated WebAccelerator™ application, the Web Acceleration profile uses basic default acceleration.

When used with the WebAccelerator system, the Web Acceleration profile includes an ordered list of associated WebAccelerator applications, each of which defines the host names, IP addresses, and policy that is applied to a request that matches the specified host name or IP address.

A Web Acceleration profile with multiple WebAccelerator applications that target different host names can be handled by the same virtual server, or by multiple virtual servers, while simultaneously allowing each application to apply a different policy to matching traffic.

Benefits of the Web Acceleration profile

The Web Acceleration profile enables you to accelerate HTTP traffic, for example, by reducing the traffic load to back-end servers. This ability is useful if an object on a site is under high demand, if the site has a large quantity of static content, or if the objects on the site are compressed.

For high-demand objects, the Web Acceleration profile caches those objects for a site, which is especially beneficial during periods of high demand for specific content. With the Web Acceleration profile configured, the content server only needs to serve the content to the BIG-IP® system once per expiration period.

For static content, the Web Acceleration profile is also useful if a site consists of a large quantity of static content such as CSS, JavaScript, or images and logos.

For compressible data, the Web Acceleration profile can cache data for clients that can accept compressed data. You can use the Web Acceleration profile with the HTTP Compression profile to reduce the load of the BIG-IP system and the content servers.

Task summary for accelerating HTTPS traffic with an asymmetric WebAccelerator system

Perform these tasks to accelerate HTTPS traffic with an asymmetric WebAccelerator™ system.

Defining an NTP server

Network Time Protocol (NTP) synchronizes the clocks on a network by means of a defined NTP server.
  1. On the Main tab, click System > Configuration > Device > NTP. The NTP screen displays.
  2. Type an address for the NTP server in the Address field.
  3. Click Add.
  4. Click Update.
The NTP server is defined.

Creating an application profile for an asymmetric WebAccelerator system

An application profile provides the key information that the WebAccelerator™ system needs to appropriately handle requests to your site's web applications.
  1. On the Main tab, click WebAccelerator > Applications. The Applications List screen opens.
  2. Click Create.
  3. Name the application.
  4. In the Description field, type a description.
  5. In the Policy list, select a policy.
  6. In the Requested Host field, type each domain name (host name) that might appear in HTTP requests for your web application. The specified domain names are defined in the host map for the application profile.
  7. Click Save.
The application profile appears in the Application column on the Applications List screen.

Enabling the WebAccelerator system with the Web Acceleration profile

A WebAccelerator™ application must be available.
The Web Acceleration profile enables the WebAccelerator system by using WebAccelerator applications that run on a virtual server.
  1. On the Main tab, click Local Traffic > Profiles > Services > Web Acceleration. The Web Acceleration profile list screen opens.
  2. Click the name of a profile.
  3. Select the Custom check box. The fields in the Settings area become available for configuring.
  4. For the WA Applications setting, select an application in the Available field and click Enable. The WebAccelerator application is listed in the Enabled field.
  5. Click Update.
The WebAccelerator system is enabled through the WebAccelerator application in the Web Acceleration profile.

Requesting a certificate from a certificate authority

You can generate a certificate and copy it or submit it to a trusted certificate authority for signature.
  1. On the Main tab, click Local Traffic > SSL Certificate List . The SSL Certificate List screen opens.
  2. Click Create.
  3. Name the SSL certificate with a unique name.
  4. In the Issuer list, select Certificate Authority.
  5. In the Common Name field, type a name.
  6. Configure any additional Certificate Properties settings, as necessary.
  7. For Key Properties, in the Size list, select a size in bits.
  8. Click Finished.
  9. Do one of the following to download the request into a file on your system.
    • In the Request Text field, copy the certificate.
    • For Request File, click the button.
  10. Follow the instructions on the web site for either pasting the copied request or attaching the generated request file.
  11. Click Finished.
The generated certificate is submitted to a trusted certificate authority for signature.

Importing an SSL certificate signed by a certificate authority

An SSL certificate signed by a certificate authority is available.
You can install an SSL certificate that is signed by a certificate authority by importing the certificate file.
  1. On the Main tab, click Local Traffic > SSL Certificate List . The SSL Certificate List screen opens.
  2. Click Import.
  3. In the Import Type list, select Certificate.
  4. For the Certificate Name setting, do one of the following:
    • Select the Create New option, and type a unique name in the field.
    • Select the Overwrite Existing option, and select a certificate name in the list.
  5. For the Certificate Source setting, do one of the following:
    • Select the Upload File option, and browse to the location of the certificate file.
    • Select the Paste Text option, and paste the certificate text copied from another source.
  6. Click Import.
The SSL certificate that was signed by a certificate authority is installed.

