That post, and this one, were inspired by a recent round of IXIA to NetScaler testing that was performed in the Santa Clara lab. As the previous post mentions, there are some differences between TCP Slow-Start and Load Balancing Slow-Start and ways to disable or get around them so they don’t affect your users. There were some other topics intentionally left out of that post so as not to muddy the waters so to speak. However, I think there is good reason to add them here in another post as they too are relevant. In addition to TCP Slow-Start and Load Balancing Slow-Start, there are some modes of operation called Surge Protection, Surge Queue and Priority Queuing. Just to clarify, TCP Slow-Start and Load Balancing Slow-Start are unrelated to Surge Protection, Surge Queue and Priority Queuing. Also keep in mind this information can be found in the NetScaler documentation.
Surge Protection
The Surge Protection feature of a NetScaler appliance can be used to protect server resources from high network traffic load. The Surge Protection feature queues the client requests and releases the same to the server in a controlled manner. This prevents saturation of the server resources. This feature is helpful in the scenarios where you have limited server capacity and the network traffic is consistent.
Throttle Settings | Throttle Rate (Connections, Milliseconds) | |||
Normal | 200,10 | 400,20 | 800,50 | 2000,100 |
Aggressive | 16,10 | 200,30 | 500,50 | 1000,500 |
Relaxed | 500,10 | 1000,10 | 2000,10 | 3000,10 |
As specified in the values for the throttle rate in the preceding table, the following scenarios explain how Surge Protection handles connections when you set throttle settings to Normal, which is the default setting:
- The first 199 connections get unrestricted access to the backend server.
- 200 to 399 connections are opened at the rate of 1 connection per 10 milliseconds.
- 400 to 799 connections are opened at the rate of 1 connection per 20 milliseconds.
- 800 to 1999 connections are opened at the rate of 1 connection per 50 milliseconds.
- 2000 or more connections are opened at the rate of 1 connection per 100 milliseconds.
Surge Queue
The Surge Queue is the default queue every connection will land up in if it does not go to any of the SureConnect Queue, Priority Queue, or DOS Queues. This queue is maintained for every configured or dynamically learned server on NetScaler. The Surge Protection feature also works based on this queue and regulates the speed at which connections should be opened up with backend servers.
Surge Queues based on priority order:
NetScaler Queues |
Priority |
SureConnect | 0 |
PQ – Level1 | 1 |
PQ – Level2 | 2 |
PQ – Level3 | 3 |
HTTP DOS Queue | 4 |
Surge Queue | 5 |
Priority Queueing
Priority Queues are activated based on the PQ policies configured on NetScaler. It can support 3 levels of priority queues for incoming client requests. All 3 queues are maintained separately and NetScaler ensures to serve connections in level1 queue before level2 queue. Similarly it services connections in level2 queue before serving connections from level3 queue.
Read more about Craig Ellrod here