Cisco Citrix NetScaler 1000V User guide

  • Hello! I am an AI chatbot trained to assist you with the Cisco Citrix NetScaler 1000V User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Cisco Systems, Inc.
www.cisco.com
Cisco has more than 200 offices worldwide.
Addresses, phone numbers, and fax numbers
are listed on the Cisco website at
www.cisco.com/go/offices.
Citrix NetScaler 1000V
Administration Guide
Citrix NetScaler 10.5
December 11, 2014
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant
to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required
to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant
to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates,
uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.
However, there is no guarantee that interference will not occur in a particular installation. If the equipment causes interference to radio or television reception, which can be
determined by turning the equipment off and on, users are encouraged to try to correct the interference by using one or more of the following measures:
Reorient or relocate the receiving antenna.
Increase the separation between the equipment and receiver.
Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
Consult the dealer or an experienced radio/TV technician for help.
Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Citrix and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the United States Patent
and Trademark Office and in other countries. All other product names, company names, marks, logos, and symbols are trademarks of their respective owners.
© 2014 Cisco Systems, Inc. All rights reserved.
Contents
1 Basic Operations.....................................................................................21
Viewing and Saving Configurations..........................................................22
To view the running configuration by using the command line interface.............. 22
To view the running configuration by using the configuration utility................... 22
To find the difference between two configuration files by using the command line
interface................................................................................. 22
To find the difference between two configuration files by using the configuration
utility..................................................................................... 22
To save configurations by using the command line interface..........................22
To save configurations by using the configuration utility...............................23
To view the saved configurations by using the command line interface...............23
To view the saved configurations by using the configuration utility....................23
Clearing the NetScaler Configuration........................................................23
To clear the configuration by using the command line interface.......................24
To clear the configuration by using the configuration utility............................24
Configuring Clock Synchronization.......................................................... 24
Setting Up Clock Synchronization......................................................24
To add an NTP server by using the command line interface..................... 24
To configure an NTP server by using the configuration utility.................... 25
Starting the NTP Daemon.............................................................. 25
To enable NTP synchronization by using the command line interface...........25
To enable NTP synchronization by using the configuration utility................25
Configuring Clock Synchronization Manually.......................................... 25
To enable clock synchronization on your NetScaler by modifying the
ntp.conf file.........................................................................25
Configuring System Session Timeout....................................................... 26
Viewing the System Date and Time..........................................................28
To view the system date and time by using the command line interface..............28
To view the system date and time by using the configuration utility...................28
Backing up and Restoring the NetScaler Appliance........................................ 28
Backing up a NetScaler Appliance..................................................... 29
iii
To backup the NetScaler by using the NetScaler command line interface.......30
To backup the NetScaler by using the configuration utility....................... 31
Restoring the NetScaler Appliance.....................................................31
To restore the NetScaler by using the command line interface...................31
To restore the NetScaler by using the configuration utility........................32
Restarting or Shutting down the Appliance..................................................32
To restart the NetScaler by using the command line interface.........................32
To restart the NetScaler by using the configuration utility..............................32
To shut down the NetScaler by using the command line interface.................... 33
2 Administration........................................................................................35
Authentication and Authorization............................................................ 37
Configuring Users and Groups......................................................... 37
Configuring User Accounts........................................................37
Configuring User Groups.......................................................... 38
Configuring Command Policies.........................................................39
Built-in Command Policies.........................................................39
Creating Custom Command Policies..............................................40
Binding Command Policies to Users and Groups................................ 42
Resetting the Default Administrator (nsroot) Password................................43
To reset the nsroot password......................................................44
Example of a User Scenario............................................................45
Configuration steps................................................................ 46
Configuring External User Authentication..............................................47
Configuring LDAP Authentication................................................. 47
Configuring RADIUS Authentication.............................................. 50
Configuring TACACS+ Authentication.............................................51
Binding the Authentication Policies to the System Global Entity.................52
TCP Configurations.......................................................................... 52
Setting Global TCP Parameters........................................................ 54
Default TCP profile.................................................................54
Global TCP command............................................................. 54
TCP buffering feature..............................................................55
Setting Service or Virtual Server Specific TCP Parameters........................... 55
