Jump to content
Welcome to our new Citrix community!

Connection multiplexing scenario


Maulik Padh

Recommended Posts

Can you please help me to understand the below query

1) I have enabled connection multiplexing on Netscaler and now I want to understand in which scenario would multiplexing stop working 

Condition is

If the backend server is not responding for any http request sent by VIP will my new TCP connection start in backend for the other http request which is on frontend traffic?

Link to comment
Share on other sites

First TCP multiplexing:

I'm assuming that when you said you enabled multiplexing you configured it as in a http profile or similar setting.  The reality is tcp multiplexing is on by default for services/traffic types that support and the http profile or other property gives you the chance to turn it off if not needed as opposed to needing to turn it on.   So to clarify, which exact setting are you referring to.

 

TCP connection multiplexing is on by default in most HTTP/HTTPS/MSSQL/MYSQL load balancing scenarios without doing additional config.  Connection multiplexing allows the ADC to decouple the HTTP (or other request) from the underlying TCP connection management behavior and handle connection management client-side (vserver) independently of server-side (service) connection management.  The multiplexing allows requests from different clients to be sent over the same connections server side allowing the adc to determine connection reuse behavior server-side independent of the client side connection management

 

Lower-level protocols like TCP-based traffic will not do tcp multiplexing anyway, as you can't decouple the TCP request from the TCP connection management at this level.

 

If your LB vserver is configured in USIP (use source ip) mode connection multiplexing is suspended and you will have a connection per "source iP" server side same as you have client side.  

 

See articles:  

https://support.citrix.com/article/CTX124713

https://www.citrix.com/blogs/2012/03/08/connection-multiplexing-in-netscaler/

https://support.citrix.com/article/CTX135155 (additional articles at base)

 

Next, regarding this statement:

15 minutes ago, Maulik Padh said:

If the backend server is not responding for any http request sent by VIP will my new TCP connection start in backend for the other http request which is on frontend traffic?

 

This statement is unclear on the problem you are trying to solve.

By default, client traffic is directed to VIP and then the SNIP is used by netscaler to service/server destination. Unless a net profile is used to change which "IP" to use in the backend scenario.  You haven't indicated this or USIP mode are in use, so the assumption is that the SNIP is used for NS to server (backend) communication.  But under normal config the VIP is not what is seen by the backend.

 

If the backend server is not responding, then this is not a tcp multiplexing issue (yet). This is a what IP is availabel to reach the backend destination and is usually a snip/route/firewall/or ACL issue preventing access. Either you don't have a valid SNIP to be used for backend communication, the route(s) aren't defined to reach the destination network, a firewall is blocking access from SNIP to destination, or other ACLs have been implemented that are blocking traffic.  Or multiple of these issues are in effect.

 

If USIP (use source iP mode) is set, the packet will keep its originating client ip int he "source IP" field as it leaves the ADC, but a SNIP is still required on the destination network, proper routes defined (if needed) and then other steps may be required to ensure traffic from the destination server can return to the ADC.  If this is a config issue, then fix that first. Though a network trace may be required to figure out exactly what is going on across all components.

 

Clarify what type of traffic flow you want for client to NS (vip) and then NS to server (SNIP or other). Then we can figure out why that isn't working. And then worry about multiplexing later. 

 

 

 

 

 

Link to comment
Share on other sites

Thanks for the answer.

My question is very simple sir. 

Client IP 1.1.1.1

VIP 2.2.2.2

Snip 3.3.3.3

Backend server 3.3.3.4

 

Forget about usip or other communication.

 

I am aware connection multiplexing is by default for http SSL traffic.

 

Question is : in what scenarios snip to backend would start new TCP connection for sending multiple http requests to backend communication. I am just concerned about backend path even if multiplexing is in place by default.

 

Scenario 1 : my backend server is responding correctly for majority http request but by some chance for 5 mins backend server is not responding any thing for the http request sent by snip. Will snip would wait for a response from server and still continue to use same TCP stream or would it use new TCP stream for the next http request ?

