Configure SPDY Protocol on Citrix Netscaler ADC 10.1

Configuring SPDY protocol on Netscaler is pretty straightforward. Ensure that you have upgraded Netscaler device or virtual appliance to the latest version, currently 10.1. SPDY requires SSL, so an SSL Certificate should be obtained from a Certification Authority and you may want to SSL offload your website as well.

To configure SPDY, login to the console and goto System – Profiles, select the HTTP Profiles tab on the right pane. Press the Add button to create a new profile or select an existing one. For example let’s create a new profile called Http-SPDY profile. Check out all the needed options and finally the SPDY checkbox.

SPDY Profile

SPDY Profile

Press OK to save the new profile and goto Configuration – Traffic Management – SSL Offload – Virtual Servers. Double click your virtual server and select the Profiles tab.

Virtual Server HTTP Profile

Virtual Server HTTP Profile

At the SSL Profile option select the previously created profile. Press OK and you are done. Your website is now SPDY enabled.

Of course, in real world nothing is easy! For example, when your website uses Microsoft’s Windows Communication Foundation (WCF) architecture, you must create rewrite rules on your Netscaler to replace http requests to https. By enabling SPDY, the website gets into a redirection loop and the session shuts down!

Chrome Redirection Loop

Chrome Redirection Loop

Firefox Redirection Loop

Firefox Redirection Loop

I haven’t find a workaround for this problem. Any help is appreciated!

Enable SPDY Protocol on your browser

Actually, SPDY protocol is enabled by default in all modern SPDY compatible browsers. Widely accepted browsers are SPDY compatible except Microsoft IE.

Firefox 21.0

Type in about:config at the URL address space and the following disclaimer will appear:

Firefox Disclaimer

Firefox Disclaimer

Press the procceed button and type in spdy at the search space.

Firefox SPDY settings

Firefox SPDY settings

The SPDY settings will appear. Please note that network.http.spdy.enabled should be true, as well as the v2 and v3 parameters.

Now, to check the SPDY sessions, install Firebug addon on your Firefox

Goto Tools – Web Developer – Firebug – Open Firebug and open up the Gmail webpage. Checkout the Response Headers of the page looking for parameter X-Firefox-Spdy: 3. This ensures that SPDY protocol is used and indicates the negotiated version.

SPDY Headers

SPDY Headers

Chrome 27.0.1453.110

On chrome you can even watch the SPDY sessions by typing chrome://net-internals on the URL and selecting the SPDY option on the left menu.

Chrome SPDY Sessions

Chrome SPDY Sessions

There is no official announcement from Microsoft yet, but Internet Explore 11 may support Google’s SPDY protocol.

Citrix Netscaler 10.1 as a SPDY Proxy

At the end of May, Citrix announced version 10.1 of its Netscaler ADC. One of the new features is the support of Google’s SPDY v2 open protocol for any backend loadbalanced website (v3 is on the way). SPDY is like HTTP protocol with enchancements to reduce web page loading time, meaning faster Internet communication.

SPDY modifies the the way HTTP handles requests and responses. It uses compression, multiplexing and prioritarization to reduce the load latency. By multiplexing and prioritarizing the web objects of a page, only one connection is required. By compressing and deduplicating the headers the packet overhead size is reduced. A 30% to 60% performance improvement can be achieved by using SPDY.

Popular web browsers like Chrome, Firefox and Opera implement already this protocol and many heavy load websites have adopted his technology, like Google, Twitter, Facebook and WordPress to name a few. SPDY actually sits on HTTP layer, so the web applications on the datacenter do not need to be changed.  Now, even the web servers may remain intact since Netscaler’s SPDY proxy handles the SPDY client-server communication and translates it to HTTP for the backend servers.

You can check which websites use SPDY on a Chrome browser by typing

chrome://net-internals

at the URL address.

So, upgrade your Netscaler and enable the SPDY feature. More on this soon!