Overview ======== RFE 6209091 NL7C (Network Layer 7 Cache) proposes to complete the integration of NCA, LSARC/1998/373 Solaris Network Cache and Accelerator, into the kernel with a patch/micro release binding. Note, the integration of NCA into the kernel was started as part of the FireEngine project, PSARC/2002/433, with the implementation of NCA's protocol stack framework and IP/TCP design. NL7C completes the integration of NCA into the kernel by porting NCA's HTTP layer and object cache into the sockfs kernel module. NL7C maintains all of NCA's configuration, administration, and APIs such that the user will experience little change from previous releases with the stability level of the NCA interfaces remaining the same (Evolving). NL7C is targeted for an update of S10. NL7C's main benefit is the reduction of code as NL7C relies on the core protocol IP/TCP stack instead of a dedicated and duplicate stack. Note, the NCA protocol stack is removed. NL7C interposes on the sockfs/AF_INET/tcp control and data paths such that coordination with other projects in the sockfs space will be done as necessary, e.g. Clearwater (2003/146), Yellowdart (2003/182), and SDP (2004/298). NL7C does not have feature interactions with IPsec, IPMP, routing, or other basic networking components. It operates as a cache logically at the application layer. A socket is a socket. Like NCA, NL7C works only in the global zone, and this is enforced by the driver interfaces. A future project should address the Zones limitation. Ndd === The nca kmod and driver remain for servicing of ndd ioctl()s from either ndd(1M) or other application ioctl() cals. Only the nca specific variables are serviced while all others "tcp_*" and "ip_*" variables return an obsoleted message referring the user to use the appropriate "/dev/tcp" or "/dev/ip" ndd variable. Alternative Designs =================== Alternatives to installing into sockfs were considered, e.g. as part of Clearwater an interpose on the fly could've been done, but as Clearwater was shelved. This would have taken NCA's http/tcp/ip design and implementing an http layer as part of the current FireEngine tcp/ip kmod. The welding of NCA functionality to sockfs was chosen as the best place to support an L7 cache. If in a future sockfs were socket interpose can be done the small amount of code used to do the weld can be replaced with the appropriate interpose code. There are about 300 lines of code changes such that if NCA is disabled (the default), then no change to control/data flow of a socket. If NCA is enabled then, based on the NCA configuration (/etc/nca/ncaport.conf) specified ipaddr/port pairs or if the listen() socket is of AF_NCA, then NL7C will interpose. An accept()ing socket is marked for NL7C interpose, subsequent read-side data is http parsed for cache lookup, in the case of a cache hit the response is generated without application interaction. In the case of a miss, the socket is marked for cache fill and the request passed up to the application and subsequent write-side data is cached while being processed as normal by the sockfs code. In the case of a miss but not a request that NL7C is interested in then the socket NL7C state is cleared and the request/response is handled by the application. Future ====== Support for NCAS (NCA SSL, Secure Socket Layer) functionality as part of the Greyhoung project, PSARC/2002/557. Tentative plans call for additional L7 protocol support, e.g. ftp, to be explored. PSARC case(s) to be filed. NL7C configuration, administration, and programmatic interfaces, at which time NCA can be depreciated. NL7C should be enhanced to use SMF. NL7C should support web servers running in zones other than the global zone. Supporting Documentation ======================== See http://NL7C.eng.Sun.COM for additional details. (None of this material is normative for the case.)