How To Do Rate Limiting of Diameter Messages Using NetScaler

To configure rate limiting for Diameter messages:

  1. Configure a Diameter traffic selectors.
  2. Configure Limit identifiers to be applied on the Diameter traffic.

  1. Go to AppExpert > Rate Limiting > Selectors

    User-added image

  2. Click “Add” to initiate the creation of new Selector

    User-added image

  3. Give a name to the selector and click Insert to create the selector expression

    User-added image

  4. Click “Expression Editor” to add the selectlets

    User-added image
    Note: There is also a provision to type the whole expression manually in the text box below “Expression”

  5. Select DIAMETER to create expression (combination of selectlets) for DIAMETER traffic

    User-added image

  6. Select the next selectlet from the drop down and continue adding selectlets which will be used to analyse the traffic.

    User-added image

  7. Click Done to complete the creation of Expression.

    User-added image

  8. Click “Insert” to insert the expression into Selector.

    User-added image

  9. Click “Create” to create the selector

    User-added image

  10. Go to Rate Limiting > Limit Identifiers.

    User-added image

  11. Click “Add” to start creation of Limit Identifier.

    User-added image

  12. Select the Diameter selector which was created in the earlier step and fill the other required information (Name, mode, limit type etc) and click create to create the limit identifier which will be applied on the selector.


REQUEST_RATE – Tracks requests/timeslice.

CONNECTION – Tracks active transactions.

Limit Type:

SMOOTH – When you want the permitted number of requests in a given interval of time to be spread evenly across the timeslice

BURSTY – When you want the permitted number of requests to exhaust the quota anytime within the timeslice. This argument is needed only when the mode is set to REQUEST_RATE


Maximum number of requests that are allowed in the given timeslice when requests (mode is set as REQUEST_RATE) are tracked per timeslice. When connections (mode is set as CONNECTION) are tracked, it is the total number of connections that would be let through.

Time Slice(msec)

Time interval, in milliseconds, specified in multiples of 10, during which requests are tracked to check if they cross the threshold. This argument is needed only when the mode is set to REQUEST_RATE.


Number of traps to be sent in the timeslice configured. A value of 0 indicates that traps are disabled.


To permit 20 requests in 10 ms and 2 traps in 10 ms:

add limitidentifier limit_req -mode request_rate -limitType smooth -timeslice 1000 -Threshold 2000 -trapsInTimeSlice 200

Note: For information on the parameters, please click on User-added image which appears when the pointer is moved on to the fields.

User-added image

To create stream selector and limit identifier using command line interface

At the command prompt, type:

  • add stream selector <name> <rule>….

  • add ns limitIdentifier <limitIdentifiername> -threshold <positive_integer> -timeSlice <positive_integer> -mode <mode> -limitType ( BURSTY | SMOOTH ) -selectorName <string> -maxBandwidth <positive_integer> -trapsInTimeSlice <positive_integer>


User-added image

User-added image


Citrix Documentation – Examples of Rate-Based Policies.


  • No Related Posts

Leave a Reply