LanCache - WindowsUpdate/Game caching

Discussion in 'General Software' started by elvis, Feb 10, 2021.

  1. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,684
    Location:
    Brisbane
    https://lancache.net/

    I'm absolutely in love with this software. Using it both at home and in small businesses to cache a huge variety of updates from different vendors, game distribution services, etc for Windows and both PC and console gaming.

    Previously I ran Squid with custom refresh patterns:
    https://wiki.squid-cache.org/SquidFaq/WindowsUpdate

    But more and more as the world turns to HTTPS-everywhere and even non-HTTPS delivery like Microsoft BITS or other P2P tech, Squid rapidly stopped being useful 10 years ago.

    It's not perfect software by any means, but there's frequent updates and improvements all the time. Running it directly on my home Linux firewall+server proved troublesome (it makes assumptions about having a single IP and the ability to bind exclusively to an interface on given ports), so it's running on docker inside a dedicated VM with a dedicated physical cache drive passed through. Even so, performance is amazing, and it easily saturates my puny 1GbE home network.

    You can see a rough list of domains and services it caches here:
    https://github.com/uklans/cache-domains

    Dive into the text files listed there, and see what's being cached. It's not just PC Master Race stuff either, PSN/XBox/Nintendo stuff is all cached, and is really nice when you want to delete an installed game and reinstall it a week/month later.

    I've currently got a budget "500GB" (448GB real world usable) SSD dedicated to LanCache, and in my house with many consoles, 6+ Windows installs (including gaming systems and various VMs we use for our small business), that filled in about 2 months of use. LanCache manages expiry on a "least frequently used" basis, which is nice. So far no desire to go and get another disk, however that may change if I see the hit/miss ratio change for the worse.

    I wrote a quick and dirty script to measure cache hits versus cache misses, and so far the output looks like this (just passed 3 months of use):

    Code:
    --------------------------
    431G    /lancache
    --------------------------
    MISS
     687.4 GB
    --------------------------
    HIT
     251.2 GB
    --------------------------
    
    431GB of space in use (I set the upper bounds to be about 95% of the total actual space available, and LanCache manages item expiry automatically). The grand total bytes requested will be the two numbers added (938.6GB), with 687.4GB (73%) being cache misses and 251.2GB (27%) being cache hits.

    Not bad considering that there's plenty of one-off devices in the house that won't benefit from cache (only one PS4, one Nintendo Switch, etc). But well over a quarter of that near terabyte of data didn't need to be downloaded from upstream servers.

    A couple more scripts to see what the most hit services are:

    Code:
    --------------------------
    HIT categories
     673936 [blizzard]
      67190 [steam]
      33679 [epicgames]
      29115 [wsus]
      20257 [origin]
        840 [sony]
        227 [xboxlive]
         66 [emdl.ws.microsoft.com]
         49 [riot]
         12 [packages.dmd.metaservices.microsoft.com]
    --------------------------
    
    And by pure number of cache hits (not bytes saved, I'll write that script later), definitely the kids' PC gaming that sees the most benefit, but certainly a lot of Windows Updates as well.

    For small businesses who have a few Windows boxes on site but no desire for AD or WSUS, this is a pretty neat tool as well. Throw it on a low power system in the corner, point your outbound DNS to it, and you've got yourself a very low cost cache for Windows Updates that works far better than just pure Squid Cache.

    If you're like me and have a house full of gamers sharing a single Internet link, this is really good stuff. Nothing sucks more than seeing ping time collapse because someone is pulling down a game install. This definitely goes a long way to making a shared Internet connection suck a whole lot less.
     
    Last edited: Feb 10, 2021
    Blinky, t8y, neogeo and 8 others like this.
  2. Symon

    Symon Castigat ridendo mores

    Joined:
    Apr 17, 2002
    Messages:
    5,057
    Location:
    Brisbane QLD
    Nice write up, it's an awesome bit of software. I've been running it on my home network for a couple of years now as well as at my brothers place. It is of more benefit to him as he has a pretty crappy ASDL connection and three gamers in the house.

    My only problem with it is that I would really like to run it on my NAS which unfortunately has an ARM CPU, and I'm yet to find a working docker build for it on that architecture. I don't know enough about docker to roll my own, so I'm running the amd64 version on my ubuntu box - which works but isn't ideal for me. It's still pretty cool on my 10G network.
     
    Last edited: Mar 30, 2021
  3. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,684
    Location:
    Brisbane
    According to the docs there are bugs in the ARM version that they haven't yet solved. I can't think of what those would be (it all seems pretty straight forward and high level), but there's plenty of demand for it on RPi style hardware as well as ARM NAS devices, so with any luck they'll have a working version soon enough.
     
  4. Blinky

    Blinky Member

    Joined:
    Jul 4, 2001
    Messages:
    3,730
    Location:
    Brisbane
    I don't suppose you have heard any chatter on caching the different CDNs for YouTube aye?
     
