Backend Server TCP Connections do not close, based on client timeout settings with ANY-type VServers
Article ID: CTX216302
Updated On:
Description
Using an ANY-type load balancing vServer on Citrix ADC (NetScaler).
You wish to terminate the backend server connection based on a client timeout setting on the Citrix ADC.
After a client device physically disappears from the network (ie, disconnected cable), the backend server connection remains for a considerable amount of time
Resolution
Use a TCP (or other more appropriate protocol) VServer instead. In this instance, the Citrix ADC will proxy the connection and will maintain the TCP connection state on the front and back of the Citrix ADC. In this instance, when no packets are received from the client within the specified client timeout, the Citrix ADC will then begin the Zombie timeout period, after which time, the Citrix ADC will sent a TCP Reset to the backend server to terminate the connection.
The actual time from when a client last sends a packet until the backend server connection is terminated is defined as the Client Idle Timeout + the Zombie TCP Connection Time-Out. The Zombie timeout is a global parameter and cannot be adjusted per-VServer. (Configured in the GUI Via System -> Settings -> Change Timeout Values).
NOTE: In situations where you have a long configured Client timeout, large numbers of dead connections can accumulate. In this instance, you can further enhance the detection of dead clients by using the TCP Keep-Alive setting within a TCP Profile (this also requires a VServer type other than ANY to function). In this instance, once the connection idle timeout on the TCP profile expires, the Netscaler will send TCP keep-alive packets to the client at the rate specified in the TCP Profile. After the maximum configured keep-alives are sent with no response, the Netscaler will begin to terminate the connection (the actual TCP Reset will be sent after the Zombie timeout expires).
The actual time from when a client last sends a packet until the backend server connection is terminated is defined as the Client Idle Timeout + the Zombie TCP Connection Time-Out. The Zombie timeout is a global parameter and cannot be adjusted per-VServer. (Configured in the GUI Via System -> Settings -> Change Timeout Values).
NOTE: In situations where you have a long configured Client timeout, large numbers of dead connections can accumulate. In this instance, you can further enhance the detection of dead clients by using the TCP Keep-Alive setting within a TCP Profile (this also requires a VServer type other than ANY to function). In this instance, once the connection idle timeout on the TCP profile expires, the Netscaler will send TCP keep-alive packets to the client at the rate specified in the TCP Profile. After the maximum configured keep-alives are sent with no response, the Netscaler will begin to terminate the connection (the actual TCP Reset will be sent after the Zombie timeout expires).
Problem Cause
With ANY-type VServers, the Netscaler operates as a load balancing router. It does not proxy connections or intervene in the TCP protocol in any way. As such, the Netscaler does not monitor connections for timeouts at the TCP level. So this is a expected behaviour.Issue/Introduction
This article talks about the behaviour where the backend TCP connections from Citrix ADC (NetScaler) do not get closed based on the client timeout settings done on Vserver level.
Was this article helpful?
Yes
No
Powered by