Creating a pool to manage HTTPS traffic

You can a create pool (a logical set of devices, such as web servers, that you group together to receive and process HTTPS traffic) to efficiently distribute the load on your server resources.
  1. On the Main tab, click Local Traffic > Pools. The Pool List screen opens.
  2. Click Create. The New Pool screen opens.
  3. Type a unique name for the pool.
  4. Assign the https or https_443 health monitor from the Available list by moving it to the Active list.
  5. From the Load Balancing Method list, select how the system distributes traffic to members of this pool. The default is Round Robin.
  6. For the Priority Group Activation setting, select the way to handle priority groups:
    • Select Disabled to disable priority groups. The default is Disabled.
    • Select Less than, and type the minimum number of members in the Available Members field that must remain available in each priority group in order for traffic to remain confined to that group.
  7. Add each resource that you want to include in the pool using the New Members setting:
    1. Type an IP address in the Address field, or select a node address from the Node List.
    2. Type 443 in the Service Port field, or select HTTPS from the list.
    3. (Optional) Type a priority number in the Priority field.
    4. Click Add.
  8. Click Finished.
The HTTPS load balancing pool appears in the Pools list.

Creating a virtual server to manage HTTPS traffic

You can specify a virtual server to be either a host virtual server or a network virtual server to manage HTTPS traffic.
  1. On the Main tab, click Local Traffic > Virtual Servers. The Virtual Server List screen displays a list of existing virtual servers.
  2. Click the Create button. The New Virtual Server screen opens.
  3. Type a unique name for the virtual server.
  4. In the Destination setting, in the Address field, type the IP address you want to use for the virtual server. The IP address you type must be available and not in the loopback network.
  5. Type 443 in the Service Port field, or select HTTPS in the list.
  6. Select http in the HTTP Profile list.
  7. From the HTTP Compression Profile list, select one of the following profiles:
    • httpcompression.
    • wan-optimized-compression.
    • A customized profile.
  8. In the Web Acceleration Profile list, select one of the following profiles with an enabled WebAccelerator application:
    • optimized-acceleration.
    • optimized-caching.
    • webacceleration.
    • A customized profile.
  9. From the SSL Profile (Client) list, select clientssl.
  10. Optional: Select serverssl from the SSL Profile (Server) list.
    Note: This setting ensures that there is an SSL connection between the HTTP virtual server and the external HTTPS server.
  11. Click Finished.
The HTTPS virtual server appears in the Virtual Server List screen.

Verifying an application profile

Verifying an application profile requires a personal computer (PC) that can run a web browser.
You must verify that the WebAccelerator™ system is able to properly send data to and receive data from the origin web servers.
  1. On a PC, open the hosts file to edit.
  2. Add the host name that you used to access the web site application. The host name must point to the IP address for the virtual server that you configured.
    Note: On Microsoft® Windows® 2000 and Windows® XP machines, the hosts file is located at: C:\WINDOWS\system32\drivers\etc\hosts.
    For example, if you can access the web site at the www.siterequest.com domain, and the virtual server is at IP address 11.1.11.3, add the following line to the hosts file on the machine running the browser: 11.1.11.3 www.siterequest.com All network traffic from the web browser machine for the web site application subsequently goes to the virtual server.
  3. Request a page from the web site application. For example, if you configured www.siterequest.com, request a page from www.siterequest.com. The page appears directly from the origin web servers.
    Note:
    • If the browser times out the request, then the WebAccelerator system is not running, or the firewall is blocking access to port 80 on the WebAccelerator system.
    • If you receive an Access denied by intermediary error:
      • Verify that the hosts file is correct.
      • Verify that the host map for the application profile is correct.
      • Verify that you used a domain in the request that matches a requested host in the host map, and that it maps to the destination host.
  4. Remove any entries that you changed or added, once you verify the application profile and the host mapping.
The WebAccelerator system is verified to properly send data to and receive data from the origin web servers

Implementation results

The WebAccelerator™ system is configured asymmetrically to accelerate HTTPS traffic.

Web Acceleration profile settings

This table describes the Web Acceleration profile configuration settings and default values.

Setting Value Description
Name No default Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
Parent Profile Selected predefined or user-defined profile Specifies the selected predefined or user-defined profile.
Cache Size 100

Without a provisioned WebAccelerator™ system, this setting specifies the maximum size in megabytes (MB) reserved for the cache. When the cache reaches the maximum size, the system starts removing the oldest entries.

