With the rate limiting feature in Citrix NetScaler, we can define a maximum load for load balancing virtual servers or configured backend servers. With this feature, we can configure so as to let Citrix NetScaler monitor the rate of traffic. Based on the configured rate limiting, Citrix NetScaler can block access for example. This monitoring feature is real-time. The rate limiting feature is especially useful when the network is under attack. So, with rate limiting, it's possible to prevent Distributed Denial-of-Service (DDoS) attacks. By using rate limiting, we can improve the reliability of the network and the resources that are presented by Citrix NetScaler.
Monitoring and controlling of the rate of traffic can be done based on:
With rate limiting, it's possible to throttle the traffic rate when it's too high. It's also possible to redirect traffic to another load balancing virtual server if it exceeds the configured limits. We can apply these rate-based monitors to HTTP, TCP, and DNS requests.
For every instance or request, it's possible to configure different limiters. The different options available will be described shortly.
In order to use limiters, we need filters to identify where the limit needs to be configured. These filters are called rate limiting selectors. A lot of predefined filters are already available, but if necessary, we can create a new one.
Rate limiting can be accessed using the following code in, for example, rewrite policies and responder policies:
SYS.CHECK.LIMIT(NAMEOFTHECREATEDRATELIMITIDENTIFIER)
Go to AppExpert | Rate Limiting | Selectors and click on Add. Fill in the correct information based on this explanation:
CLIENT.IP.SRC
or HTTP.REQ.LB_VSERVER.NAME
After we have created the selector, we will create the actual Limit Identifier. This Limit Identifier contains settings about the limit. Fill in the correct information based on the following explanation:
REQUEST_RATE
, CONNECTION
, or NONE
. With REQUEST_RATE
, we monitor the requests/time slice; with CONNECTION
, we monitor the active transactions; and with NONE
, we don't define any type of traffic for tracking.REQUEST_RATE
. With Limit Type, we can select two types: SMOOTH
and BURSTY
. With SMOOTH
, we spread the permitted number of requests in a given interval of time in the configured time slice. With BURSTY
, we only allow the maximum configured quota in the time slice.REQUEST_RATE
is selected, the mode will be the maximum tracked requests. In the CONNECTION
mode, this threshold will be the total number of allowed connections.