Why do you need to disable Surge Protection on HTTP services with USIP ON?
FAQ: Why do you need to disable Surge Protection on HTTP services with USIP ON?
A: For HTTP services, Surge Protection must be OFF if USIP is enabled. For non-HTTP protocols (service type UDP/TCP/FTP/and so on) this restriction is not applicable.
With USIP enabled in the NetScaler, when a client connects to a virtual server (or service), the NetScaler uses the actual IP address of the client, but the TCP/IP port(s) of the internal dummy IP (0.0.0.1). After the client is done with this connection, it is kept in the reuse pool until it is timed out so that it can be used again, if necessary. In USIP mode, there is no connection reuse across different hosts, instead connection reuse is only available for connections coming from the same client IP address. Because the NetScaler opens a new connection for each Client IP in USIP mode, there will be a lot of connections in the reuse pool.
Surge protection works on the total number of server connections, and as explained above, with USIP turned ON, the NetScaler will have a lot of HTTP server connections in the reuse pool. A large reuse pool inflates the total number of server connections, and hence Surge Protection does not function correctly because it aggressively throttles the number of new connections that are opened to the server(s).
http://support.citrix.com/article/ctx120544
大概就是使用了USE SOURCE IP之后,reuse pool里面会有很多的连接,那么Surge protection会认为连接过多,杀掉本来正常的连接
相关日志:
- NetScaler — What is the meaning of the “Limiting closed port RST response from xxx to 200 packets per second” console message?
- NetScaler — CKA(Client Keep Alive)
- HTTP pipeline 和 persistent connection
- NetScaler — Vserver 和Service 的性能分析(nsconmsg)
- NetScaler — Maxclients 和 Current Server Connections
本文链接地址: http://www.sanotes.net/html/y2009/406.html
(No Ratings Yet)
Loading ...
路过,帮你踩踩!