-
Getting Started with NetScaler
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
-
Web proxy support for outbound calls to IDP or third party endpoints
-
Web Application Firewall protection for VPN virtual servers and authentication virtual servers
-
On-premises NetScaler Gateway as an identity provider to Citrix Cloud™
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
Configure DNS resource records
-
Configure NetScaler as a non-validating security aware stub-resolver
-
Jumbo frames support for DNS to handle responses of large sizes
-
Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode
-
Use case - configure the automatic DNSSEC key management feature
-
Use Case - configure the automatic DNSSEC key management on GSLB deployment
-
-
-
Source IP address whitelisting for GSLB communication channels
-
Use case: Deployment of domain name based autoscale service group
-
Use case: Deployment of IP address based autoscale service group
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the NetScaler appliance
-
-
-
-
Authentication and authorization for System Users
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
AI gateway - Observability
NetScaler AI gateway collects AI specific metrics and logs and exposes them to Splunk by default. A sample Splunk dashboard can be downloaded from the Citrix Download website to visualize the metrics and logs exported by the AI gateway.
Entity: server_svc_cfg
| Metric Name | Description |
|---|---|
| si_tot_llm_input_tokens | Total Number of input tokens processed by the server |
| si_tot_llm_output_tokens | Total Number of output tokens processed by the server |
| si_tot_llm_tokens | Total Number of tokens (input + output) |
| si_cur_llm_tpm | Number of total (input + output) tokens per frequency interval |
| si_err_llm_token_limit_hit_on_server | Number of times the token limit reached on the server |
| si_cur_llm_latency | Token latency for this server |
| si_llm_tokenspermin | Configured value of token limit for the server |
| si_err_llm_token_limit | Number of times the token limit reached for the service in NetScaler |
Entity: vserver_lb
| Metric Name | Description |
|---|---|
| vsvr_llm_apptype | Configured Large Language Model (LLM) app type for the virtual server (Currently Azure OpenAI) |
| vsvr_err_llm_unsupported_request | Error counter when NetScaler receives an unsupported request |
| si_tot_llm_input_tokens | Total number of input tokens processed by the load balancing virtual server |
| si_tot_llm_output_tokens | Total number of output tokens processed by the load balancing virtual server |
| si_tot_llm_tokens | Total number of tokens (input + output) processed by the load balancing virtual server |
Entity: vserver_cs
| Metric Name | Description |
|---|---|
| si_tot_llm_input_tokens | Total number of input tokens processed by the content switching virtual server |
| si_tot_llm_output_tokens | Total number of output tokens processed by the content switching virtual server |
| si_tot_llm_tokens | Total number of tokens (input + output) processed by the content switching virtual server |
| si_cur_llm_tpm | Number of total (input + output) tokens per frequency interval |
| vsvr_llm_apptype | Configured Large Language Model (LLM) app type for the virtual server (Currently Azure OpenAI) |
Entity: cs_pol
| Metric Name | Description |
|---|---|
| pcb_hits | Number of hits on the policy on this binding. |
| pcb_undef_hits | Number of undef hits on the policy on this binding. |
Note:
These counters are not exported by default and need to be added in the schema file. For the analytics time series profile using the schema, run
-metrics DISABLEDfollowed by-metrics ENABLEDto refresh any change in schema.json.
Refer to the NetScaler observability integrations on sending metrics :
-
https://docs.netscaler.com/en-us/citrix-adc/current-release/observability/metrics.html
-
https://docs.netscaler.com/en-us/citrix-adc/current-release/observability/prometheus-integration
-
https://docs.netscaler.com/en-us/citrix-adc/current-release/observability/metrics-splunk-integration
Web Insight records
The following fields are exported as part of Web Insight records if there are rate limit alerts.
| JSON Field Name | Description |
|---|---|
| rate_limit_identifier_name | Configured name of ns limitidentifer. |
| rate_limit_selector_stream_name | Stream name based on selector expressions for which rate-limiting was applied |
| rate_limit_mode | Configured Rate limit mode |
| rate_limit_threshold | Configured Rate limiting threshold per stream. |
| rate_limit_value | Value at which rate-limiting was applied. |
Note:
- These fields are not exported by default and need to be added in the data format file. If the data format file is changed then use the
update analytics profile <profile name> -data FormatFile <filename>command to ensure that the analytics profile is using the updated data format file.- Set the
log_all_json_fieldattribute in the NetScaler CPX YAML file to send all the JSON fields for insights. If thelog_all_json_fieldattribute is not set, then the data format file in the NetScaler CPX must be updated manually for the relevant fields, which is not recommended for the NetScaler CPX form factor.
