My team has been doing alot of work with the Windows Kernel Cache lately, and in the process have come across some useful command lines to help manage and view the state of the kernel cache. Since I couldn’t easily find (through either Bing or Google) any reference to these commands, I thought I’d take a few minutes to write some up in the hopes that crawlers will connect the dots for future searches.
While these commands are really only useful if you already know something about the kernel cache, I’ll provide a brief description of the system for those (like me) that are too impatient to read the full MSDN article that I linked to earlier in this post. The Windows Kernel Cache is a feature of the HTTP.SYS driver that allows the OS to cache objects in kernel memory, which then gets leveraged when HTTP.SYS receives incoming requests for the same URL of an object that is already in the cache. This creates very fast HTTP responses by removing the need for the request to traverse up the HTTP stack into user space (as well as any application code such as IIS or <insert-your-own-httpsys-based-application-here>).
Now that the exhaustive intro on kernel cache is complete, lets get into those commands. The intended audience for these is any developer building an application that leverages kernel cache, or an operations engineer working on a Windows Server with HTTP serving applications that leverage kernel cache.
- netsh http show cacheparam – this command will show the two configurable paramaters of the kernel cache:
- maxcacheresponsesize – HTTP objects below this size are eligible to be cached in kernel space, objects above this size are not. For information about how to adjust the size (the default is 256kb), you can follow the instructions provided on MSDN.
- cacherangechunksize – the size of chunks that the kernel cache stores for cache range requests. (NOTE: I’m not 100% clear on this one as MSDN documentation states that the kernel cache does NOT serve range requests, perhaps its a setting used by IIS-level caching)
- netsh http show cachestate – this command will show the URLs of all objects currently in the kernel cache. The following information is returned for each object that is in the cache:
- Status code: the HTTP status code that will be sent to the client for requests served for this object.
- HTTP verb: the verb that this cached object will be served for.
- Cache policy type: the type of policy, which is one of:
- time to live – objects with this setting use the TTL setting in the response to indicate when to purge the item from cache
- user invalidates – objects with this setting wait until the object is explicitly cleared before purging
- Creation time: the creation time of the object itself
- Request queue name: (NOTE: not sure about this one, may be related to IIS settings)
- Content type: the content type of the cached object.
- Content encoding: the content encoding (if any) of the cached object.
- Headers length: the size of the headers associated with the cached object (NOTE: the kernel cache stores all the headers along with the object, and serves the headers along with the content for requests served out of cache)
- Content length: the size of the content associated with the cached object.
- Hit count: the number of requests served by the cached object.
- Force disconnect after serving: TRUE or FALSE and indicates if the kernel cache will force a client disconnect after serving the object.