The Citrix NetScaler handles standard load-balancing functions, but is billed as an Internet application accelerator, due to the features that speed up delivery of browser-based applications, including caching, TCP buffering, TCP session consolidation, compression, and SSL offload. These technologies can have a tremendous impact on Web application performance and reduce network traffic as well. The NetScaler is an extremely capable load balancer, an application-layer firewall, and an application accelerator. In fact, it has more features and functionality than can be covered in a review. The administration and configuration guides fill two volumes and more than 1,000 pages.
Although it is tempting to try to come up with a hard number to characterize performance gains from these technologies, the fact is, your mileage will vary. Each of the components can have an impact varying from small to huge, depending on the type of Web application, the type of data being moved from server to client, the network and server load conditions, and more. Most users will see an improvement of at least 400 percent (4X, or a reduction in time to display a page to one quarter the original time). As much as 200-fold improvements are possible, especially if the Web servers and network are heavily loaded.
Loading the balancer
To run the NetScaler through its paces, I set up a virtual cluster of several servers to serve a demo version of an e-commerce site. The servers varied in processor number and power. I then used an Ixia 400T traffic generator and IxLoad software to simulate a large number of users accessing the Web site and compared the loads generated on each Web site. The NetScaler 10010 appliance was able to keep actual loads on the servers consistent even though their processing power varied considerably. I then enabled a number of features, such as SSL sessions, acceleration, and application security, and attempted to overload the load balancer by simulating many simultaneous users. This was possible only with artificially small sessions; when simulating actual traffic, the gigabit connection became saturated before the limits of the device were reached.
Testing the Web application acceleration features is more problematic. The greatest improvements in delivery of pages from the Web servers will occur when the server is heavily loaded (or would be heavily loaded if the NetScaler weren’t present). The type of content being delivered also makes a big difference. Static HTML pages will see big improvements but dynamic pages using .ASP, CGI, Java, or other application servers may not seem much faster, because the performance of the server delivering the application, and not network performance, will be the gating factor.All that said, I tested page response times under a variety of conditions and found improvements from 1.5- to 200-fold. Using a mix of HTML, graphics, and active pages, I found an average improvement in the response at the client exceeding 5X; specifically, the average response at the client went from 1.2 seconds to 0.193 seconds. This is a perceptible gain and would be greater on heavily trafficked sites.Acceleration ABCsThe NetScaler supports both integrated caching and the use of an external cache server. In either case, requests for content coming from clients are served from the cache rather than from the Web server. A multitude of options ensures that frequently changing content is fetched from the Web server rather than cache, or that the cached data is updated regularly. You can choose to cache only static content or use a flexible set of rules to determine when to cache dynamic content.TCP buffering is useful because the network between Web servers and the NetScaler is invariably much faster and more responsive than the Internet. By holding responses from Web servers until clients are ready to receive them, the NetScaler reduces the chattiness between Web servers and clients, freeing server memory and lowering CPU utilization. If the Web server is heavily loaded, this can make a dramatic difference; on lightly loaded servers, the effect is not noticeable.TCP session consolidation (sometimes called session multiplexing) keeps all requests between the server and a client in one TCP/IP session. Because the overhead of starting a session is fairly large (some Web browsers can start dozens or even hundreds of TCP sessions to display a single page), session consolidation can improve performance substantially. Modern Web servers can implement session persistence as well, in which case the NetScaler’s TCP session consolidation will not improve performance. However, offloading this function to the NetScaler will reduce server loads, and may be much simpler than implementing the feature on the Web server.Compression is another feature that produces greatly variable results. The algorithms used to compress text and HTML are part of the HTML 1.1 and later specification. All recent browsers support compression, and on largely text or HTML pages the differences in display times can be dramatic. Pages with active content or graphics that are already compressed will show minimal gains.Given the high profile that security has gotten during the past few years, many sites implement SSL encryption for nearly everything. Computing the codes necessary to encrypt and decrypt traffic between server and client can put substantial loads on the Web server. SSL offload uses a dedicated encryption processor to encrypt and decrypt traffic, removing the load from the Web server. This is another technology that will not improve performance on lightly loaded Web servers but can reduce CPU utilization on heavily burdened Web servers by a third to a half, greatly improving server response times.
Setting up the NetScaler is easy. Initial configuration can be done with a serial terminal, or via the default IP address using a Web browser. Using the NetScaler interface from a browser in other than a basic monitoring mode (including using the dashboard for full monitoring capabilities) requires a Java client, which is automatically downloaded from the NetScaler. The interface is clean and easy to navigate, with context-sensitive help that can get you through at least the basics. Beyond that, documentation is extensive, available on the NetScaler itself rather than being provided on a CD or as hard copy.
The NetScaler provides a wide variety of monitoring tools for ensuring that Web applications are running properly, protection tools to shield Web and application servers against attacks, and logging tools to gather historical data on traffic and watch for suspicious behavior. A sophisticated policy engine lets you route traffic based on content, source, destination, and more. A nice feature called SureConnect can display a progress bar or special page if responses from a Web server are taking longer than usual.
Compared to the competing solutions I’ve tested, NetScaler offers the greatest variety of acceleration technologies, with the Juniper DX a close second and the Zeus ZXTM not far behind, although both the Juniper and the Zeus solutions lag the NetScaler in ease of use. NetScaler offers a sophisticated set of management features, on a par with F5 Networks’ BIG-IP and Zeus, but falling a notch short of Juniper, which offers superior logging and reporting, better scripting, and even automation technologies that make it very easy to secure a Web site by moving to SSL without recoding the site. NetScaler also includes great security tools, both for implementing security connections with clients and preventing attacks on Web and application servers.
The NetScaler is not a system you’ll be using to set up one small, three-node Web farm that will be lightly loaded. It will do that, but so will the Coyote Point e550, at a much lower cost. The NetScaler will handle large, heavily trafficked Web sites, and can greatly improve the performance of critical Web applications. For organizations making corporate applications available over the Web for internal or external customers, the NetScaler can really deliver outstanding performance.