To specify service or virtual server level TCP configurations by using the
command line interface............................................................56
To specify service or virtual server level TCP configurations by using the
configuration utility.................................................................56
Built-in TCP Profiles.....................................................................56
Sample TCP Configurations............................................................ 58
Contents
iv
Defending TCP against spoofing attacks......................................... 58
Explicit Congestion Notification (ECN)............................................58
Selective ACKnowledgment (SACK)..............................................59
Window Scaling (WS) .............................................................59
Maximum Segment Size (MSS)...................................................59
NetScaler to learn the MSS of a virtual server ................................... 59
TCP keep-alive.....................................................................59
Buffer size - using TCP profile ....................................................59
Buffer size - using TCP buffering feature .........................................60
MPTCP.............................................................................60
Congestion control.................................................................60
Dynamic receive buffering.........................................................60
HTTP Configurations.........................................................................60
Setting Global HTTP Parameters.......................................................61
Default HTTP profile............................................................... 61
Global HTTP command............................................................61
Setting Service or Virtual Server Specific HTTP Parameters..........................62
To specify service or virtual server level HTTP configurations by using the
command line interface............................................................62
To specify service or virtual server level HTTP configurations by using the
configuration utility.................................................................63
Built-in HTTP Profiles................................................................... 63
Sample HTTP Configurations...........................................................63
HTTP band statistics...............................................................63
WebSocket connections...........................................................64
SNMP.........................................................................................64
Importing MIB Files to the SNMP Manager and Trap Listener........................ 65
Configuring the NetScaler to Generate SNMP Traps..................................65
Enabling an SNMP Alarm......................................................... 65
Configuring Alarms.................................................................66
Configuring SNMPv1 or SNMPv2 Traps.......................................... 67
Enabling Unconditional SNMP Trap Logging..................................... 68
Configuring SNMPv3 Traps.............................................................68
To configure an SNMPv3 trap by using the command line interface ............ 68
To configure an SNMPv3 trap by using the configuration utility..................69
Configuring the NetScaler for SNMP v1 and v2 Queries.............................. 69
Specifying an SNMP Manager.................................................... 70
Specifying an SNMP Community..................................................71
Configuring SNMP Alarms for Rate Limiting........................................... 72
Configuring an SNMP Alarm for Throughput or PPS.............................72
Citrix NetScaler System Guide
v
Configuring SNMP Alarm for Dropped Packets...................................73
Configuring the NetScaler for SNMPv3 Queries.......................................74
Setting the Engine ID.............................................................. 75
Configuring a View.................................................................75
Configuring a Group............................................................... 76
Configuring a User.................................................................76
Audit Logging.................................................................................77
Configuring the NetScaler Appliance for Audit Logging................................78
Configuring Audit Servers......................................................... 78
Configuring Audit Policies......................................................... 79
Binding the Audit Policies Globally................................................80
Configuring Policy-Based Logging................................................ 81
Installing and Configuring the NSLOG Server......................................... 82
Installing NSLOG Server on the Linux Operating System........................83
Installing NSLOG Server on the FreeBSD Operating System....................84
Installing NSLOG Server Files on the Windows Operating System..............85
NSLOG Server Command Options................................................86
Adding the NetScaler Appliance IP Addresses on the NSLOG Server.......... 88
Verifying the NSLOG Server Configuration File...................................88
Running the NSLOG Server............................................................ 88
To start audit server logging....................................................... 88
To stop audit server logging that starts as a background process in
FreeBSD or Linux..................................................................89
To stop audit server logging that starts as a service in Windows.................89
Customizing Logging on the NSLOG Server...........................................89
Creating Filters.....................................................................89
Specifying Log Properties......................................................... 90
Default Settings for the Log Properties.................................................92
Sample Configuration File (audit.conf)................................................. 92
Web Server Logging..........................................................................93
Configuring the NetScaler for Web Server Logging....................................93
To configure web server logging by using the command line interface.......... 93
To configure web server logging by using the configuration utility............... 94
Installing the NetScaler Web Logging (NSWL) Client..................................94
Downloading the NSWL Client.................................................... 96
Installing the NSWL Client on a Solaris System..................................96
Installing the NSWL Client on a Linux System....................................97
Installing the NSWL Client on a FreeBSD System............................... 98
Installing the NSWL Client on a Mac System.....................................98
