Jump to content

Recommended Posts

Posted

If you were to manually fail over your Netscaler HA pair, what is the expected time for clients to actually reconnect? We are testing Netscaler v12 HA pair and what we are seeing is that it takes about 29 seconds from the moment of failover before clients reconnect.

 

Here is our setup:

  • 2x Netscaler Gateway VPX 12.0 41.16.nc
  • 6GB memory, 4vCPU = 3 PPE and 1 Management
  • Only 2 active ICA over UDP 

 

Now we have been testing this with EDT (UDP) and not using TCP.

 

I see in the Netscaler logs that it actually failed over and the services became active within 3 seconds, but for some reason it takes Receiver 29 seconds to actually reconnect.

 

Is there a setting that could be changed on the receiver side or is it possibly something else I am not thinking about?

Posted

Not using EDT/UDP based connection, but our TCP based ICA connections to NSG sometimes experience subsecond interruption times on failovers but usually it is only 1-2 seconds.

 

I've done failovers for the same NetScaler device that I am connected to for my VDI session and have experienced no interruption at all. I get a little pop-up as if session reliability is kicking in, but no grey screen, no delays. 

Posted

Regarding the failover speed, are other connections re-established quicker to other services? Is everything consistently 29 seconds?

 

When a NetScaler HA event occurs, the NetScaler needs to flood the network with GARP packets notifying other devices that the floating virtual IPs have moved to the MAC of the interfaces on the new primary NetScaler. Some devices do not keep up well with the GARP traffic and can experience delays with resuming the flow of traffic. Check out your other upstream network devices and firewalls and validate they are actually seeing the updated ARP entries in a reasonable time.

Posted

That is what I was looking for was a comparison. Thank you for that. I am also going to try TCP to see if it makes a difference.

 

So far for two tests it seems 29 seconds is consistent. I plan on testing this more thoroughly tomorrow since it is a lab environment. I will check the upstream network devices also the best I can. Hopefully I can get that failover time down lol

Posted

Regarding the failover speed, are other connections re-established quicker to other services? Is everything consistently 29 seconds?

 

When a NetScaler HA event occurs, the NetScaler needs to flood the network with GARP packets notifying other devices that the floating virtual IPs have moved to the MAC of the interfaces on the new primary NetScaler. Some devices do not keep up well with the GARP traffic and can experience delays with resuming the flow of traffic. Check out your other upstream network devices and firewalls and validate they are actually seeing the updated ARP entries in a reasonable time.

 

Well i'm having issues checking some of this on my hardware because I'm not finding documentation on how to monitor this. We are using HP FlexFabric modules (virtual connect) and HP 5412zl core switches. Still researching

Posted

Regarding the failover speed, are other connections re-established quicker to other services? Is everything consistently 29 seconds?

 

When a NetScaler HA event occurs, the NetScaler needs to flood the network with GARP packets notifying other devices that the floating virtual IPs have moved to the MAC of the interfaces on the new primary NetScaler. Some devices do not keep up well with the GARP traffic and can experience delays with resuming the flow of traffic. Check out your other upstream network devices and firewalls and validate they are actually seeing the updated ARP entries in a reasonable time.

 

Nathan,

 

I did some more testing and found out it is EDT/UDP that is the problem. With EDT/UDP it takes 29 to 32 seconds every time but with TCP it is pretty much a flash of the window.

 

I'm going to open a ticket with Citrix to see if that is by design or if something else can be done to make the reconnect faster.

  • 4 weeks later...
  • 4 months later...
Posted

I wanted to update this case and suggest that it could be something with the firewall UDP timeout. Mine happened to be set to 30 seconds which was the default. I tested lowering it to seconds but it doesn't seem to have lowered the time it takes after the Netscaler fails over before Receiver attempts to reconnect.

  • 4 years later...
Posted
On 11/18/2017 at 11:04 PM, Jacob Dixon1709152413 said:

I wanted to update this case and suggest that it could be something with the firewall UDP timeout. Mine happened to be set to 30 seconds which was the default. I tested lowering it to seconds but it doesn't seem to have lowered the time it takes after the Netscaler fails over before Receiver attempts to reconnect.

Did you ever find an answer for this.  

I am seeing the same results with EDT enabled and HA Failover.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...