WEBVTT

1
00:00:00.330 --> 00:00:01.350
In this lesson,

2
00:00:01.350 --> 00:00:04.320
we will learn about network traffic management.

3
00:00:04.320 --> 00:00:08.130
Network traffic management involves the control, direction,

4
00:00:08.130 --> 00:00:11.670
and optimization of data flow across a network.

5
00:00:11.670 --> 00:00:13.560
Network traffic management tools

6
00:00:13.560 --> 00:00:16.020
include forward and reverse proxies

7
00:00:16.020 --> 00:00:19.710
as well as content delivery networks, or CDNs.

8
00:00:19.710 --> 00:00:21.630
Let's dive deeper into proxies

9
00:00:21.630 --> 00:00:23.970
and content delivery networks.

10
00:00:23.970 --> 00:00:28.020
We'll begin by discussing different types of proxy servers.

11
00:00:28.020 --> 00:00:31.110
Proxy servers are devices that create a connection

12
00:00:31.110 --> 00:00:33.540
between an end user's client machine

13
00:00:33.540 --> 00:00:36.720
and a remote resource, such as a web server.

14
00:00:36.720 --> 00:00:40.620
Proxies can be either physical, hardware-based appliances

15
00:00:40.620 --> 00:00:43.320
or software installed on a server

16
00:00:43.320 --> 00:00:45.030
within your infrastructure.

17
00:00:45.030 --> 00:00:49.110
Either way, proxy servers offer several key benefits,

18
00:00:49.110 --> 00:00:53.160
including improved speed, efficiency, security,

19
00:00:53.160 --> 00:00:55.710
and enhanced auditing capabilities.

20
00:00:55.710 --> 00:00:57.990
Speed and efficiency are enhanced

21
00:00:57.990 --> 00:01:00.360
through a process called Web caching.

22
00:01:00.360 --> 00:01:03.570
When a user requests a website through the proxy,

23
00:01:03.570 --> 00:01:06.630
the proxy retrieves the site from the web server

24
00:01:06.630 --> 00:01:08.760
and delivers it to the user.

25
00:01:08.760 --> 00:01:13.350
Simultaneously, the proxy stores a local copy of the website

26
00:01:13.350 --> 00:01:14.670
in its cache.

27
00:01:14.670 --> 00:01:17.640
The next time someone requests the same site,

28
00:01:17.640 --> 00:01:20.160
instead of retrieving it from the web server

29
00:01:20.160 --> 00:01:23.040
over a slow wide area network link,

30
00:01:23.040 --> 00:01:25.140
the proxy sends the cached version,

31
00:01:25.140 --> 00:01:27.690
saving both time and bandwidth.

32
00:01:27.690 --> 00:01:31.320
This works particularly well for static websites.

33
00:01:31.320 --> 00:01:33.960
However, this technique is less effective

34
00:01:33.960 --> 00:01:36.450
for modern Web 2.0 websites,

35
00:01:36.450 --> 00:01:38.940
like Facebook, Twitter, or Reddit,

36
00:01:38.940 --> 00:01:42.180
which rely heavily on user-generated content.

37
00:01:42.180 --> 00:01:45.900
Since each user receives a personalized experience,

38
00:01:45.900 --> 00:01:49.860
caching is far less efficient for these dynamic sites.

39
00:01:49.860 --> 00:01:51.150
Beyond caching.

40
00:01:51.150 --> 00:01:53.850
Another key benefit of a proxy server

41
00:01:53.850 --> 00:01:57.180
is increased security through content filtering.

42
00:01:57.180 --> 00:01:59.610
This is achieved by configuring the proxy

43
00:01:59.610 --> 00:02:03.240
with a list of acceptable and non-acceptable sites,

44
00:02:03.240 --> 00:02:05.760
allowing it to block access to sites

45
00:02:05.760 --> 00:02:08.490
deemed inappropriate or harmful.

46
00:02:08.490 --> 00:02:12.540
For instance, if an employee attempts to visit a website

47
00:02:12.540 --> 00:02:16.110
containing pornography or gambling while at work,

48
00:02:16.110 --> 00:02:19.470
the proxy can be configured to deny access.

