100% CPU usage observed on NetScaler VPX. The affected NetScaler reboots.

The following symptoms are observed:
Memory Page failure.
Memory allocation failure.
NIC transmission queue overflow.
SurgeQ timeout.

Allocate more CPU for the VPX and increase the throughput (upgrade license) if you are expecting increased traffic.

Problem Cause

There are two aspects in this case:

1. There is a traffic burst in the deployment (SSL) when this issue happens.
2. The device becomes unresponsive because the CPU hits the maximum and it is out of resources to perform any further operation.

In general when you have SSL traffic in use on VPX, it will increment the CPU usage because NetScaler VPX does all SSL processing in software in comparison to the hardware devices that have dedicated SSL cards. Given that there is a surge in traffic, it is common for the CPU to go up.

Enabling Application Firewall is not a good idea in this case because you already have significant load on NetScaler and when Application Firewall is on, all the traffic needs to be inspected and for that Application Firewall engine would consume further more CPU.

If the hypervisor has enough resources, then increase the vCPUs and check the performance of the appliance. This would need a reboot of the device.