Users sessions start timing out and they face connectivity issues.
For websites with authentication, users may be asked to login again or will receive Forbidden Error message.
Persistence appears to be broken as NetScaler sends users based on Load Balancing Methods and does not honor persistence under certain conditions like:
In newnslog, we can see the below counters increasing:
dht_ns_tot_max_limit_exceeds dht_ns:LB_SESSION
The above counters indicate that the NetScaler has hit the total limit for persistent sessions.
dht_err_unable_to_put_replica_del_msg
The above counters indicate that the NetScaler is unable to sync/clear the session information on secondary.
lb_sess_dht_ssf_pcb_backed_up_err
This indicates that the SSF connection between the primary and secondary NetScaler is facing issues.
Refer to the following table to find the limits of persistency:
NETSCALER VERSION | 10.0 | 10.1/10/5 | 11.0/11.1 | 12.0/12.1 |
---|---|---|---|---|
Default Limit of PERSISTENCE | nCore: 150,000/Packet Engine | nCore:250,000/Packet Engine | nCore:250,000/Packet Engine | nCore:250,000/Packet Engine |
Maximum Limit of PERSISTENCE | 1,000,000/Packet Engine* |
set lb parameter -sessionsThreshold 4000000
This is a known issue. The code fix for this issue will be included from NetScaler versions 12.0.53.x, 11.1.56.x and 11.0.70.x. Upgrade to one of these versions to apply the fix for this issue.
Run the following command from NetScaler CLI to configure these changes:
set ns tcpProfile nstcp_internal_apps -WS DISABLED -nagle ENABLED
In a high availability setup, an unusually large spike in the number of persistent connections might result in under performance of the Secure Socket Funneling channel between the primary node and the secondary node. The under performance can eventually lead to session buildup on the primary node and cause persistence to fail.