PVS 6.1 – Network Optimisations
This article is designed to provide details of the modifications I make to the Networking on a Provisioning Services Server running on Windows 2008 R2.
Best Practices from Citrix strongly recommend using a seperate network for provisioning of targets so it does not cause additional traffic on the corporate network. With this in mind the test server used for this article has two network cards and an isolated network for target provision.
Warning – Some of the modifications are global settings which will affect both the corporate and provisioning networks so should only be implemented if you are sure that they are not needed on the corporate network.
Global TCP Settings
The first network modifications I make are to the Global TCP settings and consist of disabling TCP Chimney Offload and Autotuning. Both of these settings are done through the Command Prompt with Elevated Permissions using the netsh command.
TCP Chimneying Offload
TCP Chimneying Offload is a feature which allows the CPU to offload processing of the network workload to the Network Card during network transfers. In a virtual environment which most places are now, it’s a bit hit and miss it seems as to which hypervisor supports this. As a default I disable it by executing the command below in an Elevated Permissions Command Prompt to avoid any performance issues which could occur :-
netsh int tcp set global chimney=disabled
TCP Autotuning Level
TCP Autotuning Level is a new feature in the latest versions of Microsoft Operating Systems which allows the Operating System to increase the value of the TCP Receive Window size over it’s maximum value of 65,536 bytes. This setting is enabled by default on Windows 2008 R2 but can cause issues if a Firewall or network equipment does not implement or support TCP Windows Scaling. Again, as a default I disable it by executing the command below in an Elevated Permissions Command Prompt to avoid any performance issues which could occur :-
netsh int tcp set global autotuninglevel=disabled
Disable Un-needed Adapters
If IPv6 is not in use on a site I will also disable both the ISATAP and TEREDO Adapters. These are both disabled executing the commands below in an Elevated Permissions Command Prompt :-
netsh int TEREDO set state disabled
netsh int ISATAP set state disabled
Disable Un-needed Protocols & Network Items
The next set of modifications I make to the Provisioning Services Network Adapter is to disable any un-needed Protocols and Network Items, which on a Provisioning Network is pretty much everything. The Protocols and Network Items I definately remove from the Provisioning Services Network Adapter are as follows :-
- Client for Microsoft Client
- File and Printer Sharing for Microsoft Networks
- Internet Protocol Version 6 (TCP/IPv6)
- Link-Layer Topology Discovery Mapper IO Driver
- Link-Layer Topology Discovery Responder
The reasoning behind disabling these items on the Network Card are that Provisioning uses purely TCP/IP and so there’s no need to add additional traffic on the network for SMB File Sharing, IPv6, or the Link-Layer Topology Discovery.
I’m currently looking at whether the QoS Packet Scheduler is also needed or not but for the time being I leave that Enabled on the Network Adapter.
Disable DNS Registration For The Provisioning Services Network Adapter
To avoid the old issue of multiple IP Addresses being returned for a Provisioning Services Server and the possibility of routing roulette, I disable DNS Registration for the Provisioning Services Network Adapter under the IPv4 settings.