Connection multiplexing is a method of reusing connections to avoid the overhead on the server that comes with establishing new connections for each request. Connection multiplexing support in Citrix ADC ensures that server connections are efficiently reused, which results in dramatically reduced SSL/TLS load on back-end servers.
Q: What is the connection multiplexing feature of the NetScaler appliance?
A: The connection multiplexing feature is the core of the NetScaler appliance functionality. This feature required minimal configuration for use. It is one of the acceleration techniques available in the NetScaler appliance. Connection multiplexing is a method of reusing the connections and avoiding the overhead of establishing the TCP connections for the data transfer after the connection established is no longer in use.
Connection multiplexing has a positive impact on the performance of the server as well as the client-side, as explained in the following sections.
Impact on the Server-Side Performance
On the server-side, the NetScaler appliance helps in reducing the server setup and expenses. Additionally, the server-side leverages the fast TCOP options of the appliance designed to accelerate the communication among the well connected hosts. The NetScaler appliance ensures this by keeping the connections warm and suppressing the tear down messages. The NetScaler appliance forwards the tear down message to the client. However, to keep the connection open, the NetScaler appliance flips the two binary digit fields. Flipping the digits ensures that the client accepts the response as a valid one but does not understand that it is meant to tear down the connection. As a result, the connection remains open.
The server-side connections are not used to transfer data simultaneously but sequentially. This ensures that the connection available is reused. You can verify this by the difference between the number of connections on the client-side and the server-side of the NetScaler appliance.
When the connection multiplexing is performed on the server-side, the session is transparent to the client and they are not aware of any data manipulation.
Impact on the Client-Side Performance
On the client-side, the NetScaler appliance enables the clients to keep the connection open. It improves the performance between the client and the NetScaler appliance. This is achieved by translating and manipulating the client request. The request is terminated at the appliance and translated to the NetScaler IP address. Then the NetScaler appliance forwards the request to the existing TCP connection to the target server. The request from the clients are sequentially forwarded through a small number of persistent connections to the server.
You can use two modes of connectivity to accomplish connection multiplexing, Connection Proxy or Gateway.
Gateway mode has the complete traffic optimization and security features, such as IP address and port mapping, attack prevention, and content filtering. By default, the NetScaler appliance is configured in Gateway mode.
TCP Connection Management in a NetScaler Appliance
- The client first opens a TCP connection to the NetScaler appliance, after which it sends the first HTTP request, the appliance creates a TCP connection with the backend server.
- As soon as this transaction (request/response) is complete, the NetScaler appliance decouples the client and the server side connections and moves the server side connection to the reuse pool, so that the connection can be used by the same client again or by a new client.
- If the same client sends another request and this server side connection is not in the reuse pool, the NetScaler appliance opens a new connection to the same or some other server on the backend.
- The connection multiplexing takes place only on the HTTP virtual IP address and not on the TCP virtual IP address.
- Maxrequest sets a maximum number of requests per connection that the NetScaler appliance is allowed to send to the backend server.
- Setting this value to 0 allows an unlimited number of requests to be passed and setting this number to 1 passes only 1 request per connection.
- Disabling multiplexing has an impact on the performance, additional servers might be required because there is a one to one connection ratio maintained for each client and server.
There are four methods to disable connection multiplexing:
- On Each Service
By setting the maxreq to 1, disables the multiplexing. This indicates that each client connection is tied to single server connection in a 1:1 fashion.
set service “service” -maxreq 1
- At a Global Level
The following command disables the multiplexing at a global level on the NetScaler appliance. It ensures that the server connection is not placed in the reuse pool to be used by some other client, though the same server connection can be used by the same client.
nsapimgr -ys httpnoreuse=1
- Using the HTTP Profile
Starting NetScaler software release 9.2, you can disable connection multiplexing from the command line interface either at a global level or at each service by using an HTTP profile.
set ns httpParam [-conMultiplex ( ENABLED | DISABLED )]
set httpProfile <name> [-conMultiplex ( ENABLED | DISABLED )]
The HTTP profile must be bound at the service level.
- Changing to TCP VIP
Changing to TCP VIP also disables multiplexing and it maintains 1:1 client and server connections. It is the same as option 1 with no Layer 7 processing.
Netscaler connection Replacement
If a request from client C1 reaches the NetScaler appliance, the appliance opens a connection to the server S1 and Request/Response completes. The appliance decouples this connection and moves the connection of S1 to the reuse pool. If C1 or C2 comes in to the appliance, the appliance uses the same connection from the reuse pool. Request is sent and S1 sends a response with FIN, appliance closes the server connection and it does not put this connection in the reuse pool.
To be efficient, the appliance compensates for the preceding closed connection by creating a new server connection and keeping it in the reuse pool, even if there is no client at that time. So the connection replacement happens when the server closes the connection with FIN and the appliance proactively creates a new connection and keeps it ready for the new client.