 

 

Link to comment
Share on other sites

From this blog, see the following:

3. If a connection is available in the reuse pool, it is used to send the client request and get data from the server

4. If a connection is not available in the reuse pool, NetScaler creates a new connection to the selected server

5. In both cases, once the client request is served, the connection is put back in the reuse pool for serving future requests from the same or other clients

It’s important to note that multiple requests are not sent simultaneously on the server side connection. In other words server side connections are used to send requests sequentially and after serving each request connections are put back to reuse pool. Another interesting aspect of connection multiplexing is that to serve multiple requests from the same client, multiple server side connections from the reuse pool can be used.

 

https://www.citrix.com/blogs/2012/03/08/connection-multiplexing-in-netscaler/

See also:  https://support.citrix.com/article/CTX136705

 

I think you are looking for an error based on multiplexing that doesn't exist.  If you are experiencing this behavior, then there is a different root cause.

With connection multiplexing, if multiple requests need to be served they are sent on parallel connections; connections are reused if available and if not new connections are established. They time out and are terminated if remain unused once exceeding the idle period.

 

Settings like maxrequests limit the number of outstanding requests pipelined down single connection, before current connection needs to terminate and additional connections must be established.  If this value is too low you can see performance delays or prevention of multiplexing.  Max connection limits are used to limit number of conenctions established to server to stay under server thresholds, but if too low (or too high) may require more servers behind the load balancer (if too low) OR cause a performance issue where the server can't keep up with connection requirements (if too high).

 

So, based on these two statements:
 

2 hours ago, Maulik Padh said:

Question is : in what scenarios snip to backend would start new TCP connection for sending multiple http requests to backend communication. I am just concerned about backend path even if multiplexing is in place by default.

 

So first, What scenarios would snip to backend start a new connection:  any time you have multiple requests, additional connections will be established if existing connections are not available.  Multiplexing doesn't mean that ONLY ONE connection will be created between adc to server, but that the connection can be reused as long as it is viable for requests (regardless of which client) the request originated. New connections will be established to avoid requeset bottlenecks, existing connections still available will be reused, old connections can be marked for cleanup if timed out or non-viable.  But connection management will be based on NS/server side communication independent of connection management requirement based on client side requests.

 

You want multiple connections to be established and used as needed.  

 

I don't know what your concern about "backend path" is about, as load balancing method  + persistence determines that related transactions go to same destination server.  TCP multiplexing/Connection management/offload/reuse is about making the tcp connection handling more efficient for the backend servers.  The connection behavior HAS NOTHING to do with the LB METHOD/PERSISTENCE behavior.   Once the "backend path" aka load balancing decision is made it determines which server should fulfill the transaction, the underlying connection handling will ensure that the request/connection handling to get to that destination is handled efficiently.

 

If you meant something else, please clarify.

 

2 hours ago, Maulik Padh said:

Scenario 1 : my backend server is responding correctly for majority http request but by some chance for 5 mins backend server is not responding any thing for the http request sent by snip. Will snip would wait for a response from server and still continue to use same TCP stream or would it use new TCP stream for the next http request ?

 

In this case, if your backend server is not responding for 5 minutes, a better question is what is causing that behavior.

  • If the issue is caused by too many requests/connections to a single server...then maxrequests and maxclients (aka maxconnections) settings are designed to prevent the netscaler from overwhelming the server destinations behind it. If  web server can only handle 200 connections (due to cpu or memory overhead or apache/iis web limits) then the service/servicegroup can be configured with a limit which would allow the destination to be removed from load balancing until thresholds are below limit to avoid causing the server to become unresponsive in the first place (we want existing dependent transactions to complete; we don't want to keep sending new load balancing decisions to a server that can't fulfill them.)  The end result is probably needing correct thresholds set AND adding more destination services for load balancing.  Secondary consideration is adjusting your lb method/persistence for what is needed for this app to perform properly.
  • If a server waits for 5 minutes before responding, depending on whether that same connection will be used again depends on your connection idle timeouts.  The default server side connection idle timeout is default 6 minutes (I think); client side is default 3 minutes (I think).   If the connection becomes non-viable it will time out anyway.

If a next request comes in, a new connection will be selected if the current request is outstanding...new connections are established as needed.

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...