Skip to main content

Howdy!

I'd like a breakdown of how publishers make the best determination for traffic that is routed through them. I understand that you need a publisher CLOSET to the source of what you're trying to connect to (destination) however, there isn't anything that prevents me from adding ALL my publishrs to a private app. 
If I do this though, what happens exactly during the publisher selection? how does the traffic decide what the most efficient route is? What is the logic behind this routing? 

Also if there’s a “publisher” doc that I just haven't found that someone has, I’ll accept that as well :) 

 

thanks! 

 

When the Latency-based Publisher Selection feature is enabled, NPA will choose the Publisher closest to the user from the configured pool of Publishers, based on latency.


When not enabled: When a set of Publishers are defined within a Private App, connections are load balanced across the different Publishers.


Publisher Selection - Netskope Knowledge Portal


When the Latency-based Publisher Selection feature is enabled, NPA will choose the Publisher closest to the user from the configured pool of Publishers, based on latency.


When not enabled: When a set of Publishers are defined within a Private App, connections are load balanced across the different Publishers.


Publisher Selection - Netskope Knowledge Portal

 

When you say “load balanced across the different publishers” does that mean, theoretically, if I apply ALL of my publishers for a private app, it could possibly choose an inefficient publisher?

For ex: Say I have 6 publishers, all geographically spread across the US, and the destination of the private app is on the West coast, but I selected ALL publishers for this private app, load balancing could end up choosing the East coast publisher instead? 

Hope this makes sense. 


If you have Latency-based Publisher Selection then the publisher closest to the user will be selected. 

If you don't have it then round-robin - all in turn - possible publisher selection far away.


In the second case, a user from the US, can connect to a server that is a meter away from him through a publisher in Australia (If this is how the setup looks).


@cubiaz55

Just to add some additional context here as @ppp mentioned latency based Publisher selection prefers the Publisher closest to the user.  You can override this behavior by assigning more specific Publisher pools to applications in cases where you only want specific Publishers to provide access to specific applications.  So in your example you might use the West Coast Publishers to handle West Coast apps while you might have all Publishers assigned to other apps such as Active Directory. 


This was definitely helpful. Sounds like maybe I need to create publisher specific policies to ensure that traffic only uses the publisher I want it to use. 

Something like: 

  1. Access to Internal App - West Coast
    1. Publisher - West Coast
  2. Access to Internal App - East Coast
    1. Publisher - East Coast

so on and so forth. 

 


Reply