Search This Blog

Citrix NetScaler Inject Client IP to HTTP Header

In the previous post, I mentioned that injecting the client source IP to the HTTP header as an alternative to pass the client IP to the web server without enabling “Use Source IP”. Here are the steps to do that.

  • Configuration, System, Settings, Change HTTP parameters
  • Check the Enable checkbox under Client IP Insertion
  • Enter the header name

ns client ip insertion

Citrix NetScaler Source IP Mode - "Use Source IP"

By default, NetScaler load balancing traffic flow is
Source IP (client) --> Virtual Server IP — NetScaler — SNIP —> Web Server

The web server sees the NetScaler’s SNIP as the source IP of the traffic. To let the web server sees the client IP address, enable “Use Source IP” under System, Settings, Configure Modes, check Use Source IP.

However, some issues should be noted when enabling “Use Source IP”

  • TCP multiplexing will be disabled
    • TCP multiplexing allows the NetScaler appliance to have one connection to the webserver for all clients traffic
    • Eliminate the web server to manage the open & close connection
  • The default gateway on the web servers should be set to the NetScaler’s SNIP
    • When the web servers see the client source IP, they will look at their default routing table for the return traffic, instead of returning the traffic to the NetScaler
    • When the web servers try to connect to a TCP connection with the client, the connection will be dropped by the client
  • Alternative to enable Use Source IP
    • In general, I would recommend not to use USIP
    • Use inject HTTP header option to allow the NetScaler to inject the source IP header into the HTTP request (more information will be provided in the future post.)

What is SHA1

SHA1 (Secure Hashing Algorithm 1) is a hashing algorithm to generate the digital signature (hash) of a document. The signature verifies who created the document (the signer) and that the document wasn’t altered. SHA1 is not an encryption algorithm. Examples of encryption algorithm are AES, DES, RC4, etc.

SHA1 is phasing out by the web browsers (Microsoft, Mozilla, Google) starting on January 1, 2016. The SSL certificate signed by SHA1 should be replaced with a new one signed by SHA2.

To check the SSL certificate on a web server, use

NetApp "HA GROUP ERROR: DISK/SHELF COUNT MISMATCH ERROR" Troubleshoot

We received an alert “HA GROUP ERROR: DISK/SHELF COUNT MISMATCH ERROR” from the NetApp filer (Model V3240, OS Version 8.1.2 [7-Mode]), one from each node in the NteApp cluster . The alert does not include much information which node has the problem or what goes wrong. It turns out that a disk in one of the nodes start failing. Here are some steps to help to identify the failing disk.

  • Option 1: Search CF-Monitor.txt (inside body.7z file attached in the alert) for “Mismatched disk”, and run disk show <disk_device_id>
  • Option 2: run disk show -v and look for “FAILED” disk
  • Option 3: run sysconfig -d and look for “Not available” under Disk Vital Product Information column
  • Option 4: run aggr status -r (or vol status -r) and look for “Maintenance disks”

Apple OS X Window Management Application

Windows 7 or later has the built-in shortcut to arrange / snap windows - Windows key + Arrow key. OS X does not have this kind of shortcut. A few third party applications are available to fill the gap (see the list below). I tested ShiftIt. It does not have the complete features like other paid apps, but it’s completely free and offers the similar keyboard shortcuts like Windows 7.

ShiftIt’s default keyboard combination is Control + Option + Command + Arrow key.

Other windows management applications

Apple MAC Keyboard Shortcut Key

Comparing with the Windows keyboard, the Apple MAC keyboard is missing some useful keys. This post collects the shortcut keys I learned, and will be updated as I know more. These keys are tested under OS X El Capitan, version 10.11.1.

  • Fn + F11: hide / unhide opened windows; = Show Desktop shortcut in Windows
  • Fn + Left Arrow: = Home (works in Microsoft Word, but does not work in OneNote)
  • Command + Left Arrow: = Home (works in both Microsoft Word and OneNote)
  • Fn + Right Arrow: = End (works in Microsoft Word, but does not work in OneNote)
  • Command + Right Arrow: = End (works in both Microsoft Word and OneNote)
  • Delete: = Backspace in Windows
  • Fn + Delete: = Delete in Windows

This Apple document includes many keyboard shortcuts
https://support.apple.com/en-us/HT201236

This How-To Geek article includes some keyboard shortcuts
http://www.howtogeek.com/188530/a-windows-users-guide-to-mac-os-x-keyboard-shortcuts/

Install ESXi Host Update from Command Line

The easiest way to install ESXi host update is via Update Manager. However, if you don’t have Update Manager installed in the environment (e.g. the lab), or Update Manager does not have the access to the Internet, installing the update via the command line is quiet handy.

Follow the instruction on this VMware KB. The following is a short summary.

  1. Find the needed update by comparing the build number on the host with this site web or this VMware KB
  2. Download the ESXi update for the VMware patch portal. Normally it’s a ZIP file.
  3. Upload the ZIP file to the local storage on the host
  4. Power off the VMs on the host or migrate to another host
  5. Put the host in the maintenance mode
  6. Enable SSH on the host
  7. SSH to the host
  8. Run esxcli software vib update -d /vmfs/volumes/DataStore/DirectoryName/PatchName.zip
    if it’s a VIB file, run esxcli software vib update -v /vmfs/volumes/DataStore/DirectoryName/PatchName.vib
  9. Verify the update is installed, esxcli software vib list
  10. Run reboot
  11. Exit the maintenance mode

Use WinSCP to Transfer Files in vCSA 6.7

This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...