-
Getting Started with Citrix ADC
-
Deploy a Citrix ADC VPX instance
-
Optimize Citrix ADC VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
-
Apply Citrix ADC VPX configurations at the first boot of the Citrix ADC appliance in cloud
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Configure a Citrix ADC VPX instance to use SR-IOV network interface
-
Configure a Citrix ADC VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure a Citrix ADC VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the Citrix high availability template with Azure ILB
-
Configure a high-availability setup with Azure external and internal load balancers simultaneously
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
Upgrade and downgrade a Citrix ADC appliance
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
On-premises Citrix Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the Citrix ADC appliance
-
-
-
-
-
Authentication and authorization for System Users
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Optimize Citrix ADC VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
The Citrix ADC VPX performance greatly varies depending on the hypervisor, allocated system resources, and the host configurations. To achieve the desired performance, first follow the recommendations in the VPX data sheet, and then further optimize it using the best practices provided in this document.
Citrix ADC VPX instance on VMware ESX hypervisors
This section contains details of configurable options and settings, and other suggestions that help you achieve optimal performance of Citrix ADC VPX instance on VMware ESX hypervisors.
- Recommended configuration on ESX hosts
- Citrix ADC VPX with E1000 network interfaces
- Citrix ADC VPX with VMXNET3 network interfaces
- Citrix ADC VPX with SR-IOV and PCI passthrough network interfaces
Recommended configuration on ESX hosts
To achieve high performance for VPX with E1000, VMXNET3, SR-IOV, and PCI passthrough network interfaces, follow these recommendations:
- The total number of virtual CPUs (vCPUs) provisioned on the ESX host must be less than or equal to the total number of physical CPUs (pCPUs) on the ESX host.
-
Non-uniform Memory Access (NUMA) affinity and CPU affinity must be set for the ESX host to achieve good results.
– To find the NUMA affinity of a Vmnic, log in to the host locally or remotely, and type:
#vsish -e get /net/pNics/vmnic7/properties | grep NUMA Device NUMA Node: 0 <!--NeedCopy-->
- To set NUMA and vCPU affinity for a VM, see VMware documentation.
Citrix ADC VPX with E1000 network interfaces
Perform the following settings on the VMware ESX host:
- On the VMware ESX host, create two vNICs from one pNIC vSwitch. Multiple vNICs create multiple Rx threads in the ESX host. This increases the Rx throughput of the pNIC interface.
- Enable VLANs on the vSwitch port group level for each vNIC that you have created.
- To increase vNIC transmit (Tx) throughput, use a separate Tx thread in the ESX host per vNIC. Use the following ESX command:
-
For ESX version 5.5:
esxcli system settings advanced set –o /Net/NetTxWorldlet –i <!--NeedCopy-->
-
For ESX version 6.0 onwards:
esxcli system settings advanced set -o /Net/NetVMTxType –i 1 <!--NeedCopy-->
-
-
To further increase the vNIC Tx throughput, use a separate Tx completion thread and Rx threads per device (NIC) queue. Use the following ESX command:
esxcli system settings advanced set -o /Net/NetNetqRxQueueFeatPairEnable -i 0 <!--NeedCopy-->
Note:
Make sure that you reboot the VMware ESX host to apply the updated settings.
Two vNICs per pNIC deployment
The following is a sample topology and configuration commands for the Two vNICs per pNIC model of deployment that delivers better network performance.
Citrix ADC VPX sample configuration:
To achieve the deployment shown in the preceding sample topology, perform the following configuration on the Citrix ADC VPX instance:
-
On the client side, bind the SNIP (1.1.1.2) to network interface 1/1 and enable the VLAN tag mode.
bind vlan 2 -ifnum 1/1 –tagged bind vlan 2 -IPAddress 1.1.1.2 255.255.255.0 <!--NeedCopy-->
-
On the server side, bind the SNIP (2.2.2.2) to network interface 1/1 and enable the VLAN tag mode.
bind vlan 3 -ifnum 1/2 –tagged bind vlan 3 -IPAddress 2.2.2.2 255.255.255.0 <!--NeedCopy-->
-
Add an HTTP virtual server (1.1.1.100) and bind it to a service (2.2.2.100).
add lb vserver v1 HTTP 1.1.1.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 add service s1 2.2.2.100 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO bind lb vserver v1 s1 <!--NeedCopy-->
Note:
Make sure that you include the following two entries in the route table:
- 1.1.1.0/24 subnet with gateway pointing to SNIP 1.1.1.2
- 2.2.2.0/24 subnet with gateway pointing to SNIP 2.2.2.2
Citrix ADC VPX with VMXNET3 network interfaces
To achieve high performance for VPX with VMXNET3 network interfaces, do the following settings on the VMware ESX host:
- Create two vNICs from one pNIC vSwitch. Multiple vNICs create multiple Rx threads in the ESX host. This increases the Rx throughput of the pNIC interface.
