Slowness in Presenting Citrix Gateway/AAA Login page on Client Browsers

For releases 13.1, 13.0-82.x and above

From Citrix ADC 13.0-82.x and later, there is an optimization to limit the number of connections ADC can open to Apache. In case of a surge in traffic, ADC ensures that the number of connection requests to Apache does not exceed Apache’s maxClient limit, ensuring low response times from Apache.

To configure the limit on connections from ADC to Apache, maxClients parameter of service named nshttpd-vpn- can be customized. The default value of this parameter is 30.

To get optimal performance, MaxClients in httpd.conf and maxClients parameter of nshttpd-vpn- service must be tuned as mentioned below.

  1. Set the maxClients parameter in /etc/httpd.conf

    1. Before changing the file, ensure to take a backup of original /etc/httpd.conf.

    2. In /etc/httpd.conf, search for “MaxClients” string and increase the value to 60. (This allows Apache to handle 60 connections in parallel)

    3. To make the change reboot persistent, run the following commands.

      1. cp /etc/httpd.conf /nsconfig/

      2. rm /etc/httpd.conf

      3. ln -s /nsconfig/httpd.conf /etc/httpd.conf

    4. Restart Apache using apachectl restart

  2. Set the maxClients limit on the service (nshttpd-vpn- using the following NSCLI command and save the config.

set service nshttpd-vpn- -maxClient 45
save config

Note: As the service nshttpd-vpn- is specific for gateway end-user portal traffic to Apache, it is recommended to have a slightly lower limit than the value configured in httpd.conf. This ensures that enough connections are allocated to Admin UI traffic even if there is a surge in end user traffic. A difference of at least 15 is recommended.

3. If the response times are high even with a limit of 60, a higher limit is needed. Repeat Step 1 and Step 2 to increase the maxClient values on the service as well as in httpd.conf in steps of 15 or 20 until a satisfactory response time is achieved. Kindly reach out to Citrix support if there is no performance improvement even on reaching a limit of 255.

Note: The value can be increased up to 255 but having a limit of more than required might result in a memory crunch. Higher values(>120) are not recommended unless found necessary while tuning the performance.

Example snippet of the default httpd.conf

# Limit on total number of servers running, i.e., limit on the number

# of clients who can simultaneously connect — if this limit is ever

# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.

# It is intended mainly as a brake to keep a runaway server from taking

# the system with it as it spirals down…

MaxClients 30 #This needs to be increased


Leave a Reply