Jump to content
Welcome to our new Citrix community!

persistence for http/3 QUIC vserver


Recommended Posts

Hi
I've got a QUIC vserver up and working in line with the Citrix instructions below:

https://support.citrix.com/article/CTX584234/quic-protocol-configuration

 
The loadbalanced frontends are SSL as they don't have http/3 enabled. I don't appear to be able to specify any persistence settings for a QUIC vserver.

My understanding is that Connection ID between client and web frontend would be used if the vserver was QUIC_BRIDGE but how does persistence work for a QUIC vserver.

Thanks
Andy

Link to comment
Share on other sites

The Netscaler HTTP/3 configuration document below shows an example QUIC Profile with "Active Connection Migration" as being enabled.

https://docs.netscaler.com/en-us/citrix-adc/current-release/system/http3-over-quic-protocol/http3-configuration-and-stat-summary.html

The IETF RFC 9000 QUIC: A UDP-Based Multiplexed and Secure Transport states that for a simple load balancer:

"A server in a deployment that does not implement a solution to maintain connection continuity
when the client address changes indicate that migration is not supported by using the
disable_active_migration transport parameter."

As I can't seem to set any persistence method for a QUIC vServer, I'd assume that "Active Connection Migration" should be disabled in the Netscaler QUIC profile. I'll contact Citrix support for clarification.

Link to comment
Share on other sites

I think that I may have found an answer of sorts. Packet captures show the following regarding QUIC Connection IDs (CID) between client and vServer:

Initial QUIC client to vServer
Source CID length: 0
Destination CID length: 8 (16 character hex)

vServer QUIC response to client
Source CID length: 0
Destination CID length: 20 (40 character hex)

From then on, the client uses this 40 character hex CID as its QUIC Destination CID while the vServer uses it for its Source CID.

This would give Netscaler the means to provide peristence/continuity for QUIC sessions. It looks like this QUIC CID "persistence" is neither configurable nor viewable for Netscaler adminstrators.

Andy

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...