Apart from providing the common ADC features and functionalities, NetScaler inherently protects the server farms from various kind of security and scalability issues. One of the most common threat to the server farm is Surge in client connections. At times the Surge can completely bring the server down or make it unresponsive to clients. Usually Surge grows at varying rate which needs to be detected at different levels and addressed accordingly. Servers are also bound with the rate at which they can handle new connections. A server may be able to handle 10000 connections over a period of time but it may not be able to handle more than 100 new connections per second.

To fight with the Surge in client connection NetScaler provides Surge Protection feature which is enabled by default. Surge Protection works in Normal mode of setting and it can be changed to Aggressive and Relaxed based on your need. We will look at how we protect against the Surges in incremental rate limiting method based on different Throttle settings. Here the Base Threshold remains at default value of 200. The Base Threshold value can be changed for any Throttle mode and based on the difference from last value rest of connection handling table will get adjusted.

Throttle – Normal

Connection Range Rate at which NetScaler opens connection with server Rate Per Second
Up to 200 Instantaneous Not Limited
200 – 400 1 connection every 10 millisecond 100 connections
400 – 800 1 connection every 20 millisecond 50 connections
800 – 2000 1 connection every 50 millisecond 20 connections
Beyond 2000 1 connection every 100 millisecond 10 connections

Throttle – Aggressive

Connection Range Rate at which NetScaler opens connection with server Rate Per Second
Up to 200 Instantaneous Not Limited
200 – 384 1 connection every 10 millisecond 100 connections
384 – 684 1 connection every 30 millisecond 33 connections
684 – 1184 1 connection every 80 millisecond 12 connections
Beyond 1184 connection every 500 millisecond 2 connections

Throttle – Relaxed

Connection Range Rate at which NetScaler opens connection with server Rate Per Second
Up to 200 Instantaneous Not Limited
200 – 700 1 connection every 10 millisecond 100 connections
700 – 1700 1 connection every 10 millisecond 100 connections
1700 – 2700 1 connection every 10 millisecond 100 connections
Beyond 2700 1 connection every 10 millisecond 100 connections

In case of relaxed every connection after 200 goes with same Rate Limit timeframe. The other part of the configuration is to tweak the Base Threshold value. If you change the Base Threshold value to 100 for the Throttle setting at Normal, the feature dynamics would change to:

Throttle – Normal, Base Threshold – 100

Connection Range Rate at which NetScaler opens connection with server Rate Per Second
Up to 100 Instantaneous Not Limited
100 – 300 1 connection every 10 millisecond 100 connections
300 – 700 1 connection every 20 millisecond 50 connections
700 – 1900 1 connection every 50 millisecond 20 connections
Beyond 1900 1 connection every 100 millisecond 10 connections

Based on the Throttle and Base Threshold values we can configure Surge Protection for most of common use cases. For specific use cases we can also create custom Surge Protection table based on Custom Throttle. Sample configuration:

> set ns spParams -throttle custom -table 100:10:200:50:400:100:800:200
_ Done_

Connection Range Rate at which NetScaler opens connection with server Rate Per Second
Up to 100 Instantaneous Not Limited
100 – 200 1 connection every 10 millisecond 100 connections
200 – 400 1 connection every 50 millisecond 20 connections
400 – 800 1 connection every 100 millisecond 10 connections
Beyond 800 1 connection every 200 millisecond 5 connections

Thus NetScaler provides complete control on Surge Protection feature and its configuration for specific use cases.