- Enable VLANs on the vSwitch port group level for each vNIC that you have created.
- To increase vNIC transmit (Tx) throughput, use a separate Tx thread in the ESX host per vNIC. Use the following ESX commands:
- For ESX version 5.5:
esxcli system settings advanced set –o /Net/NetTxWorldlet –i <!--NeedCopy-->
- For ESX version 6.0 onwards:
esxcli system settings advanced set -o /Net/NetVMTxType –i 1 <!--NeedCopy-->
On the VMware ESX host, perform the following configuration:
- On the VMware ESX host, create two vNICs from 1 pNIC vSwitch. Multiple vNICs create multiple Tx and Rx threads in the ESX host. This increases the Tx and Rx throughput of the pNIC interface.
- Enable VLANs on the vSwitch port group level for each vNIC that you have created.
-
To increase Tx throughput of a vNIC, use a separate Tx completion thread and Rx threads per device (NIC) queue. Use the following command:
esxcli system settings advanced set -o /Net/NetNetqRxQueueFeatPairEnable -i 0 <!--NeedCopy-->
-
Configure a VM to use one transmit thread per vNIC, by adding the following setting to the VM’s configuration:
ethernetX.ctxPerDev = "1" <!--NeedCopy-->
For more information, see Best Practices for Performance Tuning of Telco and NFV Workloads in vSphere
Note:
Make sure that you reboot the VMware ESX host to apply the updated settings.
You can configure VMXNET3 as a Two vNICs per pNIC deployment. For more information, see Two vNICs per pNIC deployment.
Citrix ADC VPX with SR-IOV and PCI passthrough network interfaces
To achieve high performance for VPX with SR-IOV and PCI passthrough network interfaces, see Recommended configuration on ESX hosts.
Citrix ADC VPX instance on Linux-KVM platform
This section contains details of configurable options and settings, and other suggestions that help you achieve optimal performance of Citrix ADC VPX instance on Linux-KVM platform.
- Performance settings for KVM
- Citrix ADC VPX with PV network interfaces
- Citrix ADC VPX with SR-IOV and Fortville PCIe passthrough network interfaces
Performance settings for KVM
Perform the following settings on the KVM host:
Find the NUMA domain of the NIC using the lstopo
command:
Make sure that memory for the VPX and the CPU is pinned to the same location. In the following output, the 10G NIC “ens2” is tied to NUMA domain #1.
Allocate the VPX memory from the NUMA domain.
The numactl
command indicates the NUMA domain from which the memory is allocated. In the following output, around 10 GB RAM is allocated from NUMA node #0.
To change the NUMA node mapping, follow these steps.
-
Edit the .xml of the VPX on the host.
/etc/libvirt/qemu/<VPX_name>.xml <!--NeedCopy-->
-
Add the following tag:
<numatune> <memory mode="strict" nodeset="1"/> This is the NUMA domain name </numatune> <!--NeedCopy-->
-
Shut down the VPX.
-
Run the following command:
virsh define /etc/libvirt/qemu/<VPX_name>.xml <!--NeedCopy-->
This command updates the configuration information for the VM with the NUMA node mappings.
-
Power on the VPX. Then check the
numactl –hardware
command output on the host to see the updated memory allocations for the VPX.
Pin vCPUs of VPX to physical cores.
-
To view the vCPU to pCPU mappings of a VPX, type the following command
virsh vcpupin <VPX name> <!--NeedCopy-->
The vCPUs 0–4 are mapped to physical cores 8–11.
-
To view the current pCPU usage, type the following command:
mpstat -P ALL 5 <!--NeedCopy-->
In this output, 8 is management CPU, and 9–11 are packet engines.
-
To change the vCPU to pCPU pinning, there are two options.