With a provisioned WebAccelerator system, this setting defines the minimum reserved cache size. The maximum size of the minimum reserved cache is 64 GB (with provisioned cache availability). An allocation of 15 GB is practical for most implementations. The total available cache includes the minimum reserved cache and a dynamic cache, used as necessary when the minimum reserved cache is exceeded, for a total cache availability of 256 GB.

Maximum Entries 10000 Specifies the maximum number of entries that can be in the cache.
Maximum Age 3600 Specifies how long in seconds that the system considers the cached content to be valid.
Minimum Object Size 500 Specifies the smallest object in bytes that the system considers eligible for caching.
Maximum Object Size 50000 Specifies the largest object in bytes that the system considers eligible for caching.
URI Caching Not Configured Specifies whether the system retains or excludes certain Uniform Resource Identifiers (URIs) in the cache. The process forces the system either to cache URIs that typically are ineligible for caching, or to not cache URIs that typically are eligible for caching.
URI List No default value Specifies the URIs that the system either includes in or excludes from caching.
  • Pin List. Lists the URIs for responses that you want the system to store indefinitely in the cache.
  • Include List. Lists the URIs that are typically ineligible for caching, but the system caches them. When you add URIs to the Include List, the system caches the GET methods and other methods, including non-HTTP methods.
  • Exclude List. Lists the URIs that are typically eligible for caching, but the system does not cache them.
  • Include Override List. Lists URIs to cache, though typically, they would not be cached due to defined constraints, for example, the Maximum Object Size setting. The default value is none. URIs in the Include Override List list are cacheable even if they are not specified in the Include List.
Ignore Headers All Specifies how the system processes client-side Cache-Control headers when caching is enabled.
  • None. Specifies that the system honors all Cache-Control headers.
  • Cache-Control:max-age. Specifies that the system disregards a Cache-Control:max-age request header that has a value of max-age=0.
  • All. Specifies that the system disregards all Cache-Control headers.
Insert Age Header Enabled Specifies, when enabled, that the system inserts Date and Age headers in the cached entry. The Date header contains the current date and time on the BIG-IP® system. The Age header contains the length of time that the content has been in the cache.
Aging Rate 9 Specifies how quickly the system ages a cache entry. The aging rate ranges from 0 (slowest aging) to 10 (fastest aging).
Maximum Entries 10000 Specifies the maximum number of entries that can be in the cache.
Maximum Age 3600 Specifies how long in seconds that the system considers the cached content to be valid.
Minimum Object Size 500 Specifies the smallest object in bytes that the system considers eligible for caching.
Maximum Object Size 50000 Specifies the largest object in bytes that the system considers eligible for caching.
URI Caching Not Configured Specifies whether the system retains or excludes certain Uniform Resource Identifiers (URIs) in the cache. The process forces the system either to cache URIs that typically are ineligible for caching, or to not cache URIs that typically are eligible for caching.
URI List No default value Specifies the URIs that the system either includes in or excludes from caching.
  • Pin List. Lists the URIs for responses that you want the system to store indefinitely in the cache.
  • Include List. Lists the URIs that are typically ineligible for caching, but the system caches them. When you add URIs to the Include List, the system caches the GET methods and other methods, including non-HTTP methods.
  • Exclude List. Lists the URIs that are typically eligible for caching, but the system does not cache them.
  • Include Override List. Lists URIs to cache, though typically, they would not be cached due to defined constraints, for example, the Maximum Object Size setting. The default value is none. URIs in the Include Override List list are cacheable even if they are not specified in the Include List.
Ignore Headers All Specifies how the system processes client-side Cache-Control headers when caching is enabled.
  • None. Specifies that the system honors all Cache-Control headers.
  • Cache-Control:max-age. Specifies that the system disregards a Cache-Control:max-age request header that has a value of max-age=0.
  • All. Specifies that the system disregards all Cache-Control headers.
Insert Age Header Enabled Specifies, when enabled, that the system inserts Date and Age headers in the cached entry. The Date header contains the current date and time on the BIG-IP® system. The Age header contains the length of time that the content has been in the cache.
Aging Rate 9 Specifies how quickly the system ages a cache entry. The aging rate ranges from 0 (slowest aging) to 10 (fastest aging).
WA Applications No default Lists enabled WebAccelerator applications in the Enabled field and available applications in the Available field.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)