-
Getting Started with Citrix ADC
-
Deploy a Citrix ADC VPX instance
-
Optimize Citrix ADC VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
-
Apply Citrix ADC VPX configurations at the first boot of the Citrix ADC appliance in cloud
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Configure a Citrix ADC VPX instance to use SR-IOV network interface
-
Configure a Citrix ADC VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure a Citrix ADC VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the Citrix high availability template with Azure ILB
-
Configure a high-availability setup with Azure external and internal load balancers simultaneously
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
Upgrade and downgrade a Citrix ADC appliance
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
On-premises Citrix Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the Citrix ADC appliance
-
-
-
-
-
Authentication and authorization for System Users
-
-
Configuring HTTP/2 on the Citrix ADC Appliance
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
HTTP/2 configuration
Note:
The HTTP/2 functionality is supported on Citrix ADC MPX, VPX, and SDX.
The HTTP/2 functionality is not supported on Citrix Gateway.
The problem with web application performance is directly related to the trend toward increasing the page size and the number of objects on the webpages. HTTP/1.1 was developed to support smaller webpages, slower Internet connections, and more limited server hardware than are common today. It is not suitable for new technologies such as JavaScript and cascading style sheets (CSS) or new media types such as Flash videos and graphics-rich images. This is because it can request only one resource per connection to the server. The limitation significantly increases the number of round trips, causing longer page-rendering and reduced network performance.
The HTTP/2 protocol addresses these limitations by allowing communication to occur with less data transmitted over the network, and providing the ability to send multiple requests and responses across a single connection. At its core, HTTP/2 addresses the key limitations of HTTP/1.1 by using the underlying network connections more efficiently. It changes the way requests and responses travel over the network.
HTTP/2 is a binary protocol. It is more efficient to parse, more compact on the wire, and most importantly, it is less error-prone, compared to textual protocols like HTTP/1.1. The HTTP/2 protocol uses a binary framing layer that defines the frame type and how HTTP messages are encapsulated and transferred between the client and server. The HTTP/2 functionality supports the use of the CONNECT method to establish a tunnel connection through a single HTTP/2 stream to a remote host.
The HTTP/2 protocol includes many performance-enhancing changes that significantly improve performance, particularly for clients connecting over a mobile network.
The following table lists the major improvements in HTTP/2 over HTTP/1.1:
HTTP/2 features | Description |
---|---|
Header Compression | HTTP headers have much repetitive information and therefore consume unnecessary bandwidth during data transmission. HTTP/2 reduces bandwidth requirements by compressing the header and minimizing the requirement to transport HTTP headers with every request and response. |
Connection Multiplexing | Latency can have a huge impact on page load times and the end user experience. Connection multiplexing overcomes this problem by sending multiple requests and responses across a single connection. |
Server Push | Server push enables the server to proactively push content to the client browser, avoiding round-trip delay. This feature caches the responses that it thinks the client needs, reduces the number round trips, and improves the page rendering time. Important: The Citrix ADC appliance does not support the server push functionality. |
No Head-of-line Blocking | Under HTTP 1.1, browsers can download one resource at a time per connection. When a browser has to download a large resource, it blocks all other resources from downloading until the first download is complete. HTTP/2 overcomes this problem with a multiplexing approach. It allows the client browser to download other web components in parallel over the same connection and display them as they become available. |
Request Prioritization | Not all resources have equal priority when the browser renders a webpage. To accelerate the load time, all modern browsers prioritize requests by type of asset, their location on the page, and even by learned priority from previous visits. With HTTP/1.1, the browser has limited ability to use the priority data, because this protocol does not support multiplexing, and there is no way to communicate request prioritization by the server. The result is unnecessary network latency. HTTP/2 overcomes this problem by allowing the browser to dispatch all requests. The browser can communicate its stream prioritization preference via stream dependencies and weights, enabling the servers to optimize response delivery. Important: The Citrix ADC appliance does not support the request prioritization functionality. |
How HTTP/2 works
A Citrix ADC appliance supports HTTP/2 on the client side as well on the server side. On the client side, the Citrix ADC appliance acts as a server that hosts an HTTP/HTTPS virtual server for HTTP/2. On the back-end side, the Citrix ADC acts as a client to the servers that are bound to the virtual server.
Therefore, the Citrix ADC appliance maintains separate connections on the client side as well on the server side. The Citrix ADC appliance has separate HTTP/2 configurations for the client side and the server side.