Installing the NSWL Client on a Windows System................................99
Contents
vi
Installing the NSWL Client on a AIX System......................................99
Configuring the NSWL Client..........................................................100
Adding the IP Addresses of the NetScaler Appliance...........................101
Verifying the NSWL Configuration File...........................................102
Running the NSWL Client........................................................102
Customizing Logging on the NSWL Client System...................................103
Sample Configuration File........................................................103
Creating Filters................................................................... 105
Specifying Log Properties........................................................107
Understanding the NCSA and W3C Log Formats...............................109
Creating a Custom Log Format.................................................. 114
Arguments for Defining a Custom Log Format.................................. 116
Time Format Definition........................................................... 119
Reporting Tool...............................................................................121
Using the Reporting Tool.............................................................. 122
To invoke the Reporting tool......................................................122
Working with Reports.............................................................122
Working with Charts..............................................................126
Examples......................................................................... 130
Stopping and Starting the Data Collection Utility..................................... 131
To stop nscollect..................................................................131
To start nscollect on the local system............................................131
3 AppFlow.............................................................................................133
How AppFlow Works........................................................................135
Flow Records.......................................................................... 136
Templates.............................................................................. 136
EIEs for web page performance data............................................137
EIEs for database information ...................................................137
Configuring the AppFlow Feature.......................................................... 138
Enabling AppFlow..................................................................... 138
To enable the AppFlow feature by using the command line interface.......... 139
To enable the AppFlow feature by using the configuration utility............... 139
Specifying a Collector................................................................. 139
To specify a collector by using the command line interface.....................139
To specify a collector by using the configuration utility..........................139
Configuring an AppFlow Action....................................................... 139
To configure an AppFlow action by using the command line interface......... 140
.................................................................................... 140
To configure an AppFlow action by using the configuration utility.............. 140
Citrix NetScaler System Guide
vii
Configuring an AppFlow Policy........................................................140
To configure an AppFlow policy by using the command line interface..........140
To configure an AppFlow policy by using the configuration utility...............141
To add an expression by using the Add Expression dialog box.................141
Binding an AppFlow Policy............................................................ 141
To globally bind an AppFlow policy by using the command line interface......142
To bind an AppFlow policy to a specific virtual server by using the command
line interface...................................................................... 142
To globally bind an AppFlow policy by using the configuration utility........... 142
To bind an AppFlow policy to a specific virtual server by using the
configuration utility................................................................142
Enabling AppFlow for Virtual Servers.................................................142
To enable AppFlow for a virtual server by using the command line interface.. 143
To enable AppFlow for a virtual server by using the configuration utility....... 143
Enabling AppFlow for a Service.......................................................143
To enable AppFlow for a service by using the command line interface.........143
To enable AppFlow for a service by using the configuration utility..............143
Setting the AppFlow Parameters......................................................143
To set the AppFlow Parameters by using the command line interface......... 144
To set the AppFlow parameters by using the configuration utility...............144
Example: Configuring AppFlow for DataStream......................................144
Exporting Performance Data of Web Pages to AppFlow Collector........................145
Prerequisites for Exporting Performance Data of Web Pages to AppFlow
Collectors.............................................................................. 145
Associating an AppFlow Action with the EdgeSight Monitoring Responder Policy..146
To associate an AppFlow action with the EdgeSight Monitoring Responder
policy by using the command line interface......................................146
To associate an AppFlow action with the EdgeSight Monitoring Responder
policy by using the configuration utility...........................................146
Configuring a Virtual Server to Export EdgeSight Statistics to Appflow
Collectors......................................................................... 147
4 AutoScale: Automatic Scaling in the Citrix CloudPlatform Environment......................149
How AutoScale Works......................................................................151
Supported Environment.....................................................................152
Prerequisites................................................................................ 152
NetScaler Configuration Details............................................................ 152
Troubleshooting.............................................................................157
The AutoScale configuration was successfully configured in CloudPlatform. Yet,
the minimum number of VMs has not been created. ................................ 157
Contents
viii
The AutoScale configuration is rapidly spawning a large number of VMs...........158
When I ran the top command on my VM, I noticed that the CPU usage on my
VM had breached the threshold that was configured for the scale-up action in
AutoScale. Yet, the application is not scaling up......................................158
One or more additional VMs have been created, but they are not accepting
