Jump to content
Welcome to our new Citrix community!

SSL_Bridge Vserver never goes to LEASTCONNECTION


Recommended Posts

Hello. We have multiple SSL_Bridge Vservers in front of Horizon and they never become LEASTCONNECTION. They are always stuck at Round RObin.

 

Versvers are up and Horizon works but its obviously not optimally load balanced.

 

Here is the CLI output of a Vserver:

> show lb vserver  lbvip-Horizon8UAG-SSL
        lbvip-Horizon8UAG-SSL (x.x.x.49:443) - SSL_BRIDGE    Type: ADDRESS
        State: UP
        Last state change was at Thu Jun 22 22:22:50 2023
        Time since last state change: 0 days, 00:05:25.230
        Effective State: UP
        Client Idle Timeout: 180 sec
        Down state flush: ENABLED
        Disable Primary Vserver On Down : DISABLED
        Appflow logging: ENABLED
        No. of Bound Services :  2 (Total)       2 (Active)
        Configured Method: LEASTCONNECTION
        Current Method: Round Robin, Reason: Bound service's state changed to UP        BackupMethod: ROUNDROBIN

        Group: Horizon8UAG
        Mode: IP
        Persistence: SOURCEIP   Persistence Mask: 255.255.255.255       Persistence Timeout: 600 min
        Connection Failover: DISABLED
        L2Conn: OFF
        Skip Persistency: None
        Listen Policy: NONE
        IcmpResponse: PASSIVE
        RHIstate: PASSIVE
        New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
        Mac mode Retain Vlan: DISABLED
        DBS_LB: DISABLED
        Process Local: DISABLED
        Traffic Domain: 13
        TROFS Persistence honored: ENABLED
        Retain Connections on Cluster: NO

Bound Service Groups:
1)      Group Name: svcgrp-Horizon8UAG-SSL

                1) svcgrp-Horizon8UAG-SSL (x.x.x.150: 443) - SSL_BRIDGE State: UP    Weight: 1
                2) svcgrp-Horizon8UAG-SSL (x.x.x.151: 443) - SSL_BRIDGE State: UP    Weight: 1

 

We are running version 11.1 65.23 which I know is old. Is this a bug in the Netscaler software?

Link to comment
Share on other sites

How long did you observe the traffic, once it fell back to roundrobin to determine it wasn't returning to leastconnection?

And are your services going through changes in state and going from UP to DOWN and back again multiple times?

 

Least connection fallsback to round robin by default for the next: (# of services * 100 requests)* # of PPE.  If you have 2 services, the next 200 lb decisions not covered by persistence will be handled round robin, which will distribute across the 2 services and then it should exit to least connection afterwords.  # of PPE is number of packet processing engines, which may be more than 1 if you more than one packet processing CPU allocated (for vms or number of cores for physical). So it might go longer.

 

However, each time the VSERVER changes state, or a service goes from down to UP, it will go back to roundrobin.  It will still achieve distribution and avoid certain "blackhole" issues.  

 

Also, if your connections are imbalanced, are your users connecting to the lb vserver for horizon directly? or Are the users connecting from the Gateway, so all the users are coming from the one gateway source instead?  Did session connect while a service was down, so all the existing users will reaming on the working service, until persistence expires and new lb decisions need to be made.

Link to comment
Share on other sites

On 6/24/2023 at 2:23 PM, Rhonda Rowland1709152125 said:

How long did you observe the traffic, once it fell back to roundrobin to determine it wasn't returning to leastconnection?

And are your services going through changes in state and going from UP to DOWN and back again multiple times?

 

Least connection fallsback to round robin by default for the next: (# of services * 100 requests)* # of PPE.  If you have 2 services, the next 200 lb decisions not covered by persistence will be handled round robin, which will distribute across the 2 services and then it should exit to least connection afterwords.  # of PPE is number of packet processing engines, which may be more than 1 if you more than one packet processing CPU allocated (for vms or number of cores for physical). So it might go longer.

 

However, each time the VSERVER changes state, or a service goes from down to UP, it will go back to roundrobin.  It will still achieve distribution and avoid certain "blackhole" issues.  

 

Also, if your connections are imbalanced, are your users connecting to the lb vserver for horizon directly? or Are the users connecting from the Gateway, so all the users are coming from the one gateway source instead?  Did session connect while a service was down, so all the existing users will reaming on the working service, until persistence expires and new lb decisions need to be made.

Hi Rhonda,  The VSERVERS and services have been stable for weeks and NEVER transition to LEASTCONNECTION. Users are all going to LB Vserver for either the Connection or UAG servers.

Link to comment
Share on other sites

Here is the CLI of one of the problem vservers:

 

95)     LB-HORIZON-SSL (x.x.x.x:443) - SSL_BRIDGE  Type: ADDRESS
        State: UP
        Last state change was at Wed May 31 03:36:43 2023
        Time since last state change: 26 days, 12:49:13.300
        Effective State: UP
        Client Idle Timeout: 180 sec
        Down state flush: ENABLED
        Disable Primary Vserver On Down : DISABLED
        Appflow logging: ENABLED
        No. of Bound Services :  2 (Total)       2 (Active)
        Configured Method: LEASTCONNECTION
        Current Method: Round Robin, Reason: Bound service's state changed to UP        BackupMethod: ROUNDROBIN
        Group: PG-HORIZON
        Mode: IP
        Persistence: SOURCEIP   Persistence Mask: 255.255.255.255       Persistence Timeout: 600 min
        Connection Failover: DISABLED
        L2Conn: OFF
        Skip Persistency: None
        Listen Policy: NONE
        IcmpResponse: PASSIVE
        RHIstate: PASSIVE
        New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
        Mac mode Retain Vlan: DISABLED
        DBS_LB: DISABLED
        Process Local: DISABLED
        Traffic Domain: 25
        TROFS Persistence honored: ENABLED
        Retain Connections on Cluster: NO
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...