  5. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,684
    Location:
    Brisbane
    YouTube forces HTTPS for all streams. You'd need to override the TLS cert (requires client-side manipulation) before attempting any of the standard URL rewrite / dynamic content caching tricks.

    Short version is I don't think it would work with lancache without YouTube (i.e.: Google) changing some of their fundamental policies on "HTTPS everywhere". Much of the work lancache has done involves co-operation from upstream vendors, or just the fact that some vendors still sensibly offer both HTTP and HTTPS for their updates, and don't confuse transport layer encryption with data integrity problems (like Microsoft and all Linux vendors, both of whom understand package signing regardless of transport protocol).

    You could do it on your own network with a standard Squid proxy and SSL/TLS inspection enabled for a given domain whitelist (e.g.: a home, school or business network where you have administrative control of all machines). But again, I don't think it's something lancache could do transparently for something like a LAN gaming event given YouTube's current policies.
     
    Last edited: Apr 12, 2021
    Symon and Blinky like this.
  6. Blinky

    Blinky Member

    Joined:
    Jul 4, 2001
    Messages:
    3,730
    Location:
    Brisbane
    Thanks for the reply.
    I can remember years ago that squid never used to work really with youtube. Someone got a partial success but I think that was as far as it ever got.
    Mine was maintained mostly for Windows cache. I'll add lancache to my list of 'must do'. :)

    I think one of the old distros had something too. E-Smith,Smoothwall maybe?
     
  7. Symon

    Symon Castigat ridendo mores

    Joined:
    Apr 17, 2002
    Messages:
    5,057
    Location:
    Brisbane QLD
    I read somewhere that Valve got on board with the project and wrote routines in the steam application to actively look for the presence of a caching server and if it finds one then it switches to http, otherwise it defaults back to https.
     
    Last edited: Apr 12, 2021
  8. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,684
    Location:
    Brisbane
    You need to get the dynamic caching stuff working properly. It can be done, but requires a few extra rules:

    https://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube
    https://wiki.squid-cache.org/SquidFaq/WindowsUpdate

    In particular see the part about "refresh_patterns". That's the bit you need for caching content from random CDNs and helping Squid work out that it's the same bit of content (again, requires either plain HTTP or TLS inspection with HTTPS).

    Without refresh_patterns set, Squid will see every CDN as a separate web server, and only cache content if the exact full URL is hit. Prior to using lancache, I used refresh_patterns with WindowsUpdate (as well as Adobe and Apple stuff), which worked fairly well. But that was a while ago, and up until 2 years ago I was using Apple's own Caching Server instead for Apple and iOS updates (as they all switched to HTTPS, and only worked with Apple's own product after that). Adobe stuff I've lost track of completely.

    Yeah Valve were really good about it. I think despite all the criticisms about them, at their heart they're still a bunch of nerds who enjoy LAN gaming like the rest of us, and saw the value in getting people playing games faster at big events.

    Other vendors are good too. My kids play a lot of Overwatch, and all that (and all Blizzard client stuff) caches very nicely. One of them plays a lot of Sims 4 as well, and Origin will warn you that the client is falling back to HTTP and ask you to click "OK" to accept, but once you do it happily uses cached content. Not a perfect solution, but at least EA allows it to happen.
     
    Last edited: Apr 12, 2021
    Symon likes this.
  9. Blinky

    Blinky Member

    Joined:
    Jul 4, 2001
    Messages:
    3,730
    Location:
    Brisbane
    Of you guys running LanCache, are any of you running it on a Ubuntu base and if so did you disable the DNS stub listener?
     
  10. Symon

    Symon Castigat ridendo mores

    Joined:
    Apr 17, 2002
    Messages:
    5,057
    Location:
    Brisbane QLD
    Yes it's running on Ubuntu, and no I didn't.
     
  11. Blinky

    Blinky Member

    Joined:
    Jul 4, 2001
    Messages:
    3,730
    Location:
    Brisbane
    Thanks for that.
    There was meant to be an issue with it and the lancache_dns container over port 53 but I'll look elsewhere now.
     
  12. Blinky

    Blinky Member

    Joined:
    Jul 4, 2001
    Messages:
    3,730
    Location:
    Brisbane
    Elvis for the Win! (again...)

    Trust me, this matters. "--remove-orphans"
    Goddamn docker $%&$$##$&
     
  13. th3_hawk

    th3_hawk Member

    Joined:
    Jun 4, 2005
    Messages:
    2,552
    Location:
    Kilsyth 3137
    I need to learn more about this, even if it's just for battle.net :p
    We have good internet at 100/40 so most Windows updates and other little bits and pieces aren't really noticed, but PC game updates can be brutal, mostly from the waiting perspective.

