« previous next »
Pages: [1]   Go Down

Author Topic: Limiting outbound connections  (Read 578 times)

Offline InterestedUser

  • Contributor
  • *
  • Posts: 1
  • Karma: 0
Limiting outbound connections
« on: May 22, 2009, 05:34:56 PM »
We are experimenting with limiting outbound connections to an Internet resource and wanted to confirm we are doing things the right way.  Our goal is to ensure that our entire network infrastructure does not flood a site (e.g., google.com) with more than N connections at once.  For example, we would like to make sure that no more than 4 connections to www.google.com are  open at any one time.

We understand that we can possibly do this by creating a service for the site (e.g., www.google.com) and then specifying max clients for that service. (e.g., 4)  We would of course ensure that all outbound requests go through our NetScaler, so that the throttling can occur. 

Does this sound like the right way to do things?  Also, is there any configuration we need to set to ensure that connections above our max are queued until a slot opens up?
Logged

Offline jmelika

  • Administrator
  • Hero Member
  • *****
  • Posts: 341
  • Karma: 7
Re: Limiting outbound connections
« Reply #1 on: May 24, 2009, 09:26:25 PM »
Hi there.  I am assuming you are running v9.  Please correct me if I'm mistaken.  v9 seems to have new ways of traffic throttling; although they are geared more towards inbound traffic rather than outbound.  I see your infrastructure can be considered crawlers, which puts you in the unique position of requiring more oubtound control than inbound.

I am not running v9, but I think you should take a look at it if you haven't already done so.  This article describes the features in v9 http://support.citrix.com/servlet/KbServlet/download/18656-102-152030/NS_TMG.pdf.  Take a look at page 325.

I hope this helps.

Good luck!
JM
Logged

Offline Marco Schirrmeister

  • Hero Member
  • *****
  • Posts: 101
  • Karma: 14
Re: Limiting outbound connections
« Reply #2 on: June 02, 2009, 06:24:35 AM »
You are asking for the right way. I don't think it is the right way to use the NetScaler for outbound traffic control.

If you have the fear that you site could attack some other sites with to many requests or traffic, then I think you should implement some other device who can control traffic in a better way.

When you want to create a local vserver for www.google.com, do you then want manipulate internal DNS for www.google.com to your vserver ip?
Even if that works, you have to check when the google.com ip addresses are chaning. Because IPs are like smoke and mirror. ;-)


Marco
Logged

Offline jmelika

  • Administrator
  • Hero Member
  • *****
  • Posts: 341
  • Karma: 7
Re: Limiting outbound connections
« Reply #3 on: June 02, 2009, 10:35:14 AM »
Marco,

I believe he is crawling certain sites and he's trying to keep his bots under control without opening the flood gates on individual sites and end up getting banned/flagged for doing so.  I agree with you he shouldn't look at the Netscaler to do that.  I think you're trying to invent a new role for a product that was not designed specifically for this purpose.  Just my $0.02.
Logged
Pages: [1]   Go Up
« previous next »