HTTP/2 for HTTPS (SSL) load balancing configuration
For an HTTPS load balancing configuration, the Citrix ADC appliance uses the TLS ALPN extension (RFC 7301) to determine whether the client/server supports HTTP/2. If it does, the appliance chooses HTTP/2 as the application-layer protocol to transmit data (as described in RFC 7540 - Section 3.3) on the client/server side. The appliance uses the following order of preference when choosing the application-layer protocol through the TLS ALPN extension:
- HTTP/2 (if enabled in the HTTP profile)
- SPDY (if enabled in the HTTP profile)
- HTTP/1.1
HTTP/2 for HTTP load balancing configuration
For an HTTP load balancing configuration, the Citrix ADC appliance uses one of the following methods to start communicating with the client/server using HTTP/2.
Note:
In the following method descriptions, client and server are general terms for an HTTP/2 connection. For example, for a load balancing setup of a Citrix ADC appliance using HTTP/2, the Citrix ADC appliance acts as a server on the client side and acts as a client to the server side.
-
HTTP/2 Upgrade. A client sends an HTTP/1.1 request to a server. The request includes an upgrade header, which asks the server to upgrade the connection to HTTP/2. If the server supports HTTP/2, the server accepts the upgrade request and notifies it in its response. The client and the server start communicating using HTTP/2 after the client receives the upgrade confirmation response.
-
Direct HTTP/2. A client directly starts communicating to a server in HTTP/2 instead of using the HTTP/2 upgrade method. If the server does not support HTTP/2 or is not configured to directly accept HTTP/2 requests, it drops the HTTP/2 packets from the client. This method is helpful if the admin of the client device already knows that the server supports HTTP/2.
-
Direct HTTP/2 using Alternative Service (ALT-SVC). A server advertises that it supports HTTP/2 to a client by including an Alternative Service (ALT-SVC) field in its HTTP/1.1 response. If the client is configured to understand the ALT-SVC field, the client and the server start directly communicating using HTTP/2 after the client receives the response.
The Citrix ADC appliance provides configurable options in an HTTP profile for the HTTP/2 methods. These HTTP/2 options can be applied to the client side as well to the server side of an HTTPS or HTTP load balancing setup. For more information for HTTP/2 methods and options, refer to the HTTP/2 options PDF.
Before you Begin
Before you begin configuring HTTP/2 on a Citrix ADC appliance, note the following points:
- The Citrix ADC appliance supports HTTP/2 on the client side as well on the server side.
- The Citrix ADC appliance does not support the HTTP/2 server push functionality.
- The Citrix ADC appliance does not support the HTTP/2 request prioritization functionality.
- The Citrix ADC appliance does not support HTTP/2 SSL renegotiation for HTTPS load balancing setups.
- The Citrix ADC appliance does not support HTTP/2 NTLM authentication.
- With HTTP/2 enabled, connection multiplexing disabled (like USIP enabled) and one to one mapping of client and server TCP connections, close events such as FIN, reset (RST) are forwarded from the client or server connection to the linked peer connection.
Configuring HTTP/2
Configuring HTTP/2 for a load balancing setup (HTTPS or HTTP) consists of the following tasks:
-
Enable HTTP/2 and set optional HTTP/2 parameters in an HTTP Profile. Enable HTTP/2 in an HTTP profile. When you only enable HTTP/2 in an HTTP profile, the Citrix ADC appliance uses only the upgrade method (for HTTP) or TLS ALPN method (for HTTPS) for communicating in HTTP/2.
For the Citrix ADC appliance to use the direct HTTP/2 method, the Direct HTTP/2 option must be enabled in the HTTP profile. For the Citrix ADC appliance to use the direct HTTP/2 using the alternative service method, the Alternative Service (altsvc) option must be enabled in the HTTP profile.
-
Bind the HTTP profile to a virtual server or a service. Bind the HTTP profile to a virtual server to configure HTTP/2 for the client side of the load balancing setup. Bind the HTTP profile to a service to configure HTTP2 for the server side of the load balancing setup.
Note:
Citrix recommends binding separate HTTP profiles for the client side and the server side.
-
Enable the global parameter for HTTP/2 server side support. Enable the HTTP/2 Service Side (HTTP2Serverside) global HTTP parameter for enabling the HTTP/2 support on the server side of all the load balancing setups that has HTTP/2 configured.
HTTP/2 does not work on the server side of any load balancing setups if HTTP/2 Service Side is disabled even if the HTTP/2 is enabled on the HTTP profile bound to the related load balancing services.
