Explaining the NetScaler Policy and Packet Engine

Citrix NetScalerDuring the training I received recently by Joost de Vlugt (whom I can recommend for this training btw) on NetScaler 10 I got an explanation of the steps a session has to take before offering the service to the end user. Two of the most important steps are done via the policy and packet engine.

So what are the policy and packet engine? What functionality is delivered by those engines and when are we using them? While I was digging into this subject I realized that there isn’t much info about those two engines and that the information that is available is scattered across the internet so I decided to write a blog post on this topic.

Policy Engine

Citrix created the Policy Expressions (PE) language, it’s a way to create basic expressions to define policy conditions on the NetScaler. The Application Switch on the NetScaler can use the PE language.

A Policy consists of an expression and an action. Expressions are “shared” among features on the switch. Actions are “feature-specific”. So we can create an expression to determine certain file types that are being processed by the NetScaler and as an action you can compress or optimize those files.

Expressions consist of the following components:

  • Name: expression name
  • Qualifier: The information to be tested.
  • Operator: Operation to perform.
  • Operand: Values to compare to Qualifiers.

The steps a packet goes through when handles by the NetScaler Policy Processing Engine.

Invalid Displayed Gallery


Citrix released a reference for NetScaler Policy Expressions and published it under: CTX137705 which is a recommended download for everyone using expressions on the NetScaler. Another great resource for the Citrix PE is the FAQ on PE: Policy Engine (PE) Frequently Asked Questions


Packet Processing Engine

The packet engine is created to perform TCP/IP processing, optimization tasks and acceleration of packages, next to this it enforces security policies too. This is a continues process of grabbing packets, handling them accordingly and putting the packets in place again, the packet engine is designed to run an entire instance of NetScaler’s packet engine on each processor core (nCore technology) and runs as a kernel component on the NetScaler.

The functionality of the Packet Engine:

• Packet Processing
• Load Balancing
• SSL Processing
• Content Switching
• Compression
• Content Filtering
• Policy Evaluation
• DDoS Protection

So basically the Packet Processing Engine is responsible for all load balancing acceleration, server offload and security tasks.


These two components for the NetScaler enable us to do all the amazing stuff you can do with this device, basically your own imagination is the limitation of what this device can do (or the governance of the architecture it has to fit in ;-)).

The following two tabs change content below.

Kees Baggerman

Kees Baggerman is a Staff Solutions Architect for End User Computing at Nutanix. Kees has driven numerous Microsoft and Citrix, and RES infrastructures functional/technical designs, migrations, implementations engagements over the years.

One comment

  1. […] During the training on NetScaler 10 I became familiar with of the most important concepts of the NetScaler: The policy and packet engine.  […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.