traffic (that is, VMs have been created, but the average value of the metrics is
still above the threshold) ..............................................................158
The AutoScale configuration has been deleted, but the VMs continue to exist......159
5 Clustering............................................................................................161
NetScaler Features Supported on a Cluster............................................... 162
Hardware and Software Requirements.....................................................166
How Clustering Works...................................................................... 167
Synchronization Across Cluster Nodes............................................... 167
Striped, Partially Striped, and Spotted Configurations................................168
Communication in a Cluster Setup....................................................169
Traffic Distribution in a Cluster Setup................................................. 171
Cluster Nodegroups................................................................... 173
Nodegroup - For Spotted and Partially-Striped Configurations................. 173
Nodegroup - For Datacenter Redundancy.......................................176
Cluster and Node States.............................................................. 177
Routing in a Cluster....................................................................179
Setting up a NetScaler Cluster............................................................. 180
Setting up Inter-Node Communication................................................180
To set up the cluster backplane, do the following for every node...............181
Creating a NetScaler Cluster..........................................................182
To create a cluster by using the command line interface........................182
To create a cluster by using the configuration utility.............................183
Adding a Node to the Cluster..........................................................183
To add a node to the cluster by using the command line interface............. 184
To add a node to the cluster by using the configuration utility.................. 185
To join a previously added node to the cluster by using the configuration
utility...............................................................................185
Removing a Cluster Node.............................................................185
To remove a cluster node by using the command line interface................186
To remove a cluster node by using the configuration utility..................... 186
Viewing the Details of a Cluster.......................................................186
To view details of a cluster instance by using the command line interface.....186
To view details of a cluster node by using the command line interface.........186
To view details of a cluster instance by using the configuration utility.......... 186
Citrix NetScaler System Guide
ix
To view details of a cluster node by using the configuration utility..............187
Distributing Traffic Across Cluster Nodes.................................................. 187
Using Equal Cost Multiple Path (ECMP)..............................................187
To configure ECMP on the cluster by using the command line interface.......188
Use Case: ECMP with BGP Routing.............................................190
Using Linksets......................................................................... 191
To configure a linkset by using the command line interface.....................193
To configure a linkset by using the configuration utility..........................194
Managing the NetScaler Cluster............................................................194
Configuring a Nodegroup to Define Spotted and Partially-Striped Configurations.. 194
To configure a node group by using the command line interface............... 194
To configure a node group by using the configuration utility ....................195
Configuring Nodegroups for Datacenter Redundancy................................196
Disabling a Cluster Node..............................................................197
To disable a cluster node by using the command line interface................ 197
To disable a cluster node by using the configuration utility......................197
Discovering NetScaler Appliances.................................................... 198
To discover appliances by using the configuration utility........................198
Viewing the Statistics of a Cluster.....................................................198
To view the statistics of a cluster instance by using the command line
interface...........................................................................198
To view the statistics of a cluster node by using the command line interface.. 198
To view the statistics of a cluster instance by using the configuration utility....199
To view the statistics of a cluster node by using the configuration utility....... 199
Synchronizing Cluster Configurations.................................................199
To synchronize cluster configurations by using the command line interface... 199
To synchronize cluster configurations by using the configuration utility........ 199
Synchronizing Cluster Files........................................................... 200
To synchronize cluster files by using the command line interface.............. 201
To synchronize cluster files by using the configuration utility................... 201
Synchronizing Time on Cluster Nodes................................................201
To enable/disable PTP by using the command line interface................... 201
To enable/disable PTP by using the configuration utility........................ 201
Upgrading or Downgrading the Cluster Software.....................................202
To upgrade or downgrade the software of the cluster nodes....................202
Use Cases...................................................................................203
Creating a Two-Node Cluster..........................................................203
Migrating an HA Setup to a Cluster Setup............................................204
To convert a HA setup to cluster setup by using the NetScaler command line 204
Migrating an HA Setup to a Cluster Setup without Downtime........................205
Contents
x
To convert a HA setup to cluster setup (without downtime) by using the
NetScaler command line......................................................... 206
Setting Up GSLB in a Cluster......................................................... 208
To set up GSLB in a cluster by using the command line interface..............208
Using Cache Redirection in a Cluster.................................................210
Using L2 Mode in a Cluster Setup.................................................... 210
Backplane on LA Channel.............................................................210
Common Interfaces for Client and Server and Dedicated Interfaces for Backplane 212
Common Switch for Client, Server, and Backplane...................................213