The rate-limiting logs can be sent to Splunk. For information on sending logs to Splunk, see Export transaction logs directly from NetScaler to Splunk.
Usage tracking
Usage tracking allows you to track the input and output tokens or requests based on criteria such as team, user, application. NetScaler expects that the AI application sends the attributes such as the userid or teamid in HTTP header (such as X-user-id or X-org-id). This feature uses processed insights for tracking.
| JSON Field Name | Description |
|---|---|
| observationPointId | An identifier of an Observation Point that is unique per Observation Domain. |
| nsPartitionId | An identifier of the NetScaler partition exporting the records. |
| stream_usecase | Stream Insights use case. |
| stream_sess_name | Stream Insights Stream session name. |
| stream_iden_name | Stream Insights Stream identifier name. |
| Requests | Number of requests consumed in the stream. |
| Bandwidth | Bandwidth used in the stream. |
| Connections | Number of active connections in the streams. |
| Resptime | Average response time. |
| Tokens | Number of input and output tokens consumed for LLM traffic in the stream. |
| stream_sort_key | Sort Identifier for the Top N results (Example: REQUESTS, TOKENS). |
| Timestamp | Timestamp of the export. |
Here is a sample configuration where the tokens are being tracked per user and the user-id is sent in X-user-id HTTP header.
-
Create a Stream selector. In this step, the statistics are aggregated for the
user id.add stream selector <stream selector name> <rule> <!--NeedCopy-->Example:
add stream selector user_header "HTTP.REQ.HEADER(\"X-user-id\")" <!--NeedCopy--> -
Create a stream identifier.
add stream identifier <stream identifier name> <stream selector name> -interval <interval in mins> -logInterval <log interval in minutes> -logLimit <log limit> -sort TOKENS -trackTransactions TOKENS <!--NeedCopy-->Example:
add stream identifier si_gpt41_user_token testheader -interval 10 -logInterval 10 -logLimit 20 -sort TOKENS -trackTransactions TOKENS <!--NeedCopy-->In this configuration:
- Interval: Number of minutes of data to use when calculating session statistics (number of requests, number of tokens). The interval is a moving window that keeps the most recently collected data. Older data is discarded at regular intervals.
- logInterval: Time interval in minutes for logging the collected objects. The log interval must be greater than or equal to the interval of the stream identifier.
- logLimit: Maximum number of objects to be logged in the log interval.
-
Create a collector service for Splunk.
add service <collector> <splunk-server-ip-address> <protocol> <port> <!--NeedCopy-->Example:
add service splunk_service 10.102.34.155 HTTP 8088 <!--NeedCopy-->In this configuration:
- ip-address: Splunk server IP address.
- collector-name: Name of the collector.
- protocol: Specify the protocol as HTTP or SSL.
- port: Port number.
-
Create analytics profile of type
stream analyticsand enabletopN.add analytics profile <profile-name> -type <insight> -collectors <collector-name> -analyticsAuthToken "<auth-scheme> <authorization-parameters>" -analyticsEndpointContentType "application/json" -analyticsEndpointUrl <endpoint-url> -topn ENABLED <!--NeedCopy-->Example:
add analytics profile topn_stream_profile -type streaminsight -topn ENABLED -analyticsAuthToken "Splunk 0471e73f-ee4b-44c3-90db-2461341d7b24" -analyticsEndpointUrl "/services/collector/event" -analyticsEndpointContentType "application/json" -collector splunk -dataFormatFile splunk_new1.txt <!--NeedCopy--> -
Bind analytics profile to stream identifiers.
bind stream identifier <stream identifier name> -analyticsProfile <analytics profile name> <!--NeedCopy-->Example:
bind stream identifier si_gpt41_user_token -analyticsProfile topn_stream_profile <!--NeedCopy--> -
Create a responder policy to collect stats for the given identifier.
add responder policy pol_collect_gpt41_user_token 'analytics.stream("si_gpt41_user_token").COLLECT_STATS' NOOP <!--NeedCopy--> -
Bind the responder policy to the target AI gateway virtual server for which the traffic must be analyzed by the identifier. To enable the same stream identifier to process traffic from multiple virtual servers, bind the responder policy to all the virtual servers.
bind lb <LBVserver Name> -policyName <Responder Policy Name> -priority 1 -gotoPriorityExpression NEXT -type REQUEST <!--NeedCopy-->Example:
bind lb vserver gpt-4.1 -policyName pol_collect_gpt41_user_token -priority 220 -gotoPriorityExpression NEXT -type REQUEST <!--NeedCopy-->
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.