Skip to main content


Showing posts with the label netscaler

NetScaler Packet Forwarding Flowchart

NetScaler Topologies Comparison

Source: Understanding Common Network TopolgiesTopologyTwo-Arm (inline)Multiple SubnetsTransparentClient/Server IPon the different subnetson the same subnetVIPpublic subnetno VIPSNIPprivate subnetn/aNSIPprivate subnetpublic subnetMIPn/apublic subnetServer IPprivate subnetpublic subnet, configure the default gateway as the MIPLayer 2 Moden/amust enableUse SNIP Optionmust enablen/aOthersthe most commonly used topology

NetScaler Topologies Comparison

Source: Understanding Common Network TopolgiesTopologyTwo-Arm (inline)One-ArmMultiple SubnetsTransparentSingle SubnetMultiple SubnetsClient/Server IPon the different subnetson the same subneton the same subneton the different subnetsVIPpublic subnetno VIPon the NetScaleron the NetScalerSNIPprivate subnetn/an/aprivate subnetNSIPprivate subnetpublic subnetpublic subnetprivate subnetMIPn/apublic subnet

Citrix NetScaler Inject Client IP to HTTP Header

In the previous post, I mentioned that injecting the client source IP to the HTTP header as an alternative to pass the client IP to the web server without enabling “Use Source IP”. Here are the steps to do that.Configuration, System, Settings, Change HTTP parametersCheck the Enable checkbox under Client IP InsertionEnter the header name

Citrix NetScaler Source IP Mode - "Use Source IP"

By default, NetScaler load balancing traffic flow is
Source IP (client) --> Virtual Server IP — NetScaler — SNIP —> Web ServerThe web server sees the NetScaler’s SNIP as the source IP of the traffic. To let the web server sees the client IP address, enable “Use Source IP” under System, Settings, Configure Modes, check Use Source IP.However, some issues should be noted when enabling “Use Source IP”TCP multiplexing will be disabled TCP multiplexing allows the NetScaler appliance to have one connection to the webserver for all clients trafficEliminate the web server to manage the open & close connectionThe default gateway on the web servers should be set to the NetScaler’s SNIP When the web servers see the client source IP, they will look at their default routing table for the return traffic, instead of returning the traffic to the NetScalerWhen the web servers try to connect to a TCP connection with the client, the connection will be dropped by the clientAlternative to enable U…