Citrix ADC and how it handles bad UDP Checksum

TESTING IN LAB FOR VERIFICATION:

Destination vserver: 172.16.1.1 port UDP 514

Backend Services: 172.16.1.4 ports UDP 10514, 20514, 30514

Test 1 (packet with UDP checksum intact):

>>> packet.show()

###[ IP ]###

version= 4

ihl= None

tos= 0x0

len= None

id= 1

flags=

frag= 0

ttl= 64

proto= udp

chksum= None

src= 172.16.1.4

dst= 172.16.1.1

options

###[ UDP ]###

sport= domain

dport= syslog

len= None

chksum= None

###[ Raw ]###

load= ‘Test Good Checksum’

Sending 100 packets:

>>> send(packet,count=100)

……………………………………………………………………………………….

Sent 100 packets.

Netscaler shows 0 UDP checksum errors:

root@ns# nsconmsg -g udp_err_badchecksums -d current

^C

root@ns# exit

Vserver hits matches packets set @ 100 (vserver counters cleared)

> stat lb vserver vserverNAME

Virtual Server Summary

vsvrIP port Protocol State Health actSvcs

vserverNAME 172.16.1.1 514 UDP UP 100 3

inactSvcs

vserverNAME 0

Virtual Server Statistics

Rate (/s) Total

Vserver hits 0 1

Requests 0 0

Responses 0 0

Request bytes 0 1100

Response bytes 0 0

Total Packets rcvd 0 100

Total Packets sent 0 0

Current client connections — 1

Current Client Est connections — 1

Current server connections — 1

Requests in surge queue — 0

Requests in vserver’s surgeQ — 0

Requests in service’s surgeQs — 0

Spill Over Threshold — 0

Spill Over Hits — 0

Labeled Connection — 0

Push Labeled Connection — 0

Deferred Request 0 0

Invalid Request/Response — 0

Invalid Request/Response Dropped — 0

Vserver Down Backup Hits — 0

Current Multipath TCP sessions — 0

Current Multipath TCP subflows — 0

Bound Service(s) Summary

IP port Type State Hits Hits/s

syslog-1 172.16.1.4 10514 UDP UP 0 0/s

syslog-2 172.16.1.4 20514 UDP UP 1 0/s

syslog-3 172.16.1.4 30514 UDP UP 0 0/s

Req Req/s Rsp Rsp/s Throughp ClntConn SurgeQ

syslog-1 0 0/s 0 0/s 0 0 0

syslog-2 0 0/s 0 0/s 0 1 0

syslog-3 0 0/s 0 0/s 0 0 0

SvrConn ReuseP MaxConn ActvTran SvrTTFB Load

syslog-1 0 0 0 0 0 0

syslog-2 1 0 0 1 0 0

syslog-3 0 0 0 0 0 0

Test 2 (packet with incorrect UDP checksum):

Packet formatted to have incorrect checksum:

>>> packet.show()

###[ IP ]###

version= 4

ihl= None

tos= 0x0

len= None

id= 1

flags=

frag= 0

ttl= 64

proto= udp

chksum= None

src= 172.16.1.4

dst= 172.16.1.1

options

###[ UDP ]###

sport= domain

dport= syslog

len= None

chksum= 0x2e7

###[ Raw ]###

load= ‘Test Bad Checksum’

Sending 100 packets:

>>> send(packet,count=100)

……………………………………………………………………………………….

Sent 100 packets.

Netscaler UDP checksum counter hits (matches 100 packets):

root@ns# nsconmsg -g udp_err_badchecksums -d current

Index rtime totalcount-val delta rate/sec symbol-name&device-no

0 28003 729 100 14 udp_err_badchecksums

Netscaler vserver stats @ 0:

> stat lb vserver vserverNAME

Virtual Server Summary

vsvrIP port Protocol State Health actSvcs

vserverNAME 172.16.1.1 514 UDP UP 100 3

inactSvcs

vserverNAME 0

Virtual Server Statistics

Rate (/s) Total

Vserver hits 0 0

Requests 0 0

Responses 0 0

Request bytes 0 0

Response bytes 0 0

Total Packets rcvd 0 0

Total Packets sent 0 0

Current client connections — 0

Current Client Est connections — 0

Current server connections — 0

Requests in surge queue — 0

Requests in vserver’s surgeQ — 0

Requests in service’s surgeQs — 0

Spill Over Threshold — 0

Spill Over Hits — 0

Labeled Connection — 0

Push Labeled Connection — 0

Deferred Request 0 0

Invalid Request/Response — 0

Invalid Request/Response Dropped — 0

Vserver Down Backup Hits — 0

Current Multipath TCP sessions — 0

Current Multipath TCP subflows — 0

Bound Service(s) Summary

IP port Type State Hits Hits/s

syslog-1 172.16.1.4 10514 UDP UP 0 0/s

syslog-2 172.16.1.4 20514 UDP UP 0 0/s

syslog-3 172.16.1.4 30514 UDP UP 0 0/s

Req Req/s Rsp Rsp/s Throughp ClntConn SurgeQ

syslog-1 0 0/s 0 0/s 0 0 0

syslog-2 0 0/s 0 0/s 0 0 0

syslog-3 0 0/s 0 0/s 0 0 0

SvrConn ReuseP MaxConn ActvTran SvrTTFB Load

syslog-1 0 0 0 0 0 0

syslog-2 0 0 0 0 0 0

syslog-3 0 0 0 0 0 0

Related:

  • No Related Posts

Leave a Reply