49
00:02:19.470 --> 00:02:23.520
Similarly, it can block websites known to host malware

50
00:02:23.520 --> 00:02:25.290
or other harmful content,

51
00:02:25.290 --> 00:02:27.450
helping to protect the corporate network

52
00:02:27.450 --> 00:02:29.160
from security threats.

53
00:02:29.160 --> 00:02:31.560
A final benefit to proxy servers

54
00:02:31.560 --> 00:02:34.920
is that they provide valuable auditing capabilities

55
00:02:34.920 --> 00:02:37.620
as they can log every user request

56
00:02:37.620 --> 00:02:40.470
made to access the wide area network.

57
00:02:40.470 --> 00:02:42.930
These logs can be used to track attempts

58
00:02:42.930 --> 00:02:44.940
to access restricted sites,

59
00:02:44.940 --> 00:02:48.600
such as gambling or pornography, as mentioned earlier.

60
00:02:48.600 --> 00:02:51.180
Additionally, they allow for monitoring

61
00:02:51.180 --> 00:02:55.560
how much time employees spend on particular websites.

62
00:02:55.560 --> 00:02:59.100
For instance, if a manager suspects an employee

63
00:02:59.100 --> 00:03:02.310
is spending an excessive time on social media

64
00:03:02.310 --> 00:03:03.870
instead of working,

65
00:03:03.870 --> 00:03:07.170
they can request a report from the system administrators,

66
00:03:07.170 --> 00:03:09.480
who can query the proxy server logs

67
00:03:09.480 --> 00:03:13.290
to determine the exact time spent on each site,

68
00:03:13.290 --> 00:03:17.250
provided this is in line with the organization's policies.

69
00:03:17.250 --> 00:03:20.520
Now, everything I've discussed so far

70
00:03:20.520 --> 00:03:23.130
refers to a specific type of proxy

71
00:03:23.130 --> 00:03:26.490
known as a forward or transparent proxy.

72
00:03:26.490 --> 00:03:29.280
This type of proxy is typically positioned

73
00:03:29.280 --> 00:03:31.530
at the edge of a corporate network,

74
00:03:31.530 --> 00:03:35.310
and it is responsible for regulating outbound traffic

75
00:03:35.310 --> 00:03:38.280
according to your acceptable use policies.

76
00:03:38.280 --> 00:03:41.850
Often, it also hides the client's IP address

77
00:03:41.850 --> 00:03:44.640
and blocks any malicious incoming traffic

78
00:03:44.640 --> 00:03:46.560
that may be sent in response

79
00:03:46.560 --> 00:03:49.560
to the client's request to a remote server.

80
00:03:49.560 --> 00:03:54.560
But there is another type of proxy known as a reverse proxy.

81
00:03:54.600 --> 00:03:56.430
Unlike a forward proxy,

82
00:03:56.430 --> 00:03:59.250
a reverse proxy acts as an intermediary

83
00:03:59.250 --> 00:04:02.190
positioned at the edge of your corporate network,

84
00:04:02.190 --> 00:04:05.760
functioning as the endpoint for external users.

85
00:04:05.760 --> 00:04:08.280
Essentially, it serves as a gateway

86
00:04:08.280 --> 00:04:12.660
between your users and your application's origin server.

87
00:04:12.660 --> 00:04:15.900
For instance, if I'm hosting a web application

88
00:04:15.900 --> 00:04:17.760
on one of my servers,

89
00:04:17.760 --> 00:04:21.000
I can set up a reverse proxy to act as a middleman

90
00:04:21.000 --> 00:04:24.120
between remote users and my application.

91
00:04:24.120 --> 00:04:26.190
This allows the reverse proxy

92
00:04:26.190 --> 00:04:28.290
to receive connection requests,

93
00:04:28.290 --> 00:04:31.170
complete the TCP three-way handshake,

94
00:04:31.170 --> 00:04:34.140
and then connect the application's origin server

95
00:04:34.140 --> 00:04:36.120
to the end user.

96
00:04:36.120 --> 00:04:39.270
So, why would you want to use a reverse proxy?

