What is a Proxy?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
I'm Peter and welcome to another edition of f5 Dev Central's lightboard lessens the term proxy is a contraction from the Middle English word procuracy it's a legal term that means to act on behalf of another you may have heard of proxy vote or vote by proxy where you make your selection you send it in and someone else does the actual voting for you and inserting the ballot in computer networking of proxy is a device or server that acts on behalf of another device it sits between the client and the servers or the applications and often performs a service both on the request and sometimes on the response so the first kind of proxy we're going to look at is a half proxy so we have a client here our infamous Internet cloud proxy and then our applications and this one would be a half proxy so in a half proxy the client will connect to the proxy the proxy will then establish a connection to the applications the resources on the backend the resources will respond and then the proxy will pass back that response to the client now after that after that initial call set up the proxy really isn't doing anything after that it's just allowing the traffic to pass through it back and forth between the client and the applications on the backend it may be doing you know maybe some layer 4 port mapping maybe some routing maybe some matting but it's really not doing anything intelligent so does the initial setup and then just pass this traffic back and forth another good use case for the half proxy is direct server return so things like streaming protocols for instance in that situation the client will again connect to the proxy proxy connects to the application and then the streaming protocols will actually simply bypass the proxy and go back directly to the client that's how the you know a lot of these streaming protocols and direct server return works and one of the reasons obviously is to you know not use up resources on the top proxy for things that can be done direct so there's your half proxy next let's look at a full proxy and so here we got our client our internet and I go to squeaky squeaky marker so let's trade that one out and we got our proxy again and then our applications and then this one oops this one would be our full proxy now in a full proxy situation the client connects and actually terminates on the full proxy and then with a full proxy there's this little gap in the middle and then the connection to the server or the applications is actually a separate TCP connection so client terminates on this full proxy and then the full proxy will establish a second and separate connection to the applications on the back end and this gap in here is where a lot of intelligence resides in a full proxy and so in this situation the proxy can perform certain services and it can manipulate or inspect or drop any sort of traffic that's coming through this gap since none of this traffic on either end is blended come in come out the application then connects back to this connection and again back out to the client the separate connection to the client so that would be your full proxy two separate connections on either end as opposed to the half proxy where after the first call set up traffic just passes through so now with the full proxy let's clean this up a little and let's put in big i.t i.t and so when we talk about big IP full proxy architecture this is really what we're talking about the two separate connections that separate connections traffic's never blended on either end now when big IP is on the server side as a full proxy on the server side of the connection it's what's called a reverse proxy clang connects the traffic comes in and within the spoole proxy architecture and this gap is where you know reverse proxies are good for things like obviously load balancing the big IP so load balancing SSL offload terminating SSL here inspecting the traffic passing it on things like optimization optimizing traffic here within this gap you can do things like security on this end if you like so for instance up here with layer 4 stuff now granted big IP can do layer 4 type routing and traffic steering and such inspections but say at the IP level you would block certain certain malicious networks and those sorts of things with a full or with a reverse full proxy you can go up to the stack to layer seven and so not only can you do like IP based white listing and black listing you can also would now inspect HTTP traffic which is critically important you could then also even put a big IPA SM so a web application firewall policy here and that policy would then inspect the traffic it would inspect the traffic both on the way in to ensure nobody's trying any funny stuff on the backend but will also inspect traffic the response on the way out potentially masking or blocking sensitive information like credit card numbers or social security numbers and so now on if we then put big IP over on the client side you like my smudge big P now in this situation on the client side as a full proxy this big IP would be a forward proxy and so again client connects to the forward proxy to the big IP on the outbound requests and in this situation the proxy will act on behalf of this client and then go out to the Internet to retrieve whatever resources were requested and so in this situation what it can do having a forward proxy protecting your internal network one you can kind of mask the theater mask so that you can mask your internal resources with a forward proxy you can certainly do filtering outbound filtering maybe you want to block you know certain social media sites or a particular time wasters they're at in the office so filtering forwarding you can do client-side client-side caching so over here you do server-side caching on this side you know say there's a viral video that went crazy and everybody wants to see this cat new cat video out you can do the client-side cache and cache the video here on this end and now you're not using up and chewing up your bandwidth and certainly you know privacy security those sorts of things and then finally in this situation you can also add some third party inspection tools so maybe you have a NICAP server hanging off here as a third party inspection you might want to send the traffic up here attachments you know potential malicious content those sorts of things send it up to the ICAP make sure it's all good and then send it out on its merry way so a little light up they really come out good a lightboard lesson if you will about what is a proxy and if you like this video you can actually play along be my proxy and forward this along to others who might want to wonder about what is a proxy I'm Peter thanks for watching and we'll see you in the community
Info
Channel: F5 DevCentral
Views: 290,779
Rating: undefined out of 5
Keywords: f5, devcentral, lbl, lightboard, proxy, big-ip, full proxy
Id: jGQTS1CxZTE
Channel Id: undefined
Length: 10min 33sec (633 seconds)
Published: Wed Mar 15 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.