This article contains information about Citrix NetScaler TCP connection management.
TCP Connection Management in a NetScaler Appliance
The client first opens a TCP connection to the NetScaler appliance, after which it sends the first HTTP request, the appliance creates a TCP connection with the backend server.
As soon as this transaction (request/response) is complete, the NetScaler appliance decouples the client and the server side connections and moves the server side connection to the reuse pool, so that the connection can be used by the same client again or by a new client.
If the same client sends another request and this server side connection is not in the reuse pool, the NetScaler appliance opens a new connection to the same or some other server on the backend.
The connection multiplexing takes place only on the HTTP virtual IP address and not on the TCP virtual IP address.
Maxrequest sets a maximum number of requests per connection that the NetScaler appliance is allowed to send to the backend server.
Setting this value to 0 allows an unlimited number of requests to be passed and setting this number to 1 passes only 1 request per connection.
Disabling multiplexing has an impact on the performance, additional servers might be required because there is a one to one connection ratio maintained for each client and server.
There are four methods to disable connection multiplexing:
At a Global Level
The following command disables the multiplexing at a global level on the NetScaler appliance. It ensures that the server connection is not placed in the reuse pool to be used by some other client, though the same server connection can be used by the same client.
nsapimgr -ys httpnoreuse=1
Using the HTTP Profile
Starting NetScaler software release 9.2, you can disable connection multiplexing from the command line interface either at a global level or at each service by using an HTTP profile.
set ns httpParam [-conMultiplex ( ENABLED | DISABLED )]
set httpProfile <name> [-conMultiplex ( ENABLED | DISABLED )]
The HTTP profile must be bound at the service level.
Changing to TCP VIP
Changing to TCP VIP also disables multiplexing and it maintains 1:1 client and server connections. It is the same as option 1 with no Layer 7 processing.
NetScaler Connection Replacement
If a request from client C1 reaches the NetScaler appliance, the appliance opens a connection to the server S1 and Request/Response completes. The appliance decouples this connection and moves the connection of S1 to the reuse pool. If C1 or C2 comes in to the appliance, the appliance uses the same connection from the reuse pool. Request is sent and S1 sends a response with FIN, appliance closes the server connection and it does not put this connection in the reuse pool.
To be efficient, the appliance compensates for the preceding closed connection by creating a new server connection and keeping it in the reuse pool, even if there is no client at that time. So the connection replacement happens when the server closes the connection with FIN and the appliance proactively creates a new connection and keeps it ready for the new client.