Support for DTLS protocol 编辑

Notes:

• DTLSv1.0 protocol is supported on Citrix ADC MPX/SDX (N2 and N3 based), VPX, and MPX 14000 FIPS appliances. It is not supported on external HSMs.
• DTLS 1.0 protocol is supported on Citrix ADC appliances containing Intel Coleto SSL chips.
• DTLSv1.2 protocol is supported on the front-end of Citrix ADC VPX appliances.
• DTLS 1.2 protocol is supported on the front-end of Citrix ADC appliances containing Intel Coleto SSL chips. For more information about the platforms containing Intel Coleto SSL chips, see Support for Intel Coleto SSL chip based platforms.
• Service groups of type DTLS are not supported.
• DTLSv1.2 protocol is supported on the front-end of Citrix ADC MPX (N3 based) appliances except the MPX 14000 FIPS appliances.
• For information about Enlightened Data Transport (EDT) support for Citrix Gateway, see HDX enlightened data transport support.
• For information about the platforms and builds supported, see Citrix ADC MPX hardware-software compatibility matrix

The SSL and TLS protocols have traditionally been used to secure streaming traffic. Both of these protocols are based on TCP, which is slow. Also, TLS cannot handle lost or reordered packets.

UDP is the preferred protocol for audio and video applications, such as Lync, Skype, iTunes, YouTube, training videos, and flash. However, UDP is not secure or reliable. The DTLS protocol is designed to secure data over UDP and is used for applications such as media streaming, VOIP, and online gaming for communication. In DTLS, each handshake message is assigned a specific sequence number within that handshake. When a peer receives a handshake message, it can quickly determine whether that message is the next one expected. If it is, the peer processes the message. If not, the message is queued for handling after all the previous messages have been received.

Create a DTLS virtual server and a service of type UDP. By default, a DTLS profile (nsdtls_default_profile) is bound to the virtual server. Optionally, you can create and bind a user-defined DTLS profile to the virtual server.

Note: RC4 ciphers are not supported on a DTLS virtual server.

DTLS configuration

You can use the command line (CLI) or the configuration utility (GUI) to configure DTLS on your ADC appliance.

Note: The DTLS 1.2 protocol is supported on the front end of a Citrix ADC VPX appliance. While configuring a DTLSv1.2 virtual server, specify DTLS12. Default is DTLS1.

At the command prompt, type:

set ssl vserver DTLS [-dtls1 ( ENABLED | DISABLED )] [-dtls12 ( ENABLED | DISABLED )]

Create a DTLS configuration by using the CLI

At the command prompt, type:

add lb vserver <vserver_name> DTLS <IPAddress>  <port>
add service  <service_name>  <IPAddress> UDP 443
bind lb vserver  <vserver_name>  <udp_service_name>
<!--NeedCopy-->