-
Change it at runtime after the VPX boots up using the following command:
virsh vcpupin <VPX name> <vCPU id> <pCPU number> virsh vcpupin NetScaler-VPX-XML 0 8 virsh vcpupin NetScaler-VPX-XML 1 9 virsh vcpupin NetScaler-VPX-XML 2 10 virsh vcpupin NetScaler-VPX-XML 3 11 <!--NeedCopy-->
-
To make static changes to the VPX, edit the
.xml
file as before with the following tags:-
Edit the .xml file of the VPX on the host
/etc/libvirt/qemu/<VPX_name>.xml <!--NeedCopy-->
-
Add the following tag:
<vcpu placement='static' cpuset='8-11'>4</vcpu> <cputune> <vcpupin vcpu='0' cpuset='8'/> <vcpupin vcpu='1' cpuset='9'/> <vcpupin vcpu='2' cpuset='10'/> <vcpupin vcpu='3' cpuset='11'/> </cputune> <!--NeedCopy-->
-
Shut down the VPX.
-
Update the configuration information for the VM with the NUMA node mappings using the following command:
virsh define /etc/libvirt/qemu/ <VPX_name>.xml <!--NeedCopy-->
-
Power on the VPX. Then check the
virsh vcpupin <VPX name>
command output on the host to see the updated CPU pinning.
-
-
Eliminate host interrupt overhead.
-
Detect VM_EXITS using the
kvm_stat
command.At the hypervisor level, host interrupts are mapped to the same pCPUs on which the vCPUs of the VPX are pinned. This might cause vCPUs on the VPX to get kicked out periodically.
To find the VM exits done by VMs running the host, use the
kvm_stat
command.[root@localhost ~]# kvm_stat -1 | grep EXTERNAL kvm_exit(EXTERNAL_INTERRUPT) 1728349 27738 [root@localhost ~]# <!--NeedCopy-->
A higher value in the order of 1+M indicates an issue.
If a single VM is present, the expected value is 30–100 K. Anything more than that can indicate that there are one or more host interrupt vectors mapped to the same pCPU.
-
Detect host interrupts and migrate host interrupts.
When you run the
concatenate
command for the “/proc/interrupts” file, it displays all the host interrupt mappings. If one or more active IRQs map to the same pCPU, its corresponding counter increments.Move any interrupts that overlap with your Citrix ADC VPX’s pCPUs to unused pCPUs:
echo 0000000f > /proc/irq/55/smp_affinity 0000000f - - > it is a bitmap, LSBs indicates that IRQ 55 can only be scheduled on pCPUs 0 – 3 <!--NeedCopy-->
-
Disable IRQ balance.
Disable IRQ balance daemon, so that no rescheduling happens on the fly.
service irqbalance stop service irqbalance show - To check the status service irqbalance start - Enable if needed <!--NeedCopy-->
Make sure you run the
kvm_stat
command to ensure that there are not many counters.
Citrix ADC VPX with PV network interfaces
You can configure para-virtualization (PV), SR-IOV, and PCIe passthrough network interfaces as a Two vNICs per pNIC deployment. For more information, see Two vNICs per pNIC deployment.
For optimal performance of PV (virtio) interfaces, follow these steps:
- Identify the NUMA domain to which the PCIe slot/NIC is tied to.
- The Memory and vCPU for the VPX must be pinned to the same NUMA domain.
- Vhost thread must be bound to the CPUs in the same NUMA domain.
Bind the virtual host threads to the corresponding CPUs:
-
Once the traffic is started, run the
top
command on the host. - Identify the virtual host process (named as
vhost-<pid-of-qemu>
) affinity. -
Bind the vHost processes to the physical cores in the NUMA domain identified earlier using the following command:
taskset –pc <core-id> <process-id> <!--NeedCopy-->
Example:
taskset –pc 12 29838 <!--NeedCopy-->
-
The processor cores corresponding to the NUMA domain can be identified with the following command:
[root@localhost ~]# virsh capabilities | grep cpu <cpu> </cpu> <cpus num='8'> <cpu id='0' socket_id='0' core_id='0' siblings='0'/> <cpu id='1' socket_id='0' core_id='1' siblings='1'/> <cpu id='2' socket_id='0' core_id='2' siblings='2'/> <cpu id='3' socket_id='0' core_id='3' siblings='3'/> <cpu id='4' socket_id='0' core_id='4' siblings='4'/> <cpu id='5' socket_id='0' core_id='5' siblings='5'/> <cpu id='6' socket_id='0' core_id='6' siblings='6'/> <cpu id='7' socket_id='0' core_id='7' siblings='7'/> </cpus> <cpus num='8'> <cpu id='8' socket_id='1' core_id='0' siblings='8'/> <cpu id='9' socket_id='1' core_id='1' siblings='9'/> <cpu id='10' socket_id='1' core_id='2' siblings='10'/> <cpu id='11' socket_id='1' core_id='3' siblings='11'/> <cpu id='12' socket_id='1' core_id='4' siblings='12'/> <cpu id='13' socket_id='1' core_id='5' siblings='13'/> <cpu id='14' socket_id='1' core_id='6' siblings='14'/> <cpu id='15' socket_id='1' core_id='7' siblings='15'/> </cpus> <cpuselection/> <cpuselection/> <!--NeedCopy-->
Bind the QEMU process to the corresponding physical core:
- Identify the physical cores on which the QEMU process is running. For more information, see the preceding output.
