-
Getting Started with NetScaler
-
Deploy a NetScaler VPX instance
-
Optimize NetScaler VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
-
Apply NetScaler VPX configurations at the first boot of the NetScaler appliance in cloud
-
Configure simultaneous multithreading for NetScaler VPX on public clouds
-
Install a NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for installing NetScaler VPX virtual appliances on Linux-KVM platform
-
Provisioning the NetScaler virtual appliance by using OpenStack
-
Provisioning the NetScaler virtual appliance by using the Virtual Machine Manager
-
Configuring NetScaler virtual appliances to use SR-IOV network interface
-
Configure a NetScaler VPX on KVM hypervisor to use Intel QAT for SSL acceleration in SR-IOV mode
-
Configuring NetScaler virtual appliances to use PCI Passthrough network interface
-
Provisioning the NetScaler virtual appliance by using the virsh Program
-
Provisioning the NetScaler virtual appliance with SR-IOV on OpenStack
-
Configuring a NetScaler VPX instance on KVM to use OVS DPDK-Based host interfaces
-
-
Deploy a NetScaler VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Protect AWS API Gateway using the NetScaler Web Application Firewall
-
Configure a NetScaler VPX instance to use SR-IOV network interface
-
Configure a NetScaler VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a NetScaler VPX instance on Microsoft Azure
-
Network architecture for NetScaler VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a NetScaler VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Deploy a NetScaler high-availability pair on Azure with ALB in the floating IP-disabled mode
-
Configure a NetScaler VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the NetScaler high availability template with Azure ILB
-
Configure a high-availability setup with Azure external and internal load balancers simultaneously
-
Configure a NetScaler VPX standalone instance on Azure VMware solution
-
Configure a NetScaler VPX high availability setup on Azure VMware solution
-
Configure address pools (IIP) for a NetScaler Gateway appliance
-
Deploy a NetScaler VPX instance on Google Cloud Platform
-
Deploy a VPX high-availability pair on Google Cloud Platform
-
Deploy a VPX high-availability pair with external static IP address on Google Cloud Platform
-
Deploy a single NIC VPX high-availability pair with private IP address on Google Cloud Platform
-
Deploy a VPX high-availability pair with private IP addresses on Google Cloud Platform
-
Install a NetScaler VPX instance on Google Cloud VMware Engine
-
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
Web Application Firewall protection for VPN virtual servers and authentication virtual servers
-
On-premises NetScaler Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
Configure DNS resource records
-
Configure NetScaler as a non-validating security aware stub-resolver
-
Jumbo frames support for DNS to handle responses of large sizes
-
Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode
-
Use case - configure the automatic DNSSEC key management feature
-
Use Case - configure the automatic DNSSEC key management on GSLB deployment
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the NetScaler appliance
-
-
-
-
-
Authentication and authorization for System Users
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
gRPC bridging
When a client sends a request over HTTP/1.1 protocol, the NetScaler appliance supports bridging of the gRPC requests over HTTP/1.1 protocol which is in compliance with the gRPC server over HTTP/2 protocol. Similarly, in reverse bridging, the appliance receives the client gRPC request over the HTTP/2 protocol and performs reverse bridging for the gRPC requests in compliance with the gRPC server of the HTTP/1.1 protocol.
How gRPC bridging works
In this scenario, the NetScaler appliance seamlessly bridges gRPC content received on an HTTP/1.1 connection and forwards it to the back-end gRPC server over HTTP/2.
The following diagram shows how components interact with each other in a gRPC bridging configuration.
- When a gRPC request is sent, the NetScaler appliance checks if the connection is HTTP/1.1 and the content type is application/grpc. The HTTP/1.1 requests translate to the following pseudo headers.
- On receiving a gRPC request on HTTP/1.1. connection as indicated by the Content-Type header, the ADC appliance transforms the request into gRPC over HTTP/2 as given below:
:method: Method-name in HTTP/1.1 request
:path: Path is HTTP/1.1 request
content-type: application/grpc
<!--NeedCopy-->
- Based on policy evaluation, the load balancing virtual server (with the gRPC service bound to it) terminates the request or forwards it over HTTP/2 frames to the back-end gRPC server.
- On receiving the response on a HTTP/2 connection from the gRPC server, the appliance buffers until it receives the HTTP/2 trailer and then checks for the gRPC-status code. If it is non-zero gRPC error status, the appliance looks for the mapping HTTP Status code and send a suitable HTTP/1.1 error response.
Configure gRPC bridging by using the CLI
To configure gRPC bridging, you must complete the following steps:
- Add HTTP profile with HTTP/2 and HTTP/2 direct enabled
- Enable global back-end HTTP/2 support in the HTTP parameter
- Add load balancing virtual server of type SSL/HTTP and set the HTTP profile
- Add Service for gRPC endpoint and set the HTTP profile
- Bind gRPC end point service to load balancing virtual server
- Map gRPC status code to the HTTP response for non-zero gRPC status
- Configure gRPC buffering by time and/or size
Add HTTP profile with the HTTP/2 and HTTP/2 direct enabled
To begin the configuration, you must enable the HTTP/2 feature in the HTTP profile. If the client sends the HTTP 1.1 requests, the appliance bridges the request and forward it to the back-end server.
At the command prompt, type:
add ns httpProfile <name> - http2 ( ENABLED | DISABLED ) [-http2Direct ( ENABLED | DISABLED )]
Example:
add ns httpProfile http2gRPC -http2Direct ENABLED -http2 ENABLED
Enable global back end HTTP/2 support in the HTTP parameter
To enable the HTTP/2 support globally on the server side by using the NetScaler command line.
At the command prompt, type:
set ns httpParam -http2ServerSide( ON | OFF )
Example:
set ns httpParam -http2ServerSide ON
Add load balancing virtual server of type SSL/HTTP and set the HTTP profile
To add a load balancing virtual server by using the NetScaler command interface
At the command prompt, type:
add lb vserver <name> <service type> [(<IP address>@ <port>)] [-httpProfileName <string>]
Example:
add lb vserver lb-grpc HTTP 10.10.10.10 80 -httpProfileName http2gRPC
Note:
If you are using a load balancing virtual server of type SSL, then you must bind the server certificate. See Bind server certificate topic for more information.
Add Service for gRPC endpoint and set the HTTP profile
To add a gRPC service with the HTTP profile by using the NetScaler command interface.
At the command prompt, type:
add service <name> (<IP> | <serverName> ) <serviceType> <port> [-httpProfileName <string>]
Example:
add service svc-grpc 10.10.10.10 HTTP 80 -httpProfileName http2gRPC
Bind gRPC end point service to load balancing virtual server
To bind a gRPC end point service to the load balancing virtual server by using the CLI.
At the command interface, type:
bind lb vserver <name> <serviceName>
Example:
bind lb vserver lb-grpc svc-grpc
Map gRPC status code to HTTP status-code in the HTTP/1.1 response
In gRPC bridging scenario, the gRPC service responds to the request with a gRPC status-code. The appliance maps the gRPC status code to a corresponding HTTP response code and reason phrase. The mapping is done based on the table provided below. The NetScaler appliance when sending the HTTP/1.1 response to the client sends the HTTP status code and the reason phrase.
