Explaining the NetScaler Policy and Packet Engine
2 min read
During the training I received recently by Joost de Vlugt (whom I can recommend for this training btw) on NetScaler 10 I got an explanation of the steps a session has to take before offering the service to the end user. Two of the most important steps are done via the policy and packet engine.
So what are the policy and packet engine? What functionality is delivered by those engines and when are we using them? While I was digging into this subject I realized that there isn’t much info about those two engines and that the information that is available is scattered across the internet so I decided to write a blog post on this topic.
Policy Engine
Citrix created the Policy Expressions (PE) language, it’s a way to create basic expressions to define policy conditions on the NetScaler. The Application Switch on the NetScaler can use the PE language.
A Policy consists of an expression and an action. Expressions are “shared” among features on the switch. Actions are “feature-specific”. So we can create an expression to determine certain file types that are being processed by the NetScaler and as an action you can compress or optimize those files.
Expressions consist of the following components:
- Name: expression name
- Qualifier: The information to be tested.
- Operator: Operation to perform.
- Operand: Values to compare to Qualifiers.
The steps a packet goes through when handles by the NetScaler Policy Processing Engine.
Invalid Displayed Gallery
Citrix released a reference for NetScaler Policy Expressions and published it under: CTX137705 which is a recommended download for everyone using expressions on the NetScaler. Another great resource for the Citrix PE is the FAQ on PE: Policy Engine (PE) Frequently Asked Questions
Packet Processing Engine
The packet engine is created to perform TCP/IP processing, optimization tasks and acceleration of packages, next to this it enforces security policies too. This is a continues process of grabbing packets, handling them accordingly and putting the packets in place again, the packet engine is designed to run an entire instance of NetScaler’s packet engine on each processor core (nCore technology) and runs as a kernel component on the NetScaler.
The functionality of the Packet Engine:
• Packet Processing
• Load Balancing
• SSL Processing
• Content Switching
• Compression
• Content Filtering
• Policy Evaluation
• DDoS Protection
So basically the Packet Processing Engine is responsible for all load balancing acceleration, server offload and security tasks.
Conclusion
These two components for the NetScaler enable us to do all the amazing stuff you can do with this device, basically your own imagination is the limitation of what this device can do (or the governance of the architecture it has to fit in ;-)).
Kees Baggerman
Latest posts by Kees Baggerman (see all)
- When the Orchard Ships Production Software: AI-Augmented Development in the Real World - May 17, 2026
- Nutanix Documentation Script v5.0: Visual Reports, Brand Templates, and Seven Embedded Diagrams - May 15, 2026
- Nutanix AHV and Citrix MCS: Adding a persistent disk via Powershell – v2 - November 19, 2019
- Recovering a Protection Domain snapshot to a VM - September 13, 2019
- Checking power settings on VMs using powershell - September 11, 2019
One Comment