Search This Blog

Citrix NetScaler Source IP Mode - "Use Source IP"

By default, NetScaler load balancing traffic flow is
Source IP (client) --> Virtual Server IP — NetScaler — SNIP —> Web Server

The web server sees the NetScaler’s SNIP as the source IP of the traffic. To let the web server sees the client IP address, enable “Use Source IP” under System, Settings, Configure Modes, check Use Source IP.

However, some issues should be noted when enabling “Use Source IP”

  • TCP multiplexing will be disabled
    • TCP multiplexing allows the NetScaler appliance to have one connection to the webserver for all clients traffic
    • Eliminate the web server to manage the open & close connection
  • The default gateway on the web servers should be set to the NetScaler’s SNIP
    • When the web servers see the client source IP, they will look at their default routing table for the return traffic, instead of returning the traffic to the NetScaler
    • When the web servers try to connect to a TCP connection with the client, the connection will be dropped by the client
  • Alternative to enable Use Source IP
    • In general, I would recommend not to use USIP
    • Use inject HTTP header option to allow the NetScaler to inject the source IP header into the HTTP request (more information will be provided in the future post.)

No comments:

Post a Comment

Use WinSCP to Transfer Files in vCSA 6.7

This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...