97
00:04:39.270 --> 00:04:41.970
Well, it offers four main benefits,

98
00:04:41.970 --> 00:04:44.730
content caching, traffic scrubbing,

99
00:04:44.730 --> 00:04:47.340
IP masking, and load balancing.

100
00:04:47.340 --> 00:04:51.240
First, reverse proxies are useful for content caching.

101
00:04:51.240 --> 00:04:53.400
By deploying a reverse proxy

102
00:04:53.400 --> 00:04:55.770
in various locations around the world,

103
00:04:55.770 --> 00:05:00.210
they can act as part of a content delivery network, or CDN.

104
00:05:00.210 --> 00:05:04.470
For example, if my main web server hosting my website

105
00:05:04.470 --> 00:05:06.000
is in Miami, Florida,

106
00:05:06.000 --> 00:05:08.610
I could place reverse proxies in Japan,

107
00:05:08.610 --> 00:05:11.610
Germany, New York, and San Francisco.

108
00:05:11.610 --> 00:05:15.660
These proxies would each store a cached copy of my website,

109
00:05:15.660 --> 00:05:19.230
and any time I update the content in Miami,

110
00:05:19.230 --> 00:05:21.060
the changes would be compressed

111
00:05:21.060 --> 00:05:23.970
and cached across all these locations.

112
00:05:23.970 --> 00:05:28.290
This way, if a student in India requests my homepage,

113
00:05:28.290 --> 00:05:31.800
they would receive it from the closest and fastest proxy,

114
00:05:31.800 --> 00:05:33.510
such as the one in Japan,

115
00:05:33.510 --> 00:05:37.320
reducing load times and enhancing the user experience.

116
00:05:37.320 --> 00:05:40.590
As far as content delivery networks are concerned,

117
00:05:40.590 --> 00:05:43.770
a reverse proxy is part of the solution,

118
00:05:43.770 --> 00:05:46.170
but it doesn't fully address the challenge

119
00:05:46.170 --> 00:05:49.590
of delivering content quickly on a global scale.

120
00:05:49.590 --> 00:05:51.600
More on this in a few minutes.

121
00:05:51.600 --> 00:05:55.440
Second, reverse proxies can handle traffic scrubbing.

122
00:05:55.440 --> 00:05:59.130
Placing them in front of a backend web application server

123
00:05:59.130 --> 00:06:01.890
allows them to inspect and filter traffic

124
00:06:01.890 --> 00:06:04.020
before it reaches the servers.

125
00:06:04.020 --> 00:06:07.920
This helps mitigate distributed denial-of-service attacks

126
00:06:07.920 --> 00:06:10.440
since the proxies absorb the attack,

127
00:06:10.440 --> 00:06:12.840
keeping the backend servers safe.

128
00:06:12.840 --> 00:06:15.420
Reverse proxies also enhance security

129
00:06:15.420 --> 00:06:17.970
by filtering out malicious traffic

130
00:06:17.970 --> 00:06:21.330
when paired with a web application firewall.

131
00:06:21.330 --> 00:06:25.230
Third, reverse proxies provide IP masking.

132
00:06:25.230 --> 00:06:28.830
Just like a forward proxy hides the client's IP address,

133
00:06:28.830 --> 00:06:31.500
a reverse proxy hides the IP address

134
00:06:31.500 --> 00:06:33.510
of the application servers.

135
00:06:33.510 --> 00:06:37.320
This means clients only communicate with the proxy,

136
00:06:37.320 --> 00:06:40.260
keeping the server's IP addresses hidden.

137
00:06:40.260 --> 00:06:44.190
Fourth, reverse proxies can be used for load balancing.

138
00:06:44.190 --> 00:06:48.240
As gateways between users and web application servers,

139
00:06:48.240 --> 00:06:51.600
reverse proxies can distribute individual requests

140
00:06:51.600 --> 00:06:53.640
to any available server.

141
00:06:53.640 --> 00:06:55.260
This helps distribute the load

142
00:06:55.260 --> 00:06:57.570
across multiple backend servers,

143
00:06:57.570 --> 00:07:00.780
ensuring better performance and quality of service

144
00:07:00.780 --> 00:07:02.250
for end users.

