• View Communities
    • Citrix Developer Network
      The place for unfiltered straight talk on Citrix products. Blogs, code downloads, best practices, APIs, and more can all be found here.
    • Citrix Ready Community Verified
      Does it work with Citrix? Application compatibility questions are a thing of the past with the new Citrix Community Verified site.
    • Blogs
      Learn the latest from the Citrix employees who are building application delivery infrastructure technologies.
    • Blogosphere
      The Citrix Blogosphere is a window into the thousands of conversations taking place about Citrix and Application Delivery.
  •  Sign In
The Citrix Blog
Blogs for tag 'traffic management'

Permalink | Twitter Post to Twitter | Comments (0) | Views (2442) |

12 Jun 2009 11:38 AM EDT
NetScaler nCore
[ Tags:  appexpert ,   apptips ,   number 1 load balancer ,   load balancing ,   load balancer ,   netscaler ,   application delivery ,   application controller ,   ssl offload ,   tcp multiplexing ,   caching ,   compression ,   rewrite ,   howto ,   tips ,   site balancer ,   ssl balancer ,   website load balancer ,   policy ,   rate ,   enforcement ,   traffic management ,   traffic enforcement ,   packets ,   transactions ,   bandwidth ,   network overload ,   security ,   attacks ,   diverting ,   watermark ]
posted by Craig Ellrod

Netscaler nCore

Already announced at iForum, but worthy of buzz, is the new multi-core, parallel processing architecture for the Citrix NetScaler released in version 9.1 - nCore Technology. Applications are becoming more dynamic and demanding as we have seen in recent community, social networking and Web 2.0 advancements. Browser request and server response is the old model. Rich interactive applications that provide real-time information require real-time connections between browser and server. Enterprise software vendors such as SAP, Microsoft, Oracle and others understand the need to push toward highly interactive applications that enrich the functionality and user experience.

The richness of experience manifests in several ways:

  • Protocols: New protocols such as Ajax, Comet, Ruby, etc.
  • Connections: Web 2.0 protocols generate more connections between client and server.
  • Chattiness: Web 2.0 protocols initiate more requests between the client and server.
  • Applications: Rich Internet applications such as Flash, Flex and Silverlight make applications engaging and interactive.
  • Clients: Clients are always connected and content needs to be optimized for them (iPhone, Symbian, Blackberry, Palm, Windows Mobile, Internet Explorer, Firefox, Safari).

ADC's need to deliver greater performance and scalability by supporting higher levels of throughput, HTTP requests, concurrent connections and SSL Transactions. ADC's need to handle the increase in connections and requests to offload the demands placed on back-end web servers. The demands for caching, compression and application firewalls will increase as well.

In order to meet the increasing demand in application delivery environments, you need the Citrix NetScaler nCore technology.

Tap into the power of AppExpert!

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (5596) |

31 Mar 2009 01:06 PM EDT
Rate Based Policy Enforcement
[ Tags:  netscaler ,   appexpert ,   apptips ,   number 1 load balancer ,   load balancing ,   load balancer ,   netscaler ,   application delivery ,   application controller ,   ssl offload ,   tcp multiplexing ,   caching ,   compression ,   rewrite ,   howto ,   tips ,   site balancer ,   ssl balancer ,   website load balancer ,   policy ,   rate ,   enforcement ,   traffic management ,   traffic enforcement ,   packets ,   transactions ,   bandwidth ,   network overload ,   security ,   attacks ,   diverting ,   watermark ]
posted by Craig Ellrod

Rate Based Policy Enforcement:

New in NetScaler 9.0 are Rate-Based policies which can be used to control, limit and throttle traffic to various servers. Rate Based Policies use the advanced expression syntax found in the Policy Infrastructure (PI) format of the NetScaler, which is also new for 9.0.

You can monitor the rate of traffic that flows through virtual servers or other User defined entities that are associated with different virtual servers, including URLs, domains, and combinations of URLs and domains.

You can control Citrix NetScaler behavior based on the traffic rate, including throttling the traffic flow if it is too high, caching information based on the traffic rate, and redirecting traffic to a new load balancing virtual server based on the traffic rate. You can apply rate-based monitoring to HTTP and DNS requests. You configure traffic rate limit identifiers to monitor the rate of traffic. These identifiers can include filters, known as rate limit selectors, to restrict monitoring (for example, based on IP addresses or subnets). You specify traffic rate limit identifiers in rules for advanced policies in any feature where these identifiers may be useful, including Rewrite, Responder, DNS, and Integrated Caching.