Common Switch for Client and Server and Dedicated Switch for Backplane........216
Different Switch for Every Node.......................................................218
Sample Cluster Configurations........................................................218
Troubleshooting the NetScaler Cluster.....................................................221
Tracing the Packets of a NetScaler Cluster...........................................221
To trace packets of a standalone appliance..................................... 222
To trace packets of a cluster..................................................... 222
Merge multiple trace files.........................................................223
Examples......................................................................... 223
Troubleshooting Common Issues..................................................... 224
Clustering FAQs.............................................................................227
Operations Not Propagated to Cluster Nodes............................................. 231
Operations Supported on Individual Cluster Nodes........................................231
6 High Availability.....................................................................................233
Considerations for a High Availability Setup............................................... 235
Configuring High Availability................................................................236
Adding a Remote Node................................................................237
To add a node by using the command line interface............................ 237
To disable an HA monitor by using the command line interface................ 238
To add a remote node by using the configuration utility.........................238
Disabling or Enabling a Node......................................................... 238
To disable or enable a node by using the command line interface............. 238
To disable or enable a node by using the configuration utility...................238
Removing a Node......................................................................239
To remove a node by using the command line interface........................239
To remove a node by using the configuration utility............................. 239
Configuring the Communication Intervals..................................................239
To set the hello and dead intervals by using the command line interface............239
To set the hello and dead intervals by using the configuration utility.................239
Configuring Synchronization................................................................240
Citrix NetScaler System Guide
xi
Disabling or Enabling Synchronization................................................240
To disable or enable automatic synchronization by using the command line
interface...........................................................................240
To disable or enable synchronization by using the configuration utility.........240
Forcing the Secondary Node to Synchronize with the Primary Node................240
To force synchronization by using the command line interface................. 241
To force synchronization by using the configuration utility...................... 241
Synchronizing Configuration Files in a High Availability Setup............................241
To synchronize files in a high availability setup by using the command line
interface................................................................................241
To synchronize files in a high availability setup by using the configuration utility....242
Configuring Command Propagation........................................................242
To disable or enable command propagation by using the command line interface..242
To disable or enable command propagation by using the configuration utility.......242
Configuring Fail-Safe Mode.................................................................243
To enable fail-safe mode by using the command line interface...................... 244
To enable fail-safe mode by using the configuration utility........................... 244
Configuring Virtual MAC Addresses........................................................244
Configuring IPv4 VMACs..............................................................245
Creating or Modifying an IPv4 VMAC............................................245
Removing an IPv4 VMAC........................................................246
Configuring IPv6 VMAC6s.............................................................246
Creating or Modifying a VMAC6................................................. 246
Removing a VMAC6..............................................................247
Configuring High Availability Nodes in Different Subnets..................................248
Adding a Remote Node................................................................249
To add a node by using the command line interface............................ 249
To disable an HA monitor by using the command line interface................ 250
To add a remote node by using the configuration utility.........................250
Removing a Node......................................................................250
To remove a node by using the command line interface........................250
To remove a node by using the configuration utility............................. 251
Configuring Route Monitors.................................................................251
Adding a Route Monitor to a High Availability Node..................................251
To add a route monitor by using the command line interface................... 251
To add a route monitor by using the configuration utility........................ 251
Removing Route Monitors.............................................................251
To remove a route monitor by using the command line interface...............252
To remove a route monitor by using the configuration utility....................252
Limiting Failovers Caused by Route Monitors in non-INC mode..........................252
Contents
xii
Configuring FIS............................................................................. 254
Creating or Modifying an FIS..........................................................254
To add an FIS and bind interfaces to it by using the command line interface.. 254
To unbind an interface from an FIS by using the command line interface......255
To configure an FIS by using the configuration utility............................255
Removing an FIS...................................................................... 255
To remove an FIS by using the command line interface........................ 255
To remove an FIS by using the configuration utility............................. 255
Understanding the Causes of Failover..................................................... 255
Forcing a Node to Fail Over................................................................ 256
Forcing the Secondary Node to Stay Secondary.......................................... 258
To force the secondary node to stay secondary by using the command line
interface................................................................................258
