Thanks for the fast feedback Philip, sounds like if I want to be a 1%er, I’ll have to do it inline, north of the MX then.
Some appliances claim that they can cope with the dynamics of modern CDN's, YouTube and such. Breaking up the ssl traffic with an intermittent device, could be solution then if i recall correct.

Cheers

Roble

 

 

Have a think about SSL - the whole point of it is to prevent a man in the middle attack - to make sure the end point you are really talking to is who they say they are.

 

Some systems that insert themselves into an SSL conversation do so by generating their own private CA certificate.  You then have to load this CA certificate onto every machine that passes through it.  Every machine that does not have it gets a security warning in their web browser or application.

 

Apart from that method, there is no other way of doing transparent inline SSL caching.

 

The next closet thing you could consider doing is setting up your own content node.  Cisco have a solution called "Akamai Connect" that runs on ISR routers.

https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/intelligent-wan-akamai/datash...

This only works when Akamai is used as the CDN.  It usually goes inside your network.  This allows you to have a private Akamai node.  When uses request content from an Akamai CDN the DNS that gets returned is your local private node.  This then retrieves the contents, caches it, and returns it to the user.

 

One bonus - it does allow the caching of Apple iOS updates ....

 

This wont help with You Tube or any other CDN.

 

You really need a lot of users for this to work well - who request similar content.  I could see it costing $US15k since it sounds like your deployment is on the smaller side of things.

 

 

I don't know where you are in the world, but have you considered getting a Satellite connection?  You'll probably be able to get something much faster and the pricing is not too bad these days.  If it was me I would rather spend the money on a satellite connection.

Hey Philip,

thanks for your feedback, it really is appreciated.
Regarding the SSL part I agree, that it is used for authenticating the validity of the source and making sure your privacy is protected.
The CDN part is new to me and of course the sizing is way out of what we need here.

The satellite connection part Is probably the best approach for bulk downloads. The latency surely is nothing I would prefer, but if I combine this with loadbalancing and assigning the traffic to different WAN connections, it might actually be the best solution.

If the satellite bandwith is accordingly cheaper than our 3Mbps WiMAX Access, this will be the way to go.

Cheers and thanks for the valuable input. 👏🏾✊🏾👍🏾

Roble

 

PS: My whereabouts are part of my introduction post. 

Update

A SAT Link is Budget wise a step from bad to worse, but the load balance to cheaper Medium approach in general, is still on my agenda.

Cheers

Roble