Search This Blog
NetScaler Topologies Comparison
Source: Understanding Common Network Topolgies
Topology | One-Arm | |||||||||||
Single Subnet | Multiple Subnets | |||||||||||
Client/Server IP | on the same subnet | on the different subnets | ||||||||||
VIP | on the NetScaler | on the NetScaler | ||||||||||
SNIP | n/a | private subnet | ||||||||||
NSIP | public subnet | private subnet | ||||||||||
MIP | public subnet | n/a | ||||||||||
Server IP | public subnet | private subnet | ||||||||||
Layer 2 Mode | n/a | n/a | ||||||||||
Use SNIP Option | n/a | must enable | ||||||||||
Others | connect one of the NICs to switch | connect one of the NICs to switch | ||||||||||
Diagram | | | ||||||||||
Task Overiew | Task overview: To deploy a NetScaler in one-arm mode with a single subnet 1. Configure the NSIP, MIP, and the default gateway, as described in "Configuring the NetScaler IP Address (NSIP)". 2. Configure the virtual server and the services, as described in "Creating a Virtual Server" and "Configuring Services". 3. Connect one of the network interfaces to the switch. | Task overview: To deploy a NetScaler appliance in one-arm mode with multiple subnets 1. Configure the NSIP and the default gateway, as described in "Configuring the NetScaler IP Address (NSIP)". 2. Configure the SNIP and enable the USNIP option, as described in "Configuring Subnet IP Addresses". 3. Configure the virtual server and the services, as described in "Creating a Virtual Server" and "Configuring Services". 4. Connect one of the network interfaces to the switch. |
NetScaler Topologies Comparison
Source: Understanding Common Network Topolgies
Topology | Two-Arm (inline) | One-Arm | ||||||||||||||||||||||
Multiple Subnets | Transparent | Single Subnet | Multiple Subnets | |||||||||||||||||||||
Client/Server IP | on the different subnets | on the same subnet | on the same subnet | on the different subnets | ||||||||||||||||||||
VIP | public subnet | no VIP | on the NetScaler | on the NetScaler | ||||||||||||||||||||
SNIP | private subnet | n/a | n/a | private subnet | ||||||||||||||||||||
NSIP | private subnet | public subnet | public subnet | private subnet | ||||||||||||||||||||
MIP | n/a | public subnet | public subnet | n/a | ||||||||||||||||||||
Server IP | private subnet | public subnet, configure the default gateway as the MIP | public subnet | private subnet | ||||||||||||||||||||
Layer 2 Mode | n/a | must enable | n/a | n/a | ||||||||||||||||||||
Use SNIP Option | must enable | n/a | n/a | must enable | ||||||||||||||||||||
Others | the most commonly used topology | if the clients need to access the servers directly NetScaler is placed between the client and the server | connect one of the NICs to switch | connect one of the NICs to switch | ||||||||||||||||||||
Diagram | | | | |
Citrix NetScaler Inject Client IP to HTTP Header
In the previous post, I mentioned that injecting the client source IP to the HTTP header as an alternative to pass the client IP to the web server without enabling “Use Source IP”. Here are the steps to do that.
- Configuration, System, Settings, Change HTTP parameters
- Check the Enable checkbox under Client IP Insertion
- Enter the header name
Citrix NetScaler Source IP Mode - "Use Source IP"
By default, NetScaler load balancing traffic flow is
Source IP (client) --> Virtual Server IP — NetScaler — SNIP —> Web Server
The web server sees the NetScaler’s SNIP as the source IP of the traffic. To let the web server sees the client IP address, enable “Use Source IP” under System, Settings, Configure Modes, check Use Source IP.
However, some issues should be noted when enabling “Use Source IP”
- TCP multiplexing will be disabled
- TCP multiplexing allows the NetScaler appliance to have one connection to the webserver for all clients traffic
- Eliminate the web server to manage the open & close connection
- The default gateway on the web servers should be set to the NetScaler’s SNIP
- When the web servers see the client source IP, they will look at their default routing table for the return traffic, instead of returning the traffic to the NetScaler
- When the web servers try to connect to a TCP connection with the client, the connection will be dropped by the client
- Alternative to enable Use Source IP
- In general, I would recommend not to use USIP
- Use inject HTTP header option to allow the NetScaler to inject the source IP header into the HTTP request (more information will be provided in the future post.)
Use WinSCP to Transfer Files in vCSA 6.7
This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...
-
Recently, we created a new child domain in the existing AD forest with two new Windows Server 2012 R2 domain controllers. The AD authenticat...
-
find out the name of vSphere host running the stuck task if possible SSH to the vCenter Server server appliance service vmware-vpxd resta...
-
Updated on 07/13/2016. See the update this post, I might find the ultimate solution, even I am still not sure what the cause of the issue. ...