    Does anyone know if Lancache can be installed alongside Pihole/unbound on a Raspberry Pi 4b?
     
  14. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,684
    Location:
    Brisbane
    There are efforts to port it to RPi/ARM, but it's all unofficial currently:

    https://github.com/jrcichra/lancache-rpi

    I think someone in the RPi thread had tested it. For decent speeds you'll want at least an RPi4, wired gigabit Ethernet (caps out at about 800Mbit from my testing), and a USB3 connected drive (will easily flood the 1GbE link).

    Definitely not with it on older RPi3 and lower hardware.
     
  15. Symon

    Symon Castigat ridendo mores

    Joined:
    Apr 17, 2002
    Messages:
    5,057
    Location:
    Brisbane QLD
    Well it runs as a docker container on my NAS without errors, but as I'm a docker numpty I can't find where the env file is to put in my network settings. Can't even find the 'lancache' directory that you would normally get with an install.
     
  16. th3_hawk

    th3_hawk Member

    Joined:
    Jun 4, 2005
    Messages:
    2,552
    Location:
    Kilsyth 3137
    I really need to read and understand more about docker too, something I have vaguely looked at but never quite understood how it fits together. I just need to sit with someone who knows whats what so I can ask questions to get it straight in my head... One day, when we are allowed to interact with other humans again.

    My broad understanding is that this service sits between the computers and the internet, sadly creating single point of failure for the whole network since you only want a single cache:
    Computer -> Lancache -> DNS Server -> Internet

    In my case I have two Pi's running PiHole and Unbound to create redundancy within my network (learned the hard way the wife gets unhappy when the internet breaks).
    Both are Pi4 2GB models which is more than enough.
    Pi1 gets about 90% of the traffic, Pi2 generally does bugger all until I take Pi1 down for updates.

    Reading here:
    https://www.reddit.com/r/pihole/comments/fsvgr8/pihole_and_lancache/

    It's possible, although it seems that people have mixed reports on how PiHole reporting then works depending on where you try and shove lancache into the workflow.

    The best option seems to be to user this script (from that thread) to create unbound rules to push the required DNS requests to a stand alone lancache instance, this would mean I could separate that one requirement AND if that single point ever fails, it's only those handful of use cases which suffer until I can fix it rather than taking down all the internet traffic. I would probably pick and choose a little more selectively what I choose to cache too to limit any potential impacts (at least at the start). I just need to understand how that script works and most importantly how to remove any redirects if it all goes sideways.
    https://github.com/uklans/cache-domains/tree/master/scripts

    I'm thinking about creating a docker container on Pi2, since it's mostly idle, with its own separate IP so hopefully it doesn't impact any other operations that Pi does... seems simple enough.
    https://www.reddit.com/r/docker/comments/hqrrq3/do_docker_containers_get_their_own_ip_separate/

    While I do have a spare 500GB SSD, I'm thinking that the 5,400rpm 2.5mm 1TB drive I have here would be sufficient given I'm using a Pi. Again, anything faster than the 100Mbps internet connection is a win.

    From a staging stand point I'm thinking:

    Snapshot the SD card on Pi2
    Create the docker container
    Create the scripts
    test!

    If it works, wooo! add the script to Pi1. If it fails, re-image Pi2 back to before the changes.

    ...what could go wrong?


    While much of that was to get it straight in my own head (and to capture the links I've found so far) since it helps me to discuss or write things down, do you see any holes in my approach?
     
  17. Symon

    Symon Castigat ridendo mores

    Joined:
    Apr 17, 2002
    Messages:
    5,057
    Location:
    Brisbane QLD
    I had to do that as I put pihole at my parent's place. They are on crappy ADSL NBN and the lack of ads makes a considerable difference to their browsing experience. For some reason pihole would randomly lock up for a couple of minutes and then come back again, long enough to be annoying and I get a phone call. Since I put redundant piholes in I haven't had a call in over a year. Agree that the second pihole is mostly there for looks but the failover does happen seamlessly so everyone is happy.

    I've done it, but had pihole and lancache on different hardware. At the time lancache didn't work on ARM so had a NUC running ubuntu with lancache and pihole on a pi. It worked pretty well. The DHCP server (pfsense in my case) was set up to point the client DNS queries to lancache, which in turn pointed its DNS queries to pihole, which then pointed back to pfsense.

    These days I've got pfblocker running on pfsense so I've done away with pihole altogether.

    Certainly should work. Although it is fun having the cache storage on a NVME drive with a 10G network, and giggling like a schoolgirl seeing your games download at 6Gb/s.
     
  18. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,684
    Location:
    Brisbane
    The .env file has a dot/period/fullstop at the front. "ls" won't show it. You need to run "ls -la" to see the file.