-
Bind the QEMU process to the same physical cores to which you bind the vCPUs, using the following command:
taskset –pc 8-11 29824 <!--NeedCopy-->
Citrix ADC VPX with SR-IOV and Fortville PCIe passthrough network interfaces
For optimal performance of the SR-IOV and Fortville PCIe passthrough network interfaces, follow these steps:
- Identify the NUMA domain to which the PCIe slot/NIC is tied to.
- The Memory and vCPU for the VPX must be pinned to the same NUMA domain.
Sample VPX XML file for vCPU and memory pinning for Linux KVM:
<domain type='kvm'>
<name>NetScaler-VPX</name>
<uuid>138f7782-1cd3-484b-8b6d-7604f35b14f4</uuid>
<memory unit='KiB'>8097152</memory>
<currentMemory unit='KiB'>8097152</currentMemory>
<vcpu placement='static'>4</vcpu>
<cputune>
<vcpupin vcpu='0' cpuset='8'/>
<vcpupin vcpu='1' cpuset='9'/>
<vcpupin vcpu='2' cpuset='10'/>
<vcpupin vcpu='3' cpuset='11'/>
</cputune>
<numatune>
<memory mode='strict' nodeset='1'/>
</numatune>
</domain>
<!--NeedCopy-->
Citrix ADC VPX instance on Citrix Hypervisors
This section contains details of configurable options and settings, and other suggestions that help you achieve optimal performance of Citrix ADC VPX instance on Citrix Hypervisors.
- Performance settings for Citrix Hypervisors
- Citrix ADC VPX with SR-IOV network interfaces
- Citrix ADC VPX with para-virtualized interfaces
Performance settings for Citrix Hypervisors
Find the NUMA domain of the NIC using the “xl” command:
xl info -n
<!--NeedCopy-->
Pin vCPUs of VPX to physical cores.
xl vcpu-pin <Netsclaer VM Name> <vCPU id> <physical CPU id>
<!--NeedCopy-->
Check binding of vCPUs.
xl vcpu-list
<!--NeedCopy-->
Allocate more than 8 vCPUs to Citrix ADC VMs.
For configuring more than 8 vCPUs, run the following commands from the Citrix Hypervisor console:
xe vm-param-set uuid=your_vms_uuid VCPUs-max=16
xe vm-param-set uuid=your_vms_uuid VCPUs-at-startup=16
<!--NeedCopy-->
Citrix ADC VPX with SR-IOV network interfaces
For optimal performance of the SR-IOV network interfaces, follow these steps:
- Identify the NUMA domain to which the PCIe slot or NIC is tied to.
- Pin the Memory and vCPU for the VPX to the same NUMA domain.
- Bind the Domain-0 vCPU to the remaining CPU.
Citrix ADC VPX with para-virtualized interfaces
For optimal performance, two vNICs per pNIC and one vNIC per pNIC configurations are advised, as in other PV environments.
To achieve optimal performance of para-virtualized (netfront) interfaces, follow these steps:
- Identify the NUMA domain to which the PCIe slot or NIC is tied to.
- Pin the memory and vCPU for the VPX to the same NUMA domain.
- Bind the Domain-0 vCPU to the remaining CPU of the same NUMA domain.
- Pin host Rx/Tx threads of vNIC to Domain-0 vCPUs.
Pin host threads to Domain-0 vCPUs:
- Find Xen-ID of the VPX by using the
xl list
command on the Citrix Hypervisor host shell. -
Identify host threads by using the following command:
ps -ax | grep vif <Xen-ID> <!--NeedCopy-->
In the following example, these values indicate:
- vif5.0 - The threads for first interface allocated to VPX in XenCenter (management interface).
- vif5.1 - The threads for second interface assigned to VPX and so on.
-
Pin the threads to Domain-0 vCPUs using the following command:
taskset –pc <core-id> <process-id> <!--NeedCopy-->
Example:
taskset -pc 1 29189 <!--NeedCopy-->
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.