1 / 48

May 2013

SUM410. Getting the Best Performance with Citrix NetScaler. Edward Targonski. May 2013. Agenda. Netscaler Model and Network Deployment Options Performance Enhancing Features Commonly Used Troubleshooting Tools and Commands Questions? Conclusion. Netscaler Models. NetScaler Models.

ziven
Télécharger la présentation

May 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SUM410 Getting the Best Performance with Citrix NetScaler Edward Targonski May 2013

  2. Agenda • Netscaler Model and Network Deployment Options • Performance Enhancing Features • Commonly Used Troubleshooting Tools and Commands • Questions? • Conclusion

  3. Netscaler Models

  4. NetScaler Models NetScaler MPX NetScaler VPX NetScaler SDX

  5. Differences Between MPX and VPX • Three main differences exist between MPX and VPX: • System capacity • Performance • Tagged VLAN Configuration • NetScaler VPX system capacity: • No hardware SSL acceleration • Processing not offloaded to dedicated silicon

  6. When to Use Which? NetScalerAppliances NetScalerVPX • Gig+ performance • High volume SSL Offload • >100 SSL VPN CCUs • FIPS requirements • Physical device security • Labs/test environments • Development environments • “Datacenter-in-a-box” • CPU-intensive workloads • Frequently moved apps • Fast/remote deployment

  7. NetScaler SDX Instances, not partitions Complete CPU isolation Complete memory isolation Version independence High availability independence Lifecycle independence

  8. Network TopologiesOne-Armed If you are able to, one-armed topologies are the preferred method of deploying NetScaler in most environments.

  9. Network TopologiesTwo-Armed The most common implementation of two-armed topologies are when a NetScaler is replacing another legacy two-armed device in a network

  10. Performance Enhancing Features and Settings

  11. Client Server FIN SYN+ACK SYN ACK ACK ACK FIN GET Data Data Data TCP Connection without NetScaler Server allocates storage for connection Server sees eleven packets Server de-allocates storage for the connection

  12. Client NetScaler Server ACK SYN+ACK SYN ACK FIN ACK GET GET Data Data Data Data Data Data FIN Transaction with NetScaler Server sees four packets

  13. Global Performance Settings

  14. Global Settings • Surge Protection • Path MTU discovery

  15. HTTP Parameters • Client IP Insertion • Cookie Version • Requests/Responses: • Drop invalid HTTP requests • Mark CONNECT request as invalid • Mark HTTP/0.9 request as invalid • Log HTTP error responses • Server Header Insertion

  16. TCP Parameters • Window Scaling • Selective Acknowledgments • Nagle’s Algorithm • SYN Attack Detection

  17. Performance Enhancing Features Compression SSL Offload Caching TCP Session Management Citrix Confidential - Do Not Distribute

  18. Performance Enhancing Features – SSL Offload SSL Offload Compression • Reduce Server Load • Higher TPS • Central Certificate Management • Central Cipher Management Caching TCP Session Management Citrix Confidential - Do Not Distribute

  19. Advanced Optimization: SSL Offload • In end-to-end, use low-level ciphers in NS-to-service communication • Cipher selection depends on client-needs, and security considerations. • Can be combined with IC and Compression for maximum impact Citrix Confidential - Do Not Distribute

  20. Performance Enhancing Features – Compression SSL Offload Compression • Faster response • Fewer bytes on-wire • Better response for low-bandwidth clients • Policy-based rules Caching TCP Session Management Citrix Confidential - Do Not Distribute

  21. Compression • NetScaler supports various ways of compressing traffic • HTTP traffic can easily be compressed by NetScaler • Less work for the web server • Client can understand and de-compress (accept-encoding header) • Compression governed via policies • Preconfigured policies exist

  22. Performance Enhancing Features – Caching SSL Offload Compression • Reduce server load • Faster response • Policy-based controls Caching TCP Session Management Citrix Confidential - Do Not Distribute

  23. Advanced Optimization: Caching • Use Content-Group settings to optimizefor min/max content size, or overallnumber of hits. • Use parameterization to optimize cache retrieval or invalidation. • Prioritize NO_CACHE policies before CACHE policies • Use multiple Content-Groups to allow for specific cache-clearing Citrix Confidential - Do Not Distribute

  24. Performance Enhancing Features – TCP Session Mangement SSL Offload Compression • Reduce server load • Faster server response • Full Traffic Optimization and Traffic Security Feature Sets Caching TCP Session Management Citrix Confidential - Do Not Distribute