    Here's where I pulled LanCache fron github, and you see the docker-compose yaml file:

    Code:
    root@lancache:/opt/src/lancache# ls
    docker-compose.yml  README.md  update_containers.sh
    
    And with "ls -la" where you see the .env file you need to edit:

    Code:
    root@lancache:/opt/src/lancache# ls -la
    total 20
    drwxr-xr-x 1 root root  124 Aug  9 21:53 .
    drwxr-xr-x 1 root root   16 Oct 30  2020 ..
    -rw-r--r-- 1 root root  689 Feb 13  2021 docker-compose.yml
    -rw-r--r-- 1 root root 1976 Aug  9 21:53 .env
    drwxr-xr-x 1 root root  176 Jul 28 08:42 .git
    drwxr-xr-x 1 root root   18 Jan 31  2021 .github
    -rw-r--r-- 1 root root 5981 Jan 31  2021 README.md
    -rw-r--r-- 1 root root   72 Dec  2  2020 update_containers.sh
    


    One of the problems with LanCache is that it binds to 0.0.0.0:53 UDP and TCP for DNS (i.e: all IPs, all interfaces). If you have another DNS server on your system already bound to UDP/TCP 53, even on a single IP, LanCache doesn't like it.

    It's frustrating, as my Linux server is both NAS and gateway, has multiple real and virtual interfaces and a complex setup. LanCache doesn't like this at all, and considers itself to be the only thing running on the box for DNS (kinda stupid when docker is all about multiple microservices). So as a workaround I've got LanCache running in a VM on my system to keep it happy.

    So my setups is a bit complex, but as follows:

    kids_machines -> custom_bind9+rpz -> lancache -> 1.1.1.3
    adults_machines -> custom_bind9+rpz -> conditional forwarders based on request domain, some of which are lancache, some of which are DNS over HTTPS.

    "RPZ" is a "Response Policy Zone", which is how PiHole works, but I wrote my own. Likewise for the adult machines I have a script that pulls out all the domains from here:
    https://github.com/uklans/cache-domains

    And writes custom forwarders in a BIND9 config file. I can share that if you like, it's not very complex.

    I need to do a formal RFE/bug with the LanCache folks about not binding to 0.0.0.0, and instead being able to choose a specific IP or port combo to bind to for people who are using chained DNS servers like I am. But even ignoring the complexity of my home network, there's a LOT of people using PiHole (which also runs on regular Linux systems, not just a Raspberry Pi of course) and finding it conflicts with LanCache.

    A minor annoyance really. It's still an amazing product. Just takes a bit of messing around if you've got more than one DNS server, which to be fair most people don't.

    Total guess: they've got a rubbish router handing out DHCP with very short lease times, and it takes a painfully long time to answer DHCP requests.

    If that's the case, up the lease times to days instead of hours.
     
    Last edited: Oct 7, 2021
  19. Symon

    Symon Castigat ridendo mores

    Joined:
    Apr 17, 2002
    Messages:
    5,057
    Location:
    Brisbane QLD
    Thanks for taking a look, but in my install there is no /opt/src/lancache directory, or even /opt/src. The only thing in /opt/ is nginx.

    Edit - The container I'm using is this one - https://hub.docker.com/r/jrcichra/lancachenet-monolithic

    Edit2 - actually from looking here https://hub.docker.com/layers/jrcic...a8126257f5873af161a53088576d6?context=explore there is the following line -

    Code:
    ENV GENERICCACHE_VERSION=2 CACHE_MODE=monolithic WEBUSER=www-data CACHE_MEM_SIZE=500m CACHE_DISK_SIZE=1000000m CACHE_MAX_AGE=3560d CACHE_SLICE_SIZE=1m UPSTREAM_DNS=8.8.8.8 8.8.4.4 BEAT_TIME=1h LOGFILE_RETENTION=3560 CACHE_DOMAINS_REPO=https://github.com/uklans/cache-domains.git CACHE_DOMAINS_BRANCH=master NGINX_WORKER_PROCESSES=auto
    But unsure how I can modify that post install?

    Pretty likey, it's a Telstra modem/router. Will take a look next time I'm up their way.
     
    Last edited: Oct 7, 2021
  20. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    45,684
    Location:
    Brisbane
    /opt/src is where I put mine. Yours will be whereever you "git clone"ed yours. I'm only demonstrating that the .env file is a "hidden file" as it has a dot at the front.

    You should be using the docker-compose file from here:
    https://github.com/jrcichra/lancache-rpi

    And you'll see the ".env" file there too. The process should be:

    1) git clone https://github.com/jrcichra/lancache-rpi.git
    2) edit .env file
    3) docker-compose up -d --remove-orphans

    The YAML file will know where to get the container and copy it to your system. Variables specific to your environment are read in from the .env file. Don't pull the container yourself manually, as it will be missing necessary info.
     
    Last edited: Oct 7, 2021

Share This Page

Advertisement: