ADC

gRPC end-to-end configuration

The gRPC end-to-end configuration works by sending a gRPC request from a client over HTTP/2 protocol and again forwarding gRPC messages responded by the gRPC server.

How end-to-end gRPC configuration works

The following diagram shows a gRPC configuration works in a NetScaler appliance.

gRPC configuration functional diagram

  1. To deploy the gRPC configuration, you must first enable HTTP/2 in the HTTP profile and also enable HTTP/2 support globally on server side.
  2. When a client sends a gRPC request, the load balancing virtual server evaluates the gRPC traffic using policies.
  3. Based on policy evaluation, the load balancing virtual server (with gRPC service bound to it) terminates the request and forwards it as a gRPC request to the back-end gRPC server.
  4. Similarly, when the gRPC server responds to the client, the appliance terminates the response and forwards it as a gRPC response to the client.

Example for gRPC request sent to gRPC server

The request header is sent as HTTP/2 headers in HEADERS+CONTINUATION Frames.

```
HEADERS (flags = END_HEADERS)
: method = POST
: scheme = http
: path = /helloworld.citrix-adc/SayHello
: authority = 10.10.10.10.:80
grpc-timeout = 15
content-type = application/grpc+proto
grpc-encoding = gzip
DATA (flags = END_STREAM)
<Length-Prefixed Message>
<!--NeedCopy--> ```

Example for gRPC response header from gRPC server to NetScaler appliance

Response-Headers & Trailers-Only are delivered in a single HTTP/2 HEADERS frame block. Most responses are expected to have both headers and trailers but Trailers-Only is permitted for calls that produce an immediate error. Status must be sent in Trailers even if the HTTP status code is OK.

```
HEADERS (flags = END_HEADERS)
: status = 200
Grpc-encoding= gzip
Content-type = application/grpc+proto
DATA
<Length-Prefixed Message>
HEADERS (flags = END_STREAM, END_HEADERS)
grpc-status = 0 # OK

<!--NeedCopy--> ```

Configure gRPC by using the CLI

To configure an end-to-end gRPC deployment, you must complete the following:

  • Add HTTP profile with HTTP/2 and HTTP/2 direct enabled.
  • Enable global back end HTTP/2 support in HTTP parameter
  • Add load balancing virtual server of type SSL/HTTP and set HTTP profile
  • Add Service for gRPC endpoint and set HTTP profile
  • Bind gRPC end point service to load balancing virtual server

Add HTTP profile with HTTP/2 and HTTP/2 direct enabled

You must enable HTTP/2 and HTTP/2 direct parameters in the HTTP profile. Also, you must enable the HTTP/2 direct parameter if gRPC over HTTP/2 cleartext is required.

At the command prompt, type:

add ns httpProfile <name> - http2 ( ENABLED | DISABLED ) [-http2Direct ( ENABLED | DISABLED )]

Example:

add ns httpProfile http2gRPC -http2Direct ENABLED -http2 ENABLED

Enable global back-end HTTP/2 support through HTTP parameter

To enable HTTP/2 support globally on the server side by using the NetScaler command line.

At the command prompt, type:

set ns httpParam -http2ServerSide( ON | OFF )

Example:

set ns httpParam -http2ServerSide ON

Add load balancing virtual server of type SSL/HTTP and set HTTP profile

To add a load balancing virtual server by using the NetScaler command interface:

At the command prompt, type:

add lb vserver <name> <service type> [(<IP address>@ <port>)] [-httpProfileName <string>]

Example:

add lb vserver lb-grpc HTTP 10.10.10.11 80 -httpProfileName http2gRPC

Note:

If you are using a load balancing virtual server of type SSL, then you must bind the server certificate. See Bind server certificate topic for more information.

Add Service for gRPC endpoint and set HTTP profile

To add a gRPC service with HTTP profile by using the NetScaler command interface: At the command prompt, type:

add service <name> (<IP> | <serverName> ) <serviceType> <port> [-httpProfileName <string>]

Example: add service svc-grpc 10.10.10.10 HTTP 80 -httpProfileName http2gRPC

Bind gRPC end point service to load balancing virtual server

To bind a gRPC service to load balancing virtual server by using the NetScaler command interface:

At the command interface, type:

bind lb vserver <name> <serviceName>

Example:

bind lb vserver lb-grpc svc-grpc

Configure end-to-end gRPC deployment by using the GUI

Complete the following steps to configure gRPC by using the GUI.

Add HTTP profile with HTTP/2 and HTTP/2 direct enabled

  1. Navigate to System > Profiles and click HTTP Profiles.
  2. Select the HTTP/2 checkbox in a new HTTP profile or existing HTTP profile.

Enable global back end HTTP/2 support in HTTP parameter

  1. Navigate to System > Settings > HTTP Parameters.
  2. In the Configure HTTP Parameter page, select the HTTP/2 on Server Side checkbox.
  3. Click OK.

Add load balancing virtual server of type SSL/HTTP and set HTTP profile

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers.
  2. Click Add to create a load balancing virtual server for gRPC traffic.
  3. In Load Balancing Virtual Server page, click Profiles.
  4. In the Profiles section, select the profile type as HTTP.
  5. Click OK and then Done.

Add Service for gRPC endpoint and set HTTP profile

  1. Navigate to Traffic Management > Load Balancing > Services.
  2. Click Add to create an application server for gRPC traffic.
  3. In Load Balancing Service page, go to Profile section.
  4. Under Profiles, add HTTP profile for gRPC endpoint.
  5. Click OK and then Done.

For detailed GUI procedures related to loading balancing, see Load Balancing topic.

gRPC end-to-end configuration