Ns Usage Test
This test monitors the workload on the NetScaler appliance and the usage of its CPU resources.
Target of the test : A Citrix NetScaler Appliance
Agent deploying the test : An internal agent
Outputs of the test : One set of results for every Citrix NetScaler being monitored
|
Measurement | Description | Measurement Unit | Interpretation |
---|---|---|---|
New client connections |
Indicates the number of new client connections to the NetScaler device in the last measurement period. |
Number |
|
New server connections |
Indicates the number of new connections established between servers and the NetScaler device in the last measurement period. |
Number |
|
Tcp offload factor |
This factor monitors the connections from the NetScaler device to servers as a factor of the connections it receives from clients. |
Percent |
One of the key benefits of the NetScaler device is its ability to offload TCP connection processing from the servers to the NetScaler device itself. By doing so, the NetScaler device allows the existing server infrastructure to support a larger workload. The lower the value of this metric, the greater the benefits of the NetScaler device. |
Current client connections |
Indicates the number of connections currently established by clients to the NetScaler device. |
Number |
|
Current server connections |
Indicates the number of connections currently established by the NetScaler device to servers. |
Number |
|
Client connections refused |
Indicates the number of connections from clients that were refused by the NetScaler device during the last measurement period. |
Number |
This value should be close to 0 for ideal operation. |
Cookie sequence mismatch rejects |
Indicates the number of connections rejected because of syn cookie sequence number mismatch. |
Number |
Normal SYN cookies contain encoded information that makes it near impossible to request a connection to a host from a forged (spoofed) originating address. In this scenario, the attacker must guess a valid TCP sequence number used by that server to connect to some other legitimate host. The cryptographic protection in the standard SYN cookie makes this attack possible with as few as one million guesses, which is not impossible for a determined attacker. NetScaler uses an enhanced SYN cookie protection scheme that is fully compatible with the TCP/IP protocol, but have rendered the “forged connection” technique obsolete. Each new connection is unrelated to previous connections, and knowing a valid sequence number used for a previous connection will not enable an attacker to forge a connection. A large value of this measure could indicate failed attempts made to hack into a network. Further investigation is hence, necessary. |
Cookie signature mismatch rejects |
Indicates the number of connections rejected because of syn cookie signature mismatch. |
Number |
|
Unacknowledged SYNs received |
Indicates the number of connections dropped because of unacknowledged SYN packets. |
Number |
When a client attempts to establish a TCP connection to a server, the client and server exchange a set sequence of messages. This connection technique applies to all TCP connections (for example, Telnet, web, E-mail, and so on). The sequence for the TCP connections are:
When the sequence is complete, the connection between the client and server is open, and service-specific data can be exchanged between the client and server. The potential for attack arises at the point when the back-end server has sent an acknowledgment (SYN-ACK) to the client but has not received the ACK message from the client; this is referred to as a half-open connection in the server. A high value of this measure indicates that too many such half-open connections exist in the server, which could consume excessive system memory, causing the server system to crash or hang, or deny service to legitimate clients. |
Open connections to servers |
Indicates the number of connections established with servers. |
Number |
|
Server connection hits |
Indicates the number of client transactions in the last measurement period that used the server connection in the reuse pool. |
Number |
NetScaler appliances support a 'Connection Keep-Alive' feature that is enabled for HTTP protocols, so that persistent connections are available between the system and the client over the WAN link and also between the system and the server. This is achieved by mimicking HTTP “connection-persistence” behavior to both the client and server. The server always perceives that it is communicating with a persistent client (even if the client is not persistent) and the client always thinks it is communicating with a persistent server (even if the server is configured not to do keep-alive; for example, the server is configured to do one request per connection). One of the key benefits of this feature to a server is the creation and maintenance of a pool of ready-to-go fast server connections (i.e., the reuse pool). This pool ensures that connection requests from clients are serviced by the pool itself without having to open actual connections on the server, and thus greatly reduces the connection-burden on the server. If the value of the Server connection hits measure is very low or the Server connection misses measure is very high, it indicates that the pool is not been effectively utilized. A very low Server connection pool hit ratio is also indicative of the same. If such a situation persists, it can only result in more physical connections been opened on the server, and consequently, excessive CPU and memory erosion at the server-level. You can counter this abnormal event by ensuring that the Connection Keep-Alive feature is always enabled. |
Server connection misses |
Indicates the number of new connections made during the last measurement period because the server connection was unavailable in reuse pool. |
Number |
|
Server connection pool hit ratio |
This metric is a measure of the efficiency of the server reuse pool. |
Percent |
|
CPU usage |
Indicates the current CPU usage of the NetScaler device. |
Percent |
Ideally, this value should be low. |