To force the secondary node to stay secondary by using the configuration utility...258
Forcing the Primary Node to Stay Primary.................................................258
To force the primary node to stay primary by using the command line interface.... 259
To force the primary node to stay primary by using the configuration utility......... 259
Understanding the High Availability Health Check Computation..........................259
High Availability............................................................................. 260
Troubleshooting High Availability Issues .................................................. 262
7 Networking.......................................................................................... 267
IP Addressing............................................................................... 268
Configuring NetScaler-Owned IP Addresses ........................................ 268
Configuring the NetScaler IP Address (NSIP) .................................. 268
Configuring and Managing Virtual IP (VIP) Addresses .........................269
Configuring ARP response Suppression for Virtual IP addresses (VIPs).......272
Configuring Subnet IP Addresses (SNIPs) ......................................274
Configuring Mapped IP Addresses (MIPs) ......................................281
Configuring GSLB Site IP Addresses (GSLBIP) ................................283
Removing a NetScaler-Owned IP Address ..................................... 283
Configuring Application Access Controls ....................................... 284
How the NetScaler Proxies Connections .............................................286
How the Destination IP Address Is Selected ....................................286
How the Source IP Address Is Selected ........................................ 287
Enabling Use Source IP Mode ........................................................287
Recommended Usage............................................................289
To globally enable or disable USIP mode by using the command line
interface...........................................................................289
To enable USIP mode for a service by using the command line interface......290
Citrix NetScaler System Guide
xiii
To globally enable or disable USIP mode by using the configuration utility.... 290
To enable USIP mode for a service by using the configuration utility...........290
Configuring Network Address Translation ............................................290
Configuring INAT................................................................. 290
Coexistence of INAT and Virtual Servers ....................................... 292
Stateless NAT46 Translation.....................................................293
DNS64............................................................................ 297
Stateful NAT64 Translation.......................................................303
Configuring RNAT................................................................ 307
RNAT in USIP, USNIP, and LLB Modes .........................................311
Configuring RNAT for IPv6 Traffic................................................312
Configuring Prefix-Based IPv6-IPv4 Translation................................ 313
Configuring Static ARP ............................................................... 315
To add a static ARP entry by using the command line interface................315
To remove a static ARP entry by using the command line interface............315
To add a static ARP entry by using the configuration utility.....................315
Setting the Timeout for Dynamic ARP Entries........................................315
To set the time-out for dynamic ARP entries by using the command line
interface...........................................................................315
To set the time-out for dynamic ARP entries to its default value by using the
command line interface...........................................................316
To set the time-out for dynamic ARP entries by using the configuration utility 316
Configuring Neighbor Discovery ......................................................316
Adding IPv6 Neighbors .......................................................... 317
Removing IPv6 Neighbors .......................................................318
Configuring IP Tunnels................................................................ 318
NetScaler as an Encapsulator (Load Balancing with DSR Mode).............. 319
NetScaler as a Decapsulator.....................................................319
Creating IP Tunnels.............................................................. 319
Customizing IP Tunnels Globally.................................................320
Interfaces....................................................................................321
Configuring MAC-Based Forwarding..................................................321
To enable or disable MAC-based forwarding by using the command line
interface...........................................................................323
Configuring Network Interfaces....................................................... 323
Setting the Network Interface Parameters.......................................323
Enabling and Disabling Network Interfaces......................................325
Resetting Network Interfaces.................................................... 326
Monitoring a Network Interface.................................................. 326
Configuring Forwarding Session Rules............................................... 327
Contents
xiv
To create an IPv4 forwarding session rule by using the command line
interface...........................................................................328
To configure an IPv4 forwarding session rule by using the configuration
utility...............................................................................328
To create an IPv6 forwarding session rule by using the command line
interface...........................................................................328
To configure an IPv6 forwarding session rule by using the configuration
utility...............................................................................329
Understanding VLANs.................................................................329
Applying Rules to Classify Frames.............................................. 330
Configuring a VLAN....................................................................331
Creating or Modifying a VLAN................................................... 332
Monitoring VLANS................................................................333
Configuring VLANs in an HA Setup .............................................333
Configuring VLANs on a Single Subnet .........................................334
Configuring VLANs on Multiple Subnets ........................................334
Configuring Multiple Untagged VLANs across Multiple Subnets ...............335
Configuring Multiple VLANs with 802.1q Tagging............................... 336
Configuring NSVLAN.................................................................. 338