Rate-based monitors can be based on the number of HTTP or DNS requests, number of packets, transactions or amount of bandwidth being used. This is useful for preventing overloads on a network, preventing security attacks, and diverting traffic once it reaches a certain watermark.

More on Rate-Based Policy Enforcement can be found in the NetScaler Traffic Management Guide.

Tap into the power of AppExpert!

Expand Blog Post
Permalink | Twitter Post to Twitter | Comments (0) | Views (6891) |

13 Nov 2008 11:33 AM EST
New Policy Features in NetScaler 9.0
[ Tags:  policy ,   netscaler ,   pi ,   expressions ,   netscaler ,   new in release 9 ,   traffic management ]
posted by Nina Wishbow

What's New

This release provides many enhancements to the policy infrastructure, including:
•    Policies for analyzing the traffic rate
•    Policies for sending queries to an external application
•    Graphical tools for easier creation of policies (see the enclosed video tip for a demo)
•    Configuration of policy labels and policy banks
•    Policy expression parameters for analyzing new types of data, including IPv6 addresses.
•    New documentation for policies and expressions.

Policies to Analyze the Traffic Rate

You can configure policies that parse the request rate or bandwidth usage. The most popular uses for policies based on traffic rate include limiting access to virtual servers or any other user-defined entity, and preventing network overload. You can configure NetScaler features to perform any other supported action based on the traffic rate, for example, redirecting traffic if the rate exceeds a particular threshold.

In this release, you can configure rate-based policies based on the following:
•    The number of HTTP requests that the NetScaler intercepts.
•    The number of DNS requests that the NetScaler intercepts.
•    The bandwidth usage.

Policies to Send HTTP Requests to Remote Applications

You can configure HTTP callout policies to obtain information from external applications and parse the responses. For example, if a server makes a request, you can use an HTTP callout request to determine if this server is on a "deny access" list. The HTTP callout request can send the requesting server's domain to an application that looks up bad domains from a list. When the application sends a response to the NetScaler, the HTTP callout policy can extract the "allowed" or "denied" determination from the response.

To deploy the HTTP callout policy, you also create an agent in front of the application to format the HTTP callout request for the application. When the application returns a response, the agent formats the response for the NetScaler, so that the callout policy can extract data of interest from the response.

You can invoke HTTP callout policies from any other type of NetScaler advanced policy using the expression prefix SYS.HTTP_CALLOUT. For example, you can invoke an HTTP callout policy from a rewrite action and insert the value that is returned by the callout in an HTTP response header.

Policy Banks and Policy Labels

This release introduces new methods for configuring collections of advanced policies known as policy banks. Policy banks are groups of polices that share the same bind point:

•    Built-in bind points are global or specific to a virtual server.
•    A user-defined bind point is known as a policy label.  

After you create a policy label and bind policies to it, you invoke the policy label (and its associated policies) from one of the built-in bind points. If you bind policies to a virtual server, you can also invoke the virtual server's policy bank from any other policy bank. You can invoke a policy label or policy bank using when binding a policy or by specifying a new "NOPOLICY" place-holder that performs invocation without processing a rule.

As part of policy bank configuration you can also create an arbitrary evaluation order by specifying Goto expressions.

A new graphical tool called the Policy Manager simplifies configuration of policy banks and invocation of policy labels.

Policy Manager and Other Usability Enhancements

In this release, some applications provide a specialized Policy Manager in the NetScaler configuration utility to simplify the binding of policies to an invocation point or a user-defined policy label, assigning policy priorities to policies, viewing the different policy banks that are configured in the feature. The Policy Manager also enables you to find and delete policies and actions that are not being used. As of release 9.0, the Policy Manager is available for the Rewrite, Integrated Caching, and Responder features.

In addition, the configuration utility simplifies the task of viewing policy bindings to vservers. A Visualizer in the Load Balancing and Content Switching features enables you to view policy bindings as well as service and monitor bindings.

See the enclosed video tip for a demo of the Policy Manager.

New Parameters for Classic and Advanced Expressions

New expression parameters have been provided for parsing additional types of data, including:
•    IPv6 addresses
•    String sets (comparisons with any or all strings in a set)
•    Caching headers
•    Dates and times  
•    File system information (files, directories, file system commands)

Policy Configuration and Reference Guide

A new policy guide provides comprehensive information on all the available parameters for advanced and classic policies and configuration instructions. This guide is available from the Documentation tab in the NetScaler configuration utility.

Video Tips

Video tip 1: Using the Policy Manager to add the first policy in a policy bank:

Video tip 2: Using the Policy Manager to add a second policy and order the policies in the bank:

Expand Blog Post