  25. Results of Performance Enhancing Feature Configuration

  26. Standard HTTP Load Balancing “Sharepoint” SSL+HTTP Load Balancing Configuration SSL Handling on Servers *Times based on 1.5mbps connection with 0.7% packet loss. Source: Citrix Application Optimization for MOSS 2007 Performance Assessment - http://support.citrix.com/article/ctx120235 Citrix Confidential - Do Not Distribute

  27. SSL-Offloaded HTTP Load Balancing SSL-Offload + Compression Load Balancing Configuration SSL Handling on NetScalerStatic/Dynamic content compressed Servers configured as plaintext HTTP Source: Citrix Application Optimization for MOSS 2007 Performance Assessment - http://support.citrix.com/article/ctx120235 Citrix Confidential - Do Not Distribute

  28. SSL-Offload + Cmp +Caching HTTP Load Balancing SSL offload + Compression + Integrated CachingLoad Balancing Configuration SSL Handling on NetScaler + Compression with Integrated Caching *Cache object max. limit set to 10MB Source: Citrix Application Optimization for MOSS 2007 Performance Assessment - http://support.citrix.com/article/ctx120235 Citrix Confidential - Do Not Distribute

  29. Troubleshooting Tools and Commands

  30. NSCONMSG • Primary tool for detailed analysis • NetScaler logs all statistics every 7 seconds • Uses logs from /var/nslog • Logfiles are gzipped (use zcat) • Some stats now available via GUI(System > Diagnostics) Citrix Confidential - Do Not Distribute

  31. NSCONMSG – Examples Scenario: Testing reports problems with SSL VIP earlier. What happened? nsconmsg –K newnslog –g ssl_err –d stats Current logfile Displaying current counter value information NetScaler V20 Performance Data NetScaler NS9.3: Build 57.53.nc, Date: Jul 20 2012, 07:26:39 reltime:mili second between two records Fri Feb 5 10:31:31 2010 Index reltime counter-value symbol-name&device-no 0 0 0 ssl_err_ssl3_badversion 1 0 0 ssl_err_cavium_random_seed_failed 2 0 0 ssl_err_ubsec_card_reset 3 0 0 ssl_err_ssl3_send_server_hello 4 0 0 ssl_err_ssl3_send_server_certificate 5 0 0 ssl_err_ssl3_send_server_key_exchange 6 0 0 ssl_err_ssl3_send_certificate_request 7 0 0 ssl_err_ssl3_send_server_done Grep for ‘ssl_err’ View initial statistics Citrix Confidential - Do Not Distribute

  32. NSCONMSG – Examples Scenario: Testing reports problems with SSL VIP earlier. What happened? View timestamps nsconmsg –K newnslog –s disptime=1 –g ssl_err_ssl3 –d current View historic statistics Index rtimetotalcount-val delta rate/sec symbol-name&device-no&time 108 0 78 1 0 ssl_err_ssl3_get_client_hello Fri Feb 5 12:01:06 2010 109 14000 11 2 0 ssl_error_cvm_bad_record Fri Feb 5 12:01:20 2010 110 7000 79 1 0 ssl_err_ssl3_badversion Fri Feb 5 12:01:27 2010 111 0 79 1 0 ssl_err_ssl3_get_client_hello Fri Feb 5 12:01:27 2010 112 28000 81 2 0 ssl_err_ssl3_badversion Fri Feb 5 12:01:55 2010 113 0 81 2 0 ssl_err_ssl3_get_client_hello Fri Feb 5 12:01:55 2010 114 7000 83 2 0 ssl_err_ssl3_badversion Fri Feb 5 12:02:02 2010 Citrix Confidential - Do Not Distribute

  33. NSCONMSG – Examples Scenario: Testing reports problems with SSL VIP earlier. What happened? Output to csv nsconmsg –K newnslog -s csv=1 –g ssl_err_ssl3_badversion –d current > sslv3.csv Grep specific counter Write to file

  34. NSCONMSG – Examples Checking for distribution and performance nsconmsg –K newnslog –s ConLb=3 –d distrconmsg VIP(1.1.1.1:636:UP:WEIGHTEDRR): Hits(2506) Pers(OFF) PersHits(0:0%) Err(0:0%) Ovrride(0:0%) S(1.1.1.100:636:UP) Hits(835:33%) PHits(0:0%) LbHits(835:100%) S(1.1.1.101:636:UP) Hits(836:33%) PHits(0:0%) LbHits(836:100%) S(1.1.1.102:636:UP) Hits(835:33%) PHits(0:0%) LbHits(835:100%) VIP(2.2.2.2:389:UP:WEIGHTEDRR): Hits(6) Pers(OFF) PersHits(0:0%) Err(0:0%) Ovrride(0:0%) S(2.2.2.100:389:UP) Hits(2:33%) PHits(0:0%) LbHits(2:100%) S(2.2.2.101:389:UP) Hits(2:33%) PHits(0:0%) LbHits(2:100%) S(2.2.2.102:389:UP) Hits(2:33%) PHits(0:0%) LbHits(2:100%) VIP(3.3.3.3:123:UP:WEIGHTEDRR): Hits(180) Pers(SOURCEIP) PersHits(180:100%) Err(0:0%) Ovrride(0:0%) S(3.3.3.100:123:UP) Hits(42:23%) PHits(42:100%) LbHits(0:0%) S(3.3.3.101:123:UP) Hits(49:27%) PHits(49:100%) LbHits(0:0%) S(3.3.3.102:123:UP) Hits(46:25%) PHits(46:100%) LbHits(0:0%) S(3.3.3.103:123:UP) Hits(43:23%) PHits(43:100%) LbHits(0:0%) Citrix Confidential - Do Not Distribute

  35. NSCONMSG – Examples Checking for distribution and performance nsconmsg –K newnslog –s ConLb=3 –d oldconmsg current time is Thu Apr 8 14:45:28 2010 ------------------------------------------------------- NATSession : Free(19644)A(21845)InUse(2201) NATSession: Cur(Tcp[194] Udp[2007] Icmp[0] Other[0]) NATSession: Op/s(Tcp[3] Udp[436] Icmp[1] Other[0]) Session: A:9187 F:4604 IUse:4583 SEs: SIP:4582 C:0 SSL:0 Svr:1 UserId:0 SIPDIP:0 DIP:0 SO:0 SSF: Conn (Srvr 0 Clnt 1) U:0 CM: Conn (Srvr 0 Clnt 1) Sessions PCB 0 NATPCB 0 Z(SIP[68307], C[0], SSL[0] Server[22] SIPDIP[0] DIP[0] SO[0]) Mon: Probes: 24303862, Failed: 3757181 Citrix Confidential - Do Not Distribute

  36. NSCONMSG – Examples Checking for distribution and performance nsconmsg –K newnslog –s Con???=3 –d oldconmsg ConDebug - Debugging ConLb - Load Balancing ConMon - Monitoring Probes ConMEM - Memory Management ConCSW - Content Switching ConSSL - SSL Offload ConCMP - Compression ConIC - Integrated Caching Citrix Confidential - Do Not Distribute

  37. nstrace.sh • Nstrace supports filtering beginning in 9.x nstrace -size 0 -filter "SOURCEIP == 10.1.2.3 && SOURCEPORT == 8080" -link ENABLE Packet-size limit Booleans supported! Filters in standard NS policy format Automatically capture linkedclient/server connections Filter on: SOURCEIPSOURCEPORTDESTIPDESTPORTSVCNAMEVSVRNAMESTATE http://support.citrix.com/article/ctx121166 Citrix Confidential - Do Not Distribute

  38. Wireshark • nstrace files now officially supported in Wireshark! • Available in latest Stable release • Includes ns.pdevno and ns.l_pdevno filtering Citrix Confidential - Do Not Distribute

  39. Citrix AutoSupport Introduction

  40. Citrix AutoSupport Analysis

  41. Graph Generated by AutoSupport Tools

  42. Resources

  43. Resources • Netscaler HTTP Profiles • Netscaler TCP Profiles • Tune NetScaler TCP Stack • Netscaler Advanced SSL Settings • Nsconmsg to Excel Tool • Netscaler SSL Offload

  44. Resource – 2 • Netscaler Integrated Caching • Netscaler Compression • Netscaler CPU Profiling • Citrix AutoSupport (TaaS) • Netscaler Datasheet - Models and Specs • Citrix Application Optimization for MOSS 2007 Performance Assessment

  45. Conclusion

  46. Question

  47. Before you leave… • Conference surveys are available online at www.citrixsynergy.com starting Friday, May 24 at 9:00 a.m. PT • Provide your feedback by 4:00 p.m. PT that day and you’ll receive a $30 Amazon.com gift card via email • Download presentations starting Monday, June 3, from your My Conference Planning tool located within the My Account section

More Related