How to Configure SPDY on NetScaler Appliance
Article ID: CTX138554
Updated On:
Description
This article describes how to configure SPDY on a NetScaler appliance.
Background
SPDY is an open networking experimental protocol developed by Google to reduce the time that a client takes to load a web page in a browser. An application layer protocol, SPDY changes the way in which HTTP requests and responses are handled. SPDY offers the following advantages compared to a regular HTTP transaction:
-
Multiplexed requests and responses: In a single SPDY session, multiple requests from the client can be sent over a single TCP connection to the server. This reduces the number of TCP connections and also optimizes usage of each TCP connection.
-
Request prioritization: When requesting services from the server, a client can assign a priority to each request.
-
Header Compression: SPDY compresses the HTTP request and response headers, saving bandwidth and reducing latency.
-
Server push: The server can send data to the client before the client requests it.
-
Security: SPDY is secure by design because SSL is required for SPDY connections.
Requirements
-
NetScaler software release 10.1 or later.
-
SPDY enabled browser.
-
If you use a NetScaler appliance as a SPDY gateway for the servers, the servers do not have to support SPDY.
-
Both ends of a SPDY connection must support the same version of SPDY. Additionally, the clients must meet the following requirements:
- Support ZLIB compression and accept compressed data.
- Support the Next Protocol Negotiation (NPN) Transport Layer Security (TLS) extension, because NPN is used in the TLS handshake.
Instructions
Note: If you are using NetScaler version 10.5, 11 or 11.1 then refer to Citrix Documentation - SPDY (Speedy) to configure SPDY on NetScaler appliance.
To configure SPDY on NetScaler 10.1, complete the following procedure:
NetScaler GUI
-
Select System > Profiles from the Configuration utility of the NetScaler appliance.
-
In the Details pane, select HTTP Profile.
-
Click Add.
-
Enable SPDY.
-
Click Create.
-
Select Traffic Management > Load Balancing > Virtual Servers.
-
Open the SSL virtual server.
-
Select Profiles.
-
Select spdy_enabled for HTTP Profile.
-
Click OK.
NetScaler CLI
Alternatively, run the following commands from the command line interface to configure SPDY on a NetScaler appliance:
add ns httpProfile spdy_enabled -dropInvalReqs DISABLED -markHttp09Inval DISABLED -markConnReqInval DISABLED -cmpOnPush DISABLED -conMultiplex ENABLED -maxReusePool 0 -dropExtraCRLF ENABLED -incompHdrDelay 7000 -webSocket DISABLED -reqTimeout 0 -adptTimeout DISABLED -reqTimeoutAction DROP -dropExtraData DISABLED -webLog ENABLED -maxReq 0 -persistentETag DISABLED -spdy ENABLED set lb vserver lbvservername -httpProfileName spdy_enabled
Verifying SPDY
To verify SPDY, complete any of the following tasks:
-
Run the following command from the command line interface of the appliance to verify the HTTP statistics and the SPDY rate/s and total requests:
> stat protocol http -detailHTTP Statistics Requests: Rate (/s) Total Total requests 1 29159 GETs 0 28535 POSTs 0 23 Other methods 0 601 HTTP/1.0 requests 0 0 HTTP/1.1 requests 0 28560 Content-length requests 0 23 Chunked requests 0 0 Request bytes received 69 5115347 Request bytes transmitted 0 0 Responses: Rate (/s) Total Total responses 1 29103 ---SNIP------ SPDY: Rate (/s) Total SPDYv2 requests 0 55 -
You can also verify the SPDY Header in Firefox Live HTTP Headers.
-
After capturing a NetScaler packet trace, you must see server response packets with the Next Protocol Negotiation Extension. Use the following Wireshark filter: ssl.handshake.extensions_npn, as shown in the following screen shot:
Note: NetScaler does not support NPN over TLS 1.1/1.2. To use SPDY, the client must disable TLS1.1/1.2 in the browser:
Issue/Introduction
Additional Information