gRPC status-code | HTTP response status-code | HTTP response reason-phrase |
---|---|---|
OK = 0 | 200 | OK |
CANCELLED = 1 | 499 | * |
UNKNOWN = 2 | 500 | Internal Server Error |
INVALID_ARGUMENT = 3 | 400 | Bad Request |
DEADLINE_EXCEEDED = 4 | 504 | Gateway Timeout |
NOT_FOUND = 5 | 404 | * |
ALREADY_EXISTS = 6 | 409 | Conflict |
PERMISSION_DENIED = 7 | 403 | Forbidden |
UNAUTHENTICATED = 16 | 401 | Unauthorized |
RESOURCE_EXHAUSTED = 8 | 429 | * |
FAILED_PRECONDITION = 9 | 400 | Bad Request |
ABORTED = 10 | 409 | Conflict |
OUT_OF_RANGE = 11 | 400 | Bad Request |
UNIMPLEMENTED = 12 | 501 | Not Implemented |
INTERNAL = 13 | 500 | Internal Server Error |
UNAVAILABLE = 14 | 503 | Service Unavailable |
DATA_LOSS = 15 | 500 | Internal Server Error |
Configure gRPC buffering by time and/or size
The NetScaler appliance buffers the gRPC response from the back-end server until the response trailer is received. This breaks bi-directional gRPC calls. Also, if the gRPC response is huge, it consumes a significant amount of memory to buffer the response completely. To resolve the issue, the gRPC bridging configuration is enhanced to limit buffering by time and/or size. If the buffer size or time limit exceeds threshold, the appliance stops buffering and forwards the response to the client even when any one of the limitations triggers (either the trailer is not received within the configured buffer size or if the configured timeout occurs). As a result, the configured policies and its expressions (based on grpc-status code) do not work as expected.
To limit gRPC buffering by time and/or size by the CLI, you can configure when you add a new HTTP profile or configure when you modify an existing profile.
At the command prompt, type:
add ns httpProfile http2gRPC [-grpcHoldLimit <positive_integer>] [-grpcHoldTimeout <positive_integer>]
Or
set ns httpProfile http2gRPC [-grpcHoldLimit <positive_integer>] [-grpcHoldTimeout <positive_integer>]
Where,
grpcholdlimit
. Maximum size in bytes allowed to buffer gRPC packets until trailer is received. You can configure both the parameters and any one.
Default value: 131072 Minimum value: 0 Maximum value: 33554432
grpcholdtimeout
. Maximum time in milliseconds allowed to buffer gRPC packets until trailer is received. The value should be in multiples of 100.
Default value: 1000
Minimum value: 0
Maximum value: 180000
Example:
add httpprofile http2gRPC -grpcholdlimit 1048576 -grpcholdtimeout 5000
set httpprofile http2gRPC -grpcholdlimit 1048576 -grpcholdtimeout 5000
Configure gRPC bridging by using the GUI
Complete the following steps to configure gRPC bridging by using the NetScaler GUI.
Add HTTP profile with HTTP/2 and HTTP/2 direct enabled
- Navigate to System > Profiles and click HTTP Profiles.
- Select HTTP/2 in the HTTP profile.
Enable global back-end HTTP/2 support in the HTTP parameter
- Navigate to System > Settings > HTTP Parameters.
- In the Configure HTTP Parameter page, select HTTP/2 on Server Side option.
- Click OK.
Add load balancing virtual server of type SSL/HTTP and set HTTP profile
- Navigate to Traffic Management > Load Balancing > Virtual Servers.
- Click Add to create a load balancing virtual server for gRPC traffic.
- In Load Balancing Virtual Server page, click Profiles.
- In the Profiles section, select the profile type as HTTP.
- Click OK and then Done.
Add Service for gRPC endpoint and set HTTP profile
- Navigate to Traffic Management > Load Balancing > Services.
- Click Add to create an application server for gRPC traffic.
- In Load Balancing Service page, go to Profile section.
- Under Profiles, add HTTP profile for gRPC endpoint.
- Click OK and then Done.
Bind Service for gRPC endpoint to load balancing virtual server
- Navigate to Traffic Management > Load Balancing > Virtual Servers.
- Click Add to create a load balancing virtual server for gRPC traffic.
- In Load Balancing Virtual Server page, click Service and Service Groups section.
- In the Load Balancing Virtual Server Service Binding page, select the gRPC service to bind.
- Click Close and then Done.
Configure gRPC buffering by time and size by using the GUI
- Navigate to System > Profiles and click HTTP Profiles.
- Select HTTP/2 in the HTTP profile.
-
In the Configure HTTP Profile page, set the following parameters:
- grpcHoldTimeout. Enter the time in milliseconds to buffer gRPC packets until the trailer is received.
- grpcHoldLimit. Enter the maximum size in bytes to buffer gRPC packets until the trailer is received.
- Click OK and Close.
For detail GUI procedures for binding service and load balancing virtual servers, see Load Balancing topic.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.