Harold Jarvie wrote:
>
> all I can say is I don't like it
>
> and another one of my reasons for not going to Saturn is gone
> (Paradise run transparent proxies too)

they use a different method, but the intent is the same

> arrrrggggh
>
> will you "guarantee" the timeliness and authenticity of pages from your proxy.

check the settings below

> Can we view the cacheing parameters. some of the fields I might be interested in are listed below...

I'll answer what I can
 
> whats being cached? all port 80? index.html but not q3test.zip?

all port 80 requests are cached
 
> what about supposedly secure documents and authentcation procedures?

secure (https) is not touched as it uses a different port, authenticated content
is not cached
 
> will you guarantee that you will not at some time in the future use your proxy to censor web sites for political purposes. (Will telecom even know or care if someone else is using these machines for that purpose)

I personally couldn't make any guarantees as I don't set the policy - for
instance if NZ Law went the way of Australias filtering requirements, then it
would be out of ISP's hands - but there are ways for knowledgable users to work
around most problems of this type (see http://www.prairie-dog.net/ for more
information on the australian bill & workarounds)
 
> wiil you supply information collected by your proxy to your marketing department or law enforcement.

again this is something where a policy is set elsewhere - the current
requirement is that ISP's may only divulge such information if handed a search
warrant, which happens more often than you think.
 
> Don't you need my permision to gather information generated by me? after all the infomation I generate is information "about" me

I'm not actually gathering any information on any user - although the system
_has_ the capcability to do so, at the same time when that capability is
enabled, it can bring a rather grunty syslog server to its knees :)
 
> Your charges for all trafic will now match Saturns local rate (3.5cents not 35cents) seeing as how the majority of our suposedly international traffic is now local?

hardly, not my decision again. I am with everyone else on the charges, which are
set by Telecom, not _any_ of the ISP's
The cacheing system is not as efficient as you might think, with a hit rate (per
url) of around 50% when it has been in place for a while, the byte hit rate is
closer to 30%

>
> The age-multiplier command enables the Cache Engine to determine the age of an object by multiplying the length of time since the object's last-modified-date by the configured percentage. This establishes an approximate date of expiration from the cache.

currently 30% for text, 60% for binary

> The max-ttl command sets the upper limit on estimated expiration dates. If an object has an explicit expiration date, this takes precedence over the configurable TTL (time to live).

currently 3 days for text, 7 days for binary

> The serve-ims command responds to an If-Modified-Since request issued from a client browser by serving the object directly from the cache without revalidating with the origin server if the object is less then the configured percentage of its maximum age.

currently 50% for text, 80% for binary

> The cache-cookies command enables the Cache Engine to cache binary served with HTTP set-cookies headers and no explicit expiration information.

no

> The cache-authenticated command enables the Cache Engine to cache authenticated content. If enables, the Cache Engine will not serve authenticated objects without first revalidating the authentication header attached to the cached object.

I'm not caching authenticated content

> The cache reval-each-request command enables the Cache Engine to revalidate all objects requested from the cache (text only if only text (HTML pages) should be revalidated each time or none to disable this function).

currently no, but I'm still tuning

> The cache-miss revalidate command revalidates a cache-miss request forced by the client (shift-reload). The cache-miss retrieve command forces a new object retrieval.

retrieve

> The cluster command modifies the healing mode parameters. A cluster refers to a group of two or more caches within a single WCCP Version 2 environment. Healing mode describes the addition of a cache engine to an existing network, and the resulting "healing" time it takes to fill the cache with content. To disable healing mode, you must set the number of misses to 0.

not used, as requires IOS 12

> The proxy mode command enables the Cache Engine to operate in environments where the WCCP is not enabled, or where client browsers have previously been configured to use a legacy proxy server. You must configure the proxy incoming port to accept proxy style requests using the proxy incoming port command. To enable an outgoing (upstream) proxy server, use the proxy outgoing hostname port command (where hostname is the system name or IP address of the outgoing proxy server, and port is the port number designated by the outgoing (upstream) server to accept proxy requests.

not used - xtra already has proxy servers which have slightly better capability
than the current CE proxy

> The persistent-connections enable command enables persistent-connections on the Cache Engine. To configure the number of seconds the Cache Engine should wait for a connection response before it times out, use the connection time-out command. To set the number of seconds, the Cache Engine should allow an idle persistent connection to remain open, use the max-idle command.

on, initial timeout is 15 seconds, idle timeout is 1000 seconds

I have to say that most of the above are the system defaults, so If there is
tuning to be done, I'll do it

cheers

-- 
Brendan Black - Network Engineer/Gravity Enforcement Officer, Telecom IP & Data
email:	ratfink@xtra.co.nz (personal)	phone: +649 3587257 mobile: +6425 2752667
-export-a-crypto-system-sig -RSA-2-lines-PERL5
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message