Manual Chapter : Shaping Citrix Client MultiStream ICA Traffic

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Shaping Citrix Client MultiStream ICA Traffic

Overview: Shaping traffic for Citrix clients that support MultiStream ICA

Access Policy Manager (APM) can perform traffic shaping for Citrix clients that support MultiStream ICA. You can add the configuration required for traffic shaping to an existing integration of APM by adding a BWC Policy action to an existing access policy.
Consult Citrix documentation for the clients and client platforms that support MultiStream ICA.

About Citrix XenApp server requirements for shaping traffic with APM

To support traffic shaping for Citrix MultiStream ICA clients with Access Policy Manager (APM), you must meet specific configuration requirements on the Citrix XenApp server as described here.
  • Citrix MultiStream ICA must be enabled.
  • A Citrix Multi-Port Policy must be configured with four MultiStream ICA ports, one for each priority (high, very high, medium, and low). This example uses ports
    2598-2601
    .
    • CGP default port: Default port; CGP default port priority: High
      CGP default port is usually
      2598
      .
    • CGP port1: 2799 CGP port1 priority: Very High
    • CGP port2: 2800 CGP port2 priority: Medium
    • CGP port3: 2801 CGP port3 priority: Low
When a XenApp server is configured correctly, you can use a network monitoring utility, such as
netstat
, and see that an XTE.exe process is listening on the configured ports as shown in this example.
C:\>
netstat
–abno
Active Connections Proto Local Address Foreign Address State PID … TCP 0.0.0.0:2598 0.0.0.0:0 LISTENING 6416 [XTE.exe] TCP 0.0.0.0:2799 0.0.0.0:0 LISTENING 6416 [XTE.exe] TCP 0.0.0.0:2800 0.0.0.0:0 LISTENING 6416 [XTE.exe] TCP 0.0.0.0:2801 0.0.0.0:0 LISTENING 6416 [XTE.exe]
When you change or configure a policy, it takes effect on the XenApp server after a system restart.

Shaping multistream ICA traffic

Creating a dynamic bandwidth control policy for Citrix MultiStream ICA traffic

You create a dynamic bandwidth control policy to support traffic shaping for Citrix MultiStream ICA traffic on the BIG-IP system.
  1. On the Main tab, click
    Acceleration
    Bandwidth Controllers
    .
  2. Click
    Create
    .
  3. In the
    Name
    field, type a name for the bandwidth control policy.
  4. In the
    Maximum Rate
    field, type a number and select the unit of measure to indicate the total throughput allowed for the resource you are managing.
    The number must be in the range from
    1 Mbps
    to
    1000 Gbps
    . This value is the amount of bandwidth available to all the connections going through this static policy.
  5. From the
    Dynamic
    list, select
    Enabled
    .
    The screen displays additional settings.
  6. In the
    Maximum Rate Per User
    field, type a number and select the unit of measure to indicate the most bandwidth that each user or session associated with the bandwidth control policy can use.
    The number must be in the range from
    1 Mbps
    to
    2 Gbps
    .
  7. In the
    Categories
    field, add four categories of traffic that this bandwidth control policy manages for Citrix: very high, high, medium, and low.
    All the categories share the specified bandwidth, in accordance with the rate specified for each category.
    The category names you specify here display in the visual policy editor when you add a bandwidth control (BWC) policy action to an access policy.
    1. In the
      Category Name
      field, type a descriptive name for the category.
    2. In the
      Max Category Rate
      field, type a value to indicate the most bandwidth that this category of traffic can use, and select
      %
      from the list and type a percentage from
      1
      to
      100
      .
    3. Click
      Add
      .
      The new category displays on the
      Categories
      list.
    4. Repeat these steps to add the additional categories until you have defined all four required categories.
  8. Click
    Finished
    .
The system creates a dynamic bandwidth control policy.
You might create a policy with a maximum rate of 20 Mbps and a maximum rate per user of 10 Mbps with categories named like this: bwcVH, bwcH, bwcM, and bwcL and with maximum category rate in percent, such as 40, 30, 20, 10 accordingly.
For the bandwidth control policy to take effect, you must apply the policy to traffic, using the BWC policy action in an access policy.

