Google Global Cache (GGC)
Posted by Peter Kurdziel on February 29, 2012
Google Global Cache
Google Global Cache (GGC) allows you to serve Google content, primarily video, from the edge of your own network. This eases congestion on your network and lessens traffic on peering and transit links. GGC saves you money while improving the experience of your users.
I am only posting the “Network” side of the installation. GCC specific instructions are provided with the product.
Access Control Lists
Access Control Lists (ACLs) are not recommended on network equipment serving the
GGC node. An IP firewall runs on each server in the GGC cluster.
If ACLs are used, the following ports must be allowed for the entire subnet:
- inbound and outbound HTTP and HTTPS (TCP/80, TCP/443)
- inbound and outbound ICMP (Protocol ID 1)
- inbound and outbound SSH (TCP/22)
- outbound DNS (UDP/53 and TCP/53)
- outbound NTP (UDP/123)
- outbound BGP (TCP/179)
Google Confidential 9 of 10
- the node must be reachable from any IP on the Internet.
Cisco Switch Configuration Example Fragment
!
interface GigabitEthernet1/1 description GGChost1-Gb1 switchport mode access channel-protocol lacp channel-group 1 mode passive ! interface GigabitEthernet1/2 description GGChost1-Gb2 switchport mode access channel-protocol lacp channel-group 1 mode passive ! interface Port-channel1 description GGChost1 switchport switchport mode access ! interface GigabitEthernet1/3 description GGChost2-Gb1 switchport mode access channel-protocol lacp channel-group 2 mode passive ! interface GigabitEthernet1/4 description GGChost2-Gb2 switchport mode access channel-protocol lacp channel-group 2 mode passive ! interface Port-channel2 description GGChost2 switchport switchport mode access endBGP Configuration
BGP Peer Configuration Examples
Cisco Option 1: Prefix list based route filtering
neighbor <IP address of GGC> remote-as 65535 neighbor <IP address of GGC> transport connection-mode passive neighbor <IP address of GGC> prefix-list deny-any in neighbor <IP address of GGC> prefix-list GGC-OUT out ip prefix-list deny-any deny 0.0.0.0/0 le 32 ip prefix-list GGC-OUT permit <x.y.z/24> ip prefix-list GGC-OUT permit <a.b.c/24>
Cisco Option 2: AS-PATH based route filtering
neighbor <IP address of GGC> remote-as 65535 neighbor <IP address of GGC> transport connection-mode passive neighbor <IP address of GGC> filter-list 1 in neighbor <IP address of GGC> filter-list 2 out ip as-path access-list 1 deny .* ip as-path access-list 2 permit _100_ ip as-path access-list 2 permit _200$ ip as-path access-list 2 permit ^300$
Juniper Option 1: Prefix based policy
neighbor <IP address of GGC> { description “GGC”; import no-routes; export export-filter; peer-as 65535; passive; } policy-statement no-routes { term default { then reject; } } policy-statement export-filter { term allow-routes { from { route-filter a.b.c.d/xy orlonger; } then accept; } }
Juniper Option 2: AS-PATH based policy
neighbor <IP address of GGC> { description “GGC”; import no-routes; export export-filter; peer-as 65535; passive; } policy-statement no-routes { term default { then reject; } } policy-statement export-filter { term allow-routes { from { from as-path-group GGC; } then accept; } } as-path-group GGC { as-path AS-PATH-NAME-1 “^100.*”; as-path AS-PATH-NAME-2 “^200.*”; }
