Search This Blog

Showing posts with label netscaler. Show all posts
Showing posts with label netscaler. Show all posts

NetScaler Packet Forwarding Flowchart

Source: Configuring Modes of Packet Forwarding

NetScaler Topologies Comparison

Source: Understanding Common Network Topolgies

Topology Two-Arm (inline)
Multiple Subnets Transparent
Client/Server IP on the different subnets on the same subnet
VIP public subnet no VIP
SNIP private subnet n/a
NSIP private subnet public subnet
MIP n/a public subnet
Server IP private subnet public subnet, configure the default gateway as the MIP
Layer 2 Mode n/a must enable
Use SNIP Option must enable n/a
Others the most commonly used topology if the clients need to access the servers directly
NetScaler is placed between the client and the server
Diagram
clip_image002[6]
clip_image004[6]
Task Overiew Task overview: To deploy a NetScaler appliance in two-arm mode with multiple subnets

1. Configure the NSIP and default gateway, as described in "Configuring the NetScaler IP Address (NSIP)."
2. Configure the SNIP, as described in "Configuring Subnet IP Addresses."
3. Enable the USNIP option, as described in "To enable or disable USNIP mode."
4. Configure the virtual server and the services, as described in "Creating a Virtual Server" and "Configuring Services."
5. Connect one of the network interfaces to a private subnet and the other interface to a public subnet.
Task overview: To deploy a NetScaler in two-arm, transparent mode

1. Configure the NSIP, MIP, and default gateway, as described in "Configuring a NetScaler by Using the Command Line Interface."
2. Enable L2 mode, as described in "Enabling and Disabling Layer 2 Mode."
3. Configure the default gateway of the managed servers as the MIP.
4. Connect the network interfaces to the appropriate ports on the switch.
Topology One-Arm
Single Subnet Multiple Subnets
Client/Server IP on the same subnet on the different subnets
VIP on the NetScaler on the NetScaler
SNIP n/a private subnet
NSIP public subnet private subnet
MIP public subnet n/a
Server IP public subnet private subnet
Layer 2 Mode n/a n/a
Use SNIP Option n/a must enable
Others connect one of the NICs to switch connect one of the NICs to switch
Diagram
clip_image002[8]
clip_image004[8]
Task Overiew Task overview: To deploy a NetScaler in one-arm mode with a single subnet

1. Configure the NSIP, MIP, and the default gateway, as described in "Configuring the NetScaler IP Address (NSIP)".
2. Configure the virtual server and the services, as described in "Creating a Virtual Server" and "Configuring Services".
3. Connect one of the network interfaces to the switch.
Task overview: To deploy a NetScaler appliance in one-arm mode with multiple subnets

1. Configure the NSIP and the default gateway, as described in "Configuring the NetScaler IP Address (NSIP)".
2. Configure the SNIP and enable the USNIP option, as described in "Configuring Subnet IP Addresses".
3. Configure the virtual server and the services, as described in "Creating a Virtual Server" and "Configuring Services".
4. Connect one of the network interfaces to the switch.

NetScaler Topologies Comparison

Source: Understanding Common Network Topolgies

Topology Two-Arm (inline) One-Arm
Multiple Subnets Transparent Single Subnet Multiple Subnets
Client/Server IP on the different subnets on the same subnet on the same subnet on the different subnets
VIP public subnet no VIP on the NetScaler on the NetScaler
SNIP private subnet n/a n/a private subnet
NSIP private subnet public subnet public subnet private subnet
MIP n/a public subnet public subnet n/a
Server IP private subnet public subnet, configure the default gateway as the MIP public subnet private subnet
Layer 2 Mode n/a must enable n/a n/a
Use SNIP Option must enable n/a n/a must enable
Others the most commonly used topology if the clients need to access the servers directly
NetScaler is placed between the client and the server
connect one of the NICs to switch connect one of the NICs to switch
Diagram
clip_image002
clip_image004
clip_image006
clip_image008

Citrix NetScaler Inject Client IP to HTTP Header

In the previous post, I mentioned that injecting the client source IP to the HTTP header as an alternative to pass the client IP to the web server without enabling “Use Source IP”. Here are the steps to do that.

  • Configuration, System, Settings, Change HTTP parameters
  • Check the Enable checkbox under Client IP Insertion
  • Enter the header name

ns client ip insertion

Citrix NetScaler Source IP Mode - "Use Source IP"

By default, NetScaler load balancing traffic flow is
Source IP (client) --> Virtual Server IP — NetScaler — SNIP —> Web Server

The web server sees the NetScaler’s SNIP as the source IP of the traffic. To let the web server sees the client IP address, enable “Use Source IP” under System, Settings, Configure Modes, check Use Source IP.

However, some issues should be noted when enabling “Use Source IP”

  • TCP multiplexing will be disabled
    • TCP multiplexing allows the NetScaler appliance to have one connection to the webserver for all clients traffic
    • Eliminate the web server to manage the open & close connection
  • The default gateway on the web servers should be set to the NetScaler’s SNIP
    • When the web servers see the client source IP, they will look at their default routing table for the return traffic, instead of returning the traffic to the NetScaler
    • When the web servers try to connect to a TCP connection with the client, the connection will be dropped by the client
  • Alternative to enable Use Source IP
    • In general, I would recommend not to use USIP
    • Use inject HTTP header option to allow the NetScaler to inject the source IP header into the HTTP request (more information will be provided in the future post.)

Use WinSCP to Transfer Files in vCSA 6.7

This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...