Citrix ADC Command Line procedures:
To enable HTTP/2 and set HTTP/2 parameters by using the Citrix ADC command line
- To enable HTTP/2 and set HTTP/2 parameters while adding an HTTP profile, at the command prompt, type:
add ns httpProfile <name> - http2 ( ENABLED | DISABLED ) [-http2Direct ( ENABLED | DISABLED )] [-altsvc ( ENABLED | DISABLED )]
show ns httpProfile <name>
- To enable HTTP/2 and set HTTP/2 parameters while modifying an HTTP profile, at the command prompt, type:
set ns httpProfile <name> -http2 ( ENABLED | DISABLED ) [-http2Direct ( ENABLED | DISABLED)] [-altsvc (ENABLED | DISABLED )]
show ns httpProfile <name>
To bind the HTTP profile to a virtual server by using the Citrix ADC command line
At the command prompt, type:
set lb vserver <name> - httpProfileName <string>
show lb vserver <name>
To bind the HTTP profile to a load balancing service by using the Citrix ADC command line
At the command prompt, type:
set service <name> -httpProfileName <string>
show service <name>
To enable HTTP/2 support globally on the server side by using the Citrix ADC command line
At the command prompt, type:
set ns httpParam -HTTP2Serverside( ENABLED | DISABLED )
show ns httpParam
To enable HTTP/2 and set HTTP/2 parameters by using the Citrix ADC GUI
- Navigate to System > Profiles, and click the HTTP Profiles tab.
- Enable HTTP/2 while adding an HTTP profile or modifying an existing HTTP profile.
To bind the HTTP profile to a virtual server by using the Citrix ADC GUI
- Navigate to Traffic Management > Load Balancing > Virtual Servers, and open the virtual server.
- In Advanced Settings, click + HTTP Profile to bind the created HTTP profile to the virtual server.
To bind the HTTP profile to a load balancing service by using the Citrix ADC GUI
- Navigate to Traffic Management > Load Balancing > Service, and open the service.
- In Advanced Settings, click + HTTP Profile to bind the created HTTP profile to the service.
To enable HTTP/2 support globally on the server side by using the GUI
Navigate to System > Settings, click Change HTTP parameters, and enable HTTP/2 Server Side.
Sample configurations
In the following sample configuration, HTTP/2 and direct HTTP/2 are enabled on HTTP profile HTTP-PROFILE-HTTP2-CLIENT-SIDE. The profile is bound to virtual server LB-VS-1.
set ns httpProfile HTTP-PROFILE-HTTP2-CLIENT-SIDE -http2 enabled -http2Direct enabled
Done
set lb vserver LB-VS-1 -httpProfileName HTTP-PROFILE-HTTP2-CLIENT-SIDE
Done
<!--NeedCopy-->
In the following sample configuration, HTTP/2 and alternative service (ALT-SVC) is enabled on HTTP profile HTTP-PROFILE-HTTP2-SERVER-SIDE. The profile is bound to service LB-SERVICE-1.
set ns httpparam -HTTP2Serverside ENABLED
Done
set ns httpProfile HTTP-PROFILE-HTTP2-SERVER-SIDE -http2 ENABLED -altsvc ENABLED
Done
set service LB-SERVICE-1 -httpProfileName HTTP-PROFILE-HTTP2-SERVER-SIDE
Done
<!--NeedCopy-->
Configure HTTP/2 initial connection window size
As per RFC 7540, the flow-control window for HTTP2 stream and connection must be set to 64 K (65535) octets, and any change made to this value must be communicated to the peer. The ADC appliance communicates the change in flow-control window size as follows:
- Using the
SETTINGS
frame for the stream. - Using the
WINDOW_UPDATE
frame for the connection.
In an HTTP profile, you must configure the http2InitialWindowSize
parameter to set the initial window size at the stream level. Because of an internal system error, the ADC appliance initializes the flow-control window for the connection also. When there is a change in the configured flow-control window for the stream, the ADC appliance communicates to the peer using the SETTINGS frame. But the ADC appliance fails to communicate the change in flow-control window for the connection using the WINDOW_UPDATE
frame. This leads to a connection freeze.
To overcome the issue, the http2InitialConnWindowSize
parameter (in bytes) is now added to control the flow-control window for connection. By using separate configurable parameters, you can now enable the appliance to send updates for changed window size at both stream and connection levels.
Configure the HTTP/2 initial connection window size parameter by using the CLI
At the command prompt, type:
set http profile p1 -http2InitialConnWindowSize 8290
Initial window size for stream level flow control, in bytes.
Default value: 65535
Minimum value: 8192
Maximum value: 20971520
<!--NeedCopy-->
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.