Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX 84 - Web Cache HTTPS

Neil_mack
Conversationalist
‎Mar 8 2019 6:14 AM
‎Mar 8 2019 6:14 AM

Meraki MX 84 - Web Cache HTTPS

Hi

 

Can anyone confirm if the MX84 can cache HTTPS as well as HTTP traffic considering most sites are HTTPS nowadays?

0 Kudos
Subscribe
8 Replies 8
NolanHerring
Kind of a big deal
‎Mar 8 2019 7:05 AM
‎Mar 8 2019 7:05 AM

Not sure, but I would say even if it could, I wouldn't do it.

Pretty sure the whole web cache option is one of those, "well...we CAN do it but its not really recommended cause it sucks and wasn't really built for doing that".
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Subscribe
Ben
A model citizen
‎Mar 8 2019 7:10 AM
‎Mar 8 2019 7:10 AM

Not sure why you would need/want web caching nowadays?
But to answer your question HTTP = Port 80 so this would not include HTTPS.

Subscribe
In response to Ben
jdsilva
Kind of a big deal
‎Mar 8 2019 7:21 AM
‎Mar 8 2019 7:21 AM

I'm with @NolanHerring and @Ben . I don't get why you would use this feature. Even the documentation for it is weird...

 

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping#Web_cach...

 

First it says "This option is not available on the MX60, MX60W, MX64, MX64W, MX65, MX65W, MX67, MX67W, MX67C, MX68, MX68W, MX68CW, Z1, Z3, or Z3C devices."

 

Then is says "This feature is recommended only for sites with limited bandwidth. Locations with over 20 Mbps bandwidth will likely not benefit from content caching."

 

In what universe would I have not the smallest MX connected to a <20Mbps service?

http://blog.brokennetwork.ca | @jdsilva
Subscribe
In response to jdsilva
Neil_mack
Conversationalist
‎Mar 8 2019 9:38 AM
‎Mar 8 2019 9:38 AM

I need it because it to be placed on marine vessels working on a 2mb VSAT connection not an office with a adsl or fibre connection.

0 Kudos
Subscribe
In response to Neil_mack
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 8 2019 3:17 PM
‎Mar 8 2019 3:17 PM

>I need it because it to be placed on marine vessels working on a 2mb VSAT connection not an office with a adsl or fibre connection.

 

Hi @Neil_mack.  I do agree with the others, however I have worked with shipping vessels before, and I appreciate there are unique challenges in these environments you just don't face on land.

 

While the MX84 caching feature would help, it's not going to give you the performance improvement you would like.  This is because (as you have correctly noted) most sites use https these days.

 

 

If it was me personally, I would deploy a Squid proxy server running on Ubuntu.  The entire solution is free and rock solid.  You can probably also run Squid on a Windows machine.  This is on the assumption that you have a virtual server infrastructure on your vessel (you could potentially run this on a Raspberry Pi ...).  I would also run a caching DNS server on this box as well.

http://www.squid-cache.org/

The biggest hassel with proxy servers is that you need to manually configure all your clients to use it.  You can use a more advanced WPAD configuration to automate this process - and this is what I usually do.

https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol

 

My thoughts are if you did deploy Squid you wont need a stop watch to see the difference, it will be very noticable after it has been used for a little bit (it needs to "warm" up and get a cache of frequently used content).

 

 

Another option I can give you to think about is if you already have Cisco ISR routers on board (such as ISR 4000's).  You can then buy a feature called Akamai Connect.  Akamai is a super larger content delivery network.  What "Akamai Connect" does is make your router a local cache node.  You can get an overview of this feature here:

https://www.cisco.com/c/en/us/solutions/enterprise-networks/intelligent-wan-akamai/index.html

Example customers of Akamai include Microsoft and Apple.

Subscribe
In response to PhilipDAth
Neil_mack
Conversationalist
‎Mar 9 2019 12:40 AM
‎Mar 9 2019 12:40 AM

Hi

 

Thanks for confirming it does not do https I will look at untangle device instead as that does do https as well as the other features defined by the cyber security manager that we need to look at .

 

Used squid before and although very good, but it is another device to manage in a small team when we are trying to simplify administration and network design for our vessels and rigs.

 

Thanks

Subscribe
In response to Ben
Neil_mack
Conversationalist
‎Mar 8 2019 9:38 AM
‎Mar 8 2019 9:38 AM

On marine vessels with 2mb vsat connections as that costs $16000 per month

0 Kudos
Subscribe
In response to Neil_mack
jdsilva
Kind of a big deal
‎Mar 8 2019 10:27 AM
‎Mar 8 2019 10:27 AM

@Neil_mack To answer your question, no it does not cache https. It can't as the MX doesn't do SSL decryption. 

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.