Manual Chapter : Shaping Citrix Client MultiStream ICA Traffic

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0
Manual Chapter

Shaping Citrix Client MultiStream ICA Traffic

Overview: Shaping traffic for Citrix clients that support MultiStream ICA

Access Policy Manager® (APM®) can perform traffic shaping for Citrix clients that support MultiStream ICA. You can add the configuration required for traffic shaping to an existing integration of APM by adding a BWC Policy action to an existing access policy.

Consult Citrix documentation for the clients and client platforms that support MultiStream ICA.

About Citrix XenApp server requirements for shaping traffic with APM

To support traffic shaping for Citrix MultiStream ICA clients with Access Policy Manager® (APM®), you must meet specific configuration requirements on the Citrix XenApp server as described here.

  • Citrix MultiStream ICA must be enabled.
  • A Citrix Multi-Port Policy must be configured with four MultiStream ICA ports, one for each priority (high, very high, medium, and low). This example uses ports 2598-2601.
    • CGP default port: Default port; CGP default port priority: High
      Note: CGP default port is usually 2598.
    • CGP port1: 2799 CGP port1 priority: Very High
    • CGP port2: 2800 CGP port2 priority: Medium
    • CGP port3: 2801 CGP port3 priority: Low

When a XenApp server is configured correctly, you can use a network monitoring utility, such as netstat, and see that an XTE.exe process is listening on the configured ports as shown in this example.

                     
C:\> 
                     netstat 
                     –abno
   
                      Active Connections
   
   Proto  Local Address          Foreign Address        State           PID
   …
   TCP    0.0.0.0:2598           0.0.0.0:0              LISTENING       6416
   [XTE.exe]
   TCP    0.0.0.0:2799           0.0.0.0:0              LISTENING       6416
   [XTE.exe]
   TCP    0.0.0.0:2800           0.0.0.0:0              LISTENING       6416
   [XTE.exe]
   TCP    0.0.0.0:2801           0.0.0.0:0              LISTENING       6416
   [XTE.exe]
                  
Note: When you change or configure a policy, it takes effect on the XenApp server after a system restart.

Task summary

Task list

Creating a dynamic bandwidth control policy for Citrix MultiStream ICA traffic

You create a dynamic bandwidth control policy to support traffic shaping for Citrix MultiStream ICA traffic on the BIG-IP® system.
  1. On the Main tab, click Acceleration > Bandwidth Controllers .
  2. Click Create.
  3. In the Name field, type a name for the bandwidth control policy.
  4. In the Maximum Rate field, type a number and select the unit of measure to indicate the total throughput allowed for the resource you are managing.
    The number must be in the range from 1 Mbps to 320 Gbps. This value is the amount of bandwidth available to all the connections going through this static policy.
  5. From the Dynamic list, select Enabled.
    The screen displays additional settings.
  6. In the Maximum Rate Per User field, type a number and select the unit of measure to indicate the most bandwidth that each user or session associated with the bandwidth control policy can use.
    The number must be in the range from 1 Mbps to 2 Gbps.
  7. In the Categories field, add four categories of traffic that this bandwidth control policy manages for Citrix: very high, high, medium, and low.
    All the categories share the specified bandwidth, in accordance with the rate specified for each category.
    The category names you specify here display in the visual policy editor when you add a bandwidth control (BWC) policy action to an access policy.
    1. In the Category Name field, type a descriptive name for the category.
    2. In the Max Category Rate field, type a value to indicate the most bandwidth that this category of traffic can use, and select % from the list and type a percentage from 1 to 100.
    3. Click Add.
      The new category displays on the Categories list.
    4. Repeat these steps to add the additional categories until you have defined all four required categories.
  8. Click Finished.
The system creates a dynamic bandwidth control policy.
You might create a policy with a maximum rate of 20 Mbps and a maximum rate per user of 10 Mbps with categories named like this: bwcVH, bwcH, bwcM, and bwcL and with maximum category rate in percent, such as 40, 30, 20, 10 accordingly.
For the bandwidth control policy to take effect, you must apply the policy to traffic, using the BWC policy action in an access policy.

Adding support for Citrix traffic shaping to an access policy

Add actions to an existing access policy to provide traffic shaping for Citrix MultiStream ICA clients.
Note: You need to determine where to add these actions in the access policy. You might need to precede these actions with a Client Type action to determine whether these actions are appropriate to the client.
  1. On the Main tab, click Access Policy > Access Profiles .
    The Access Profiles List screen opens.
  2. In the Access Policy column, click the Edit link for the access profile you want to configure.
    The visual policy editor opens the access policy in a separate screen.
  3. On an access policy branch, click the (+) icon to add an item to the access policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  4. Add a BWC Policy action:
    1. Type BWC into the search field.
      Search is not case-sensitive.
      Results are listed.
    2. Select BWC Policy from the results and click Add Item.
      A properties screen opens.
    3. From the Dynamic Policy list, select the dynamic bandwidth policy that you configured previously for Citrix MultiStream ICA clients.
      Lists for these properties: Very High Citrix BWC Category,High Citrix BWC Category, Medium Citrix BWC Category, and Low Citrix BWC Category include the categories configured in the selected dynamic bandwidth policy.
    4. From the Very High Citrix BWC Category list, select the category that corresponds to the very high setting.
    5. For each of the remaining properties: High Citrix BWC Category, Medium Citrix BWC Category, and Low Citrix BWC Category, select a category that corresponds to the setting.
    6. Click Save.
  5. On an access policy branch, click the (+) icon to add an item to the access policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  6. Type Var in the search field, select Variable Assign from the results, and click Add Item.
    In this Variable Assign action, you create one entry for each of the four ports that are configured in the Citrix Multi-Port Policy on the Citrix XenApp server.
    A properties screen opens.
  7. Assign a variable for the CGP port that is configured with very high priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click Add new entry.
      An empty entry displays in the Assignment table.
    2. Click the change link next to the empty entry.
      A dialog box, where you can enter a variable and an expression, displays.
    3. In the Custom Variable field, type citrix.msi_port.very_high.
    4. In the Custom Expression field, type expr {"2599"}.
      Replace 2599 with the port number defined for the CGP port with very high priority on the Citrix XenApp server.
    5. Click Finished.
      The popup screen closes.
  8. Assign a variable for the CGP port that is configured with high priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click Add new entry and click the change link next to the new empty entry that displays.
    2. In the Custom Variable field, type citrix.msi_port.high.
    3. In the Custom Expression field, type expr {"2598"}.
      Replace 2598 with the port number defined for the CGP port with high priority on the Citrix XenApp server.
    4. Click Finished.
      The popup screen closes.
  9. Assign a variable for the CGP port that is configured with medium priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click Add new entry and then click the change link next to the new empty entry that displays.
    2. In the Custom Variable field, type citrix.msi_port.mid.
    3. In the Custom Expression field, type expr {"2600"}.
      Replace 2600 with the port number defined for the CGP port with medium priority on the on the Citrix XenApp server.
    4. Click Finished.
      The popup screen closes.
  10. Assign a variable for the CGP port that is configured with low priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click Add new entry and click the change link next to the new empty entry that displays.
    2. In the Custom Variable field, type citrix.msi_port.low.
    3. In the Custom Expression field, type expr {"2601"}.
      Replace 2601 with the port number defined for the CGP port with low priority on the Citrix XenApp server.
    4. Click Finished.
      The popup screen closes.
    5. Click Save.
      The properties screen closes and the visual policy editor displays.
  11. Click the Apply Access Policy link to apply and activate the changes to the access policy.
To apply this access policy to network traffic, add the access profile to a virtual server.
Note: To ensure that logging is configured to meet your requirements, verify the log settings for the access profile.

Verifying log settings for the access profile

Confirm that the correct log settings are selected for the access profile to ensure that events are logged as you intend.
Note: Log settings are configured in the Access Policy Event Logs area of the product. They enable and disable logging for access system and URL request filtering events. Log settings also specify log publishers that send log messages to specified destinations.
  1. On the Main tab, click Access Policy > Access Profiles .
    The Access Profiles List screen opens.
  2. Click the name of the access profile that you want to edit.
    The properties screen opens.
  3. On the menu bar, click Logs.
    The access profile log settings display.
  4. Move log settings between the Available and Selected lists.
    You can assign up to three log settings that enable access system logging to an access profile. You can assign additional log settings to an access profile provided that they enable logging for URl request logging only.
    Note: Logging is disabled when the Selected list is empty.
  5. Click Update.
An access profile is in effect when it is assigned to a virtual server.