145
00:07:02.250 --> 00:07:05.580
So, while both forward and reverse proxies

146
00:07:05.580 --> 00:07:08.280
offer valuable features like caching,

147
00:07:08.280 --> 00:07:11.280
traffic filtering, and security improvements,

148
00:07:11.280 --> 00:07:13.530
they don't fully address the challenge

149
00:07:13.530 --> 00:07:16.350
of delivering content quickly and efficiently

150
00:07:16.350 --> 00:07:18.390
to users across the globe.

151
00:07:18.390 --> 00:07:22.410
This is where content delivery networks, or CDNs,

152
00:07:22.410 --> 00:07:23.700
come into play.

153
00:07:23.700 --> 00:07:26.460
CDNs are designed to ensure that content

154
00:07:26.460 --> 00:07:29.970
such as website data, videos, or files

155
00:07:29.970 --> 00:07:33.210
is available to users as quickly as possible

156
00:07:33.210 --> 00:07:35.490
by distributing copies of the content

157
00:07:35.490 --> 00:07:39.960
to multiple servers located in different geographic regions.

158
00:07:39.960 --> 00:07:42.150
When a user requests content,

159
00:07:42.150 --> 00:07:45.990
the CDN delivers it from the server closest to them,

160
00:07:45.990 --> 00:07:50.940
reducing latency and improving the overall user experience.

161
00:07:50.940 --> 00:07:54.000
CDNs offer global scalability

162
00:07:54.000 --> 00:07:55.920
and are specifically optimized

163
00:07:55.920 --> 00:07:58.500
for handling large volumes of traffic.

164
00:07:58.500 --> 00:08:00.720
They can automatically route traffic

165
00:08:00.720 --> 00:08:02.940
to the most efficient server

166
00:08:02.940 --> 00:08:06.600
based on factors like location and network conditions,

167
00:08:06.600 --> 00:08:10.770
while also providing dynamic content acceleration

168
00:08:10.770 --> 00:08:14.340
and built-in distributed denial-of-service protection.

169
00:08:14.340 --> 00:08:18.840
This makes CDNs effective at delivering content seamlessly

170
00:08:18.840 --> 00:08:22.380
across large, geographically dispersed networks.

171
00:08:22.380 --> 00:08:26.310
So, remember, when you're thinking about proxies,

172
00:08:26.310 --> 00:08:28.440
there are two basic types,

173
00:08:28.440 --> 00:08:33.120
forward or transparent proxies, and reverse proxies.

174
00:08:33.120 --> 00:08:34.920
Forward proxies are focused

175
00:08:34.920 --> 00:08:37.650
on filtering and managing information

176
00:08:37.650 --> 00:08:39.420
that is leaving our networks,

177
00:08:39.420 --> 00:08:42.360
helping out with things like content filtering,

178
00:08:42.360 --> 00:08:45.510
security, and user activity monitoring.

179
00:08:45.510 --> 00:08:49.950
Reverse proxies filter information coming into our networks,

180
00:08:49.950 --> 00:08:53.970
serving as intermediaries between external users

181
00:08:53.970 --> 00:08:56.670
and our internal application servers.

182
00:08:56.670 --> 00:08:59.820
And they provide benefits like load balancing,

183
00:08:59.820 --> 00:09:02.550
content caching, and security.

184
00:09:02.550 --> 00:09:06.240
Finally, content delivery networks distribute content

185
00:09:06.240 --> 00:09:09.810
across multiple servers distributed globally,

186
00:09:09.810 --> 00:09:13.710
allowing users to access data from the nearest server.

187
00:09:13.710 --> 00:09:17.520
This ensures faster load times, reduced latency,

188
00:09:17.520 --> 00:09:20.850
and an overall better user experience.

189
00:09:20.850 --> 00:09:25.260
Content delivery networks also provide content acceleration,

190
00:09:25.260 --> 00:09:29.250
optimizing the delivery of dynamic and static content

191
00:09:29.250 --> 00:09:32.550
by routing traffic through the most efficient paths.

192
00:09:32.550 --> 00:09:35.520
By doing so, they reduce congestion

193
00:09:35.520 --> 00:09:38.700
and improve the speed at which content is delivered,

194
00:09:38.700 --> 00:09:41.613
even during periods of high traffic.