To configure NSVLAN by using the command line interface....................338
To restore the default NSVLAN configuration by using the command line
interface...........................................................................338
To configure NSVLAN by using the configuration utility.........................339
Configuring Bridge Groups............................................................ 339
To add a bridge group and bind VLANs by using the command line interface. 339
To remove a bridge group by using the command line interface................340
To configure a bridge group by using the configuration utility .................. 340
Configuring VMACs....................................................................340
Configuring Link Aggregation..........................................................340
Configuring Link Aggregation by Using the Link Aggregation Control
Protocol...........................................................................341
Configuring Link Redundancy using LACP channels........................... 343
Binding an SNIP address to an Interface............................................. 346
To configure the example settings............................................... 348
Monitoring the Bridge Table and Changing the Aging time...........................350
To change the aging time by using the command line interface................ 351
To change the aging time by using the configuration utility..................... 351
To view the statistics of a bridge table by using the command line interface...351
To view the statistics of a bridge table by using the configuration utility........351
Understanding NetScaler Appliances in Active-Active Mode Using VRRP..........351
Citrix NetScaler System Guide
xv
Health Tracking...................................................................353
Preemption........................................................................354
Sharing............................................................................354
Configuring Active-Active Mode.......................................................354
Adding a VMAC...................................................................354
Configuring Send to Master......................................................355
An Active-Active Deployment Scenario..........................................357
Using the Network Visualizer..........................................................358
To open the Network Visualizer..................................................359
To locate a VLAN or bridge group in the Visualizer............................. 359
To modify the network settings of the appliance by using the Visualizer....... 360
To add a channel by using the Visualizer........................................360
To add a VLAN by using the Visualizer.......................................... 360
To add a bridge group by using the Visualizer...................................360
To modify the settings of an interface or channel by using the Visualizer...... 360
To enable or disable an interface or channel by using the Visualizer...........360
To remove a configured channel, VLAN, or bridge group by using the
Visualizer......................................................................... 361
To view statistics for a node, channel, interface, or VLAN by using the
Visualizer......................................................................... 361
To set up an HA deployment by using the Visualizer............................361
To force the secondary node to take over as the primary by using the
Visualizer......................................................................... 361
To synchronize the secondary node's configuration with the primary node
by using the Visualizer........................................................... 361
To remove the peer node from the HA configuration............................361
To copy the properties of a node or network entity by using the Visualizer.....361
Configuring Link Layer Discovery Protocol........................................... 361
Jumbo Frames.........................................................................364
Configuring Jumbo Frames Support on a NetScaler Appliance................ 365
Use Case 1 – Jumbo to Jumbo Setup...........................................367
Configuration Tasks.............................................................. 369
Use Case 2 – Non-Jumbo to Jumbo Setup......................................370
Configuration Tasks.............................................................. 373
Use Case 3 – Coexistence of Jumbo and Non-Jumbo flows on the Same
Set of Interfaces.................................................................. 374
Configuration Tasks.............................................................. 379
Jumbo Frames.............................................................................. 381
Configuring Jumbo Frames Support on a NetScaler Appliance......................382
Use Case 1 – Jumbo to Jumbo Setup................................................ 383
Contents
xvi
Configuration Tasks....................................................................386
Use Case 2 – Non-Jumbo to Jumbo Setup...........................................387
Configuration Tasks....................................................................390
Use Case 3 – Coexistence of Jumbo and Non-Jumbo flows on the Same Set of
Interfaces...............................................................................391
Configuration Tasks....................................................................396
Access Control Lists........................................................................ 398
ACL Precedence ......................................................................399
Configuring Simple ACLs .............................................................399
Creating Simple ACLs ........................................................... 400
Monitoring Simple ACLs .........................................................400
Removing Simple ACLs ......................................................... 401
Configuring Extended ACLs .......................................................... 401
Creating and Modifying an Extended ACL ......................................402
Applying an Extended ACL ......................................................403
Disabling and Enabling Extended ACLs ........................................ 403
Renumbering the priority of Extended ACLs ....................................404
Configuring Extended ACL Logging .............................................405
Monitoring the Extended ACL ................................................... 406
Removing Extended ACLs ...................................................... 407
Configuring Simple ACL6s............................................................ 408
Creating Simple ACL6s.......................................................... 408
Monitoring Simple ACL6s........................................................ 409
Configuring ACL6s ....................................................................410
Creating and Modifying ACL6s ..................................................410
