Deciphering Compression Behavior in ISA 2004 Service Pack 2

Of all the diagrams I’ve seen in Microsoft documentation over the last 15 years, one of the most confusing was a diagram included in the ISA 2004 Service Pack 2 white paper. The diagram in question is seen in the figure below.

img1

I’ve read the Service Pack 2 white paper many times and always tried it give it a good effort to figuring out what they were trying to communicate in this diagram. The problem I had with the diagram is that there is no guidance in how to read the flow of information it’s meant to explain. However, on my flight to TechEd, I finally had the “aha!” experience required to decipher the diagram. And like after all “aha!” experiences, I don’t understand why I had such a hard time figuring the thing out.

First we need to define the scenario:

·Web proxy clients on the branch office’s default Internal Network are not allowed to ask for compression. When the clients request compression, the ISA firewall returns a response that compression is not available

·The branch office ISA firewall is configured so that’s it’s allowed to ask for compression when requesting content located on the default External Network

·The main office ISA firewall is configured to allow clients located on it’s default External Network to request compression

·The main office ISA firewall is configured so that it’s not allowed to ask for compressed content located on the main office’s default Internal Network

What happens when Web proxy clients at the branch office request content located on an IIS Web server on the main office’s default Internal Network?

1.The Web proxy client sends a request for the Web content to the branch office ISA firewall. The client requests compressed content, but since the branch office ISA firewall is configured to not allow requests for compressed content, the branch office ISA firewall responds that it doesn’t support requests for compressed content. The Web proxy client then makes a request for uncompressed content.

2.The branch office ISA firewall is configured so that’s it’s allowed to request compressed content on servers located on its default External Network. The main office ISA firewall is located on the branch office’s default External Network, so it sends a request to the main office ISA firewall for compressed content.

3.The main office ISA firewall is configured to allow clients on it’s default External Network to request compressed content. Since the branch office ISA firewall is located on the main office’s ISA firewall’s default External Network, the main office ISA firewall allows the request for compression from the branch office ISA firewall.

4.The main office ISA firewall is configured so that it is not allowed to request compression when connections to Web servers located on its default Internal Network. The Web server at the main office is located on the main office ISA firewall’s default Internal Network, so the main office ISA firewall sends a request to the IIS Web server at the main office for uncompressed content (that is to say, the main office ISA firewall acts as a Web client to the IIS server at the main office).

5.The IIS Web server at the main office returns to the ISA firewall the uncompressed content.

6.The ISA firewall returns the content to the branch office ISA firewall. Because the branch office ISA firewall requested compressed content, the main office ISA firewall compresses the content and then returns the compressed content to the branch office ISA firewall.

7.The branch office ISA firewall receives the compressed content. Because the branch office Web proxy client requested uncompressed content, the branch office ISA firewall uncompresses the content and returns the uncompressed content to the Web proxy client at the branch office.

OK, now that we have all that worked out, how does the graphic try to translate these events? The trick to reading the graphic is that you need to look at the request and response arrows for each hop in the request path.

For example, look at the request and response arrows for the connection made by the Web proxy client at the branch office to the ISA firewall at the branch office. The request arrow says GZIP/Range x-y. The response arrow says Uncompress/Range x-y. This means (if indeed I figured this graphic out correctly) that the client made an original request for compressed content, but the ISA firewall at the branch office does not allow clients on the branch office default Internal Network to request compressed content so uncompressed content is returned to the client instead of compressed content.

In a similar vein, you can see what happens with the request/response arrows between the branch office and main office ISA firewalls. The branch office ISA firewall’s request arrow says GZIP/Range x-y and the response arrow from the main office ISA firewall to the branch office says GZIP/Range x-y indicating that the request for compressed content from the main office ISA firewall was granted.

You might wonder what the Range x-y stuff is about. In the ISA Server 2004 Service Pack 2 white paper, there is a discussion on compression of range requests. I’m not going to get into range requests right now, because if you think trying to figure out what this graphic was communicating was a challenge, you’ll find that trying to understand the entire range request issue will be a nightmare, and the bad dream is made even worse by conflicting statements concerning caching of range requests within pages of one another.

HTH,

Tom

BLOG: http://blogs.isaserver.org/shinder

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top