On Thu, 24 Jun 1999 09:59:57 -0400 (EDT), Patrick McManus wrote:
>In a previous episode Ian Cooper said...
>:: > In both cases it is
>:: >possible (I assume this is true for a WPAD-enabled browser?) to determine
>:: >the use of a proxy if one takes the trouble.
>::
>:: True, and it's also possible to detect the presence of a proxy with a
>:: traffic intercepting environment.
>::
>
>but the difference lies in if the client is able to do anything about
>it.. in the case of a proxy returning a 501 error for a method
>extension (say from WEBDAV or something still to come).. an
>autoconfigured browser would have some options: bypass the proxy
>entirely, use a different (but normally less preferred) proxy,
>etc.. while the one in the traffic intercepting environment is just
>plain stuck and is fully at the mercy of the algorithms in the transparent proxy.
Yes, you're right. I wasn't trying to combine both environments into
a single term - the intent was to try and start with an abstract term
("transparent proxy") which applied to both environments, and to then
define both environments more fully under their own terms.
>[someone that I've lost track of, not Ian, said]
>:: > In summary I'm not convinced
>:: >that auto-discovery introduces "transparency".
>::
>
>I'd concur strongly with that.
I still think it depends what part of the global system you are
considering, but can definitely understand that view.
[And also:]
>In a previous episode Ian Cooper said...
>::
>
>:: In my previous message I was trying to find out whether the general
>:: understanding of "transparent proxy" refers to a specific way in which
>:: traffic is intercepted (i.e. intercepting network element) or whether
>:: it is understood as a more general term. I'm still not sure exactly
>:: what the general opinion is...
>::
>
>It's always been pretty clear to me that popular usage of the term is
>as a device that becomes transparent at levels 3/4.. note that
>sometimes it's a combination of things that's considered a
>"transparent proxy".. for example a Cisco Redirector playing NAT-like
>games bundled with a normal copy of squid together make up a
>"transparent proxy".. while neither of them are that alone..
In a previous version of the draft, that was the definition of an
out-of-path transparent proxy, which still gave us the "transparent
proxy" to worry about.
>I've never really felt the term to be confused in general usage.. it
>is however in conflict with the definition of rfc 2616.
It is, perhaps, a pity that the term has this usage. If we need to
specifically discuss the function of the proxy that forms (part of) a
transparent proxy we have a problem - there's no term to reference
that specific box.
Of course, the aim of the taxonomy is to document current practice, so
I'm a bit stuck. For now, I've done my best to put in definitions
that fit what's been said on the list in the last few days:
2. Terminology
Where possible, existing definitions [5, 6] have been used in this
document. Additional terminology has been agreed upon and defined in
this document. All of the terminology used in this document is
considered to be standardized with respect to IETF WREC working group
RFCs.
In this document a number of terms are used to refer to the roles
played by participants in, and objects of, the HTTP communication.
The following definitions are used in the HTTP/1.1 specification [6] :
client
An application program that establishes connections for the
purpose of sending requests.
user agent
The client which initiates a request. These are often
browsers, editors, spiders (web-traversing robots), or
other end user tools.
server
An application program that accepts connections in order to
service requests by sending back responses. Any given
program may be capable of being both a client and a server;
our use of these terms refers only to the role being
performed by the program for a particular connection,
rather than to the program's capabilities in
general. Likewise, any server may act as an origin server,
proxy, gateway, or tunnel, switching behavior based on the
nature of each request.
origin server
The server on which a given resource resides or is to be
created.
[Ed note: This is subtly different from the definition given in
HTTP/1.1]
proxy
An intermediary system which acts as both a server and a
client for the purpose of making requests on behalf of
other clients. Requests are serviced internally or by
passing them on, with possible translation, to other
servers. A proxy MUST implement both the client and server
requirements of this specification. A "transparent proxy"
is a proxy that does not modify the request or response
beyond what is required for proxy authentication and
identification. A "non-transparent proxy" is a proxy that
modifies the request or response in order to provide some
added service to the user agent, such as group annotation
services, media type transformation, protocol reduction,
or anonymity filtering. Except where either transparent or
non-transparent behavior is explicitly stated, the HTTP
proxy requirements apply to both types of proxies.
[Ed note: This is also subtly different from HTTP/1.1]
tunnel
An intermediary system which is acting as a blind relay
between two connections. Once active, a tunnel is not
considered a party to the HTTP communication, though the
tunnel may have been initiated by an HTTP request. The
tunnel ceases to exist when both ends of the relayed
connections are closed.
cache
A program's local store of response messages and the
subsystem that controls its message storage, retrieval, and
deletion. A cache stores cacheable responses in order to
reduce the response time and network bandwidth consumption
on future, equivalent requests. Any client or server may
include a cache, though a cache cannot be used by a server
while it is acting as a tunnel.
[Ed note: The following has been edited from RFC2616 to reference
that document.]
cacheable
A response is cacheable if a cache is allowed to store a
copy of the response message for use in answering
subsequent requests. The rules for determining the
cacheability of HTTP responses are defined in section 13
of [6]. Even if a resource is cacheable, there may be
additional constraints on whether a cache can use the
cached copy for a particular request.
To these we add the following:
authoritative reference
the logical owner of data, possibly an origin server
content consumer
the user or system that makes requests of an origin server
(which may in turn be handled by a proxy).
caching proxy
A proxy with a cache, acting as server to clients, and
a client to servers
origin server accelerator
a reverse proxy with a cache, acting as server to clients,
and a client to servers.
network element
router or switch
browser
a special instance of a user agent that acts as a content
presentation device for content consumer
server cluster
a tightly coupled set of servers acting together to share
load
[Ed note: was proxy cluster - makes more sense to have a
generic term]
reverse proxy
An intermediary system which acts as both a server and a
client for the purpose of serving requests on behalf of
origin servers. Requests are serviced internally or by
passing them on to the origin server they are representing.
A reverse proxy must interpret and, if necessary, rewrite a
request message before forwarding it. Reverse proxies are
often used as server-side portals through network firewalls
and as helper applications for off loading requests from
origin servers.
The following definitions are added to describe caching device
topology:
user agent cache
the cache within the user agent program
local caching proxy
the caching proxy a user agent connects to
upper level caching proxy
seen from the content consumer's view, all caches
participating in the caching mesh that are not the user
agent's local caching proxy
central cache server
a centralized server to requests made by local and upper
level caching proxies, but which does not act as a proxy
cache cluster
a server cluster whose cache is shared between the
individual servers
diffused arrays
tightly coupled array of caching proxy servers, acting
logically as one service and partitioning the URL name
space across the array
[Ed note: looks like the above two terms should be merged
in some way.]
caching mesh
a loosely coupled set of co-operating proxy- or caching-
servers, or clusters, acting independently but sharing
cacheable content between themselves using inter-cache
communication protocols (see Section 7)
Moves to insert proxies into the network in a manner such at the
content consumer is unaware of their presence has created a set of
terms whose definitions may not be consistent with other uses. This
section references prior definitions but also gives their meaning in
the realm of Web caching.
traffic redirection
redirection of traffic from a user agent or network
element to a specific proxy, used to deploy Web-caching
without the need to manually reconfigure individual user
agents, or to force the use of a proxy where such use
would not otherwise occur
network traffic interception
the examination of network traffic within a network
element to determine whether it should be redirected
[Ed note: still needs some work - doesn't fully consider
an environment where the proxy is in a bridge]
transparent proxy (additional definition)
the term "transparent proxy" is defined in [6] (and quoted
above). However, in the realm of Web caching, this has
come to define a proxy which receives traffic as a result
of network traffic interception. The term typically
describes the use of a proxy and the additional systems
which performing network traffic interception. The use of
the proxy is transparent to the client.
proxy autodiscovery
this describes the discovery and configuration for use of
a proxy in an environment where the content consumer may
be unaware of the proxy's existence. The use of the proxy
is transparent to the content consumer, but not to the
client.
The following terms describe the roles of servers and caches in the
realm of caching and replication:
temporal domain, sparse working set cache
a subset of the content from one or more origin servers,
stored temporarily and collected from requests made by
content consumers
persistent domain
a collection of origin servers maintaining a persistent
data set from the authoritative reference
replica origin server
origin server storing a persistent replica of a data set
stored at the authoritative reference
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:26 MST