NetScaler supports the SPDY/2 and SPDY/3 (from NetScaler 10.5 onwards) versions.
If you use a NetScaler appliance as a SPDY gateway for your servers, the servers do not have to support SPDY. The NetScaler appliance accepts the incoming SPDY requests, converts them, and sends them to the servers as HTTP requests. It also converts the HTTP responses and sends them to the clients as SPDY responses. While the key value of SPDY is reduced bandwidth consumption and faster communication with clients, an additional benefit of the NetScaler solution is that you avoid the time consuming task of upgrading your web servers and applications to support SPDY.
To use a NetScaler appliance as a SPDY gateway, you must enable SPDY on the appliance.
If SPDY is enabled, when the NetScaler appliance sees TLS ALPN extension with list of supported protocols in the Client Hello message, it responds with either SPDY/3 or SPDY/2 in the ALPN extension in its Server Hello.
NetScaler can also negotiate SPDY over NPN. When NetScaler sees an empty NPN extension in the Client Hello message, it responds with a list of the protocols that it supports. If SPDY is enabled on the NetScaler appliance, the appliance advertises HTTP/1.1 and SPDY/2 protocols. The client selects one protocol from this list and negotiates the protocol with the server. Because sending the negotiated protocol in plain text would raise security issues, the client sends the Change Cipher Spec notification which defines the details of the encryption for the session, followed by the Next Protocol message, which contains the encrypted protocol that the client has chosen. The client then sends the Finished message. The NetScaler appliance decrypts the Next Protocol message, and then sends a Finished message.
A session is then established, and application data can be exchanged.
By default, SPDY is disabled on the NetScaler appliance. After you enable SPDY, the appliance advertises SPDY/2 and/or SPDY/3 along with HTTP/1.1 during an SSL handshake. To enable SPDY on the NetScaler appliance, you must enable SPDY in the HTTP profile bound to the SSL virtual server.
At the command prompt, do the following:
set ns httpProfile <profileName> -SPDY <options>Example
> set ns httpProfile profile1 -SPDY ENABLED
set lb vserver <ssl-vserver-name> -httpProfileName <httpProfile-with-spdy>Example
> set lb vserver SPDY_LB -httpProfileName profile1
You can view the statistics by using the following command:
stat protocol http -detail