Adding support for Citrix traffic shaping to an access policy

Add actions to an existing access policy to provide traffic shaping for Citrix MultiStream ICA clients.
You need to determine where to add these actions in the access policy. You might need to precede these actions with a Client Type action to determine whether these actions are appropriate to the client.
  1. On the Main tab, click
    Access
    Profiles / Policies
    .
    The Access Profiles (Per-Session Policies) screen opens.
  2. In the Per-Session Policy column, click the
    Edit
    link for the access profile you want to configure.
    The visual policy editor opens the access policy in a separate screen.
  3. On a policy branch, click the
    (+)
    icon to add an item to the policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  4. Add a BWC Policy action:
    1. Type BWC into the search field.
      Search is not case-sensitive.
      Results are listed.
    2. Select
      BWC Policy
      from the results and click
      Add Item
      .
      A properties screen opens.
    3. From the
      Dynamic Policy
      list, select the dynamic bandwidth policy that you configured previously for Citrix MultiStream ICA clients.
      Lists for these properties:
      Very High Citrix BWC Category
      ,
      High Citrix BWC Category
      ,
      Medium Citrix BWC Category
      , and
      Low Citrix BWC Category
      include the categories configured in the selected dynamic bandwidth policy.
    4. From the
      Very High Citrix BWC Category
      list, select the category that corresponds to the very high setting.
    5. For each of the remaining properties:
      High Citrix BWC Category
      ,
      Medium Citrix BWC Category
      , and
      Low Citrix BWC Category
      , select a category that corresponds to the setting.
    6. Click
      Save
      .
  5. On a policy branch, click the
    (+)
    icon to add an item to the policy.
    A popup screen displays actions on tabs, such as General Purpose and Authentication, and provides a search field.
  6. Type
    Var
    in the search field, select
    Variable Assign
    from the results, and click
    Add Item
    .
    In this Variable Assign action, you create one entry for each of the four ports that are configured in the Citrix Multi-Port Policy on the Citrix XenApp server.
    A properties screen opens.
  7. Assign a variable for the CGP port that is configured with very high priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click
      Add new entry
      .
      An
      empty
      entry displays in the Assignment table.
    2. Click the
      change
      link next to the empty entry.
      A dialog box, where you can enter a variable and an expression, displays.
    3. In the
      Custom Variable
      field, type
      citrix.msi_port.very_high
      .
    4. In the
      Custom Expression
      field, type
      expr {"
      2599
      "}
      .
      Replace
      2599
      with the port number defined for the CGP port with very high priority on the Citrix XenApp server.
    5. Click
      Finished
      .
      The popup screen closes.
  8. Assign a variable for the CGP port that is configured with high priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click
      Add new entry
      and click the
      change
      link next to the new empty entry that displays.
    2. In the
      Custom Variable
      field, type
      citrix.msi_port.high
      .
    3. In the
      Custom Expression
      field, type
      expr {"
      2598
      "}
      .
      Replace
      2598
      with the port number defined for the CGP port with high priority on the Citrix XenApp server.
    4. Click
      Finished
      .
      The popup screen closes.
  9. Assign a variable for the CGP port that is configured with medium priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click
      Add new entry
      and then click the
      change
      link next to the new empty entry that displays.
    2. In the
      Custom Variable
      field, type
      citrix.msi_port.mid
      .
    3. In the
      Custom Expression
      field, type
      expr {"
      2600
      "}
      .
      Replace
      2600
      with the port number defined for the CGP port with medium priority on the on the Citrix XenApp server.
    4. Click
      Finished
      .
      The popup screen closes.
  10. Assign a variable for the CGP port that is configured with low priority in the Multi-Port Policy on the Citrix XenApp server.
    1. Click
      Add new entry
      and click the
      change
      link next to the new empty entry that displays.
    2. In the
      Custom Variable
      field, type
      citrix.msi_port.low
      .
    3. In the
      Custom Expression
      field, type
      expr {"
      2601
      "}
      .
      Replace
      2601
      with the port number defined for the CGP port with low priority on the Citrix XenApp server.
    4. Click
      Finished
      .
      The popup screen closes.
    5. Click
      Save
      .
      The properties screen closes and the policy displays.
  11. Click the
    Apply Access Policy
    link to apply and activate the changes to the policy.
To apply this access policy to network traffic, add the access profile to a virtual server.
To ensure that logging is configured to meet your requirements, verify the log settings for the access profile.

Verifying log settings for the access profile

Confirm that the correct log settings are selected for the access profile to ensure that events are logged as you intend.
Log settings are configured in the
Access
Overview
Event Log
Settings
area of the product. They enable and disable logging for access system and URL request filtering events. Log settings also specify log publishers that send log messages to specified destinations.
  1. On the Main tab, click
    Access
    Profiles / Policies
    .
    The Access Profiles (Per-Session Policies) screen opens.
  2. Click the name of the access profile that you want to edit.
    The properties screen opens.
  3. On the menu bar, click
    Logs
    .
    The access profile log settings display.
  4. Move log settings between the
    Available
    and
    Selected
    lists.
    You can assign up to three log settings that enable access system logging to an access profile. You can assign additional log settings to an access profile provided that they enable logging for URl request logging only.
    Logging is disabled when the
    Selected
    list is empty.
  5. Click
    Update
    .
An access profile is in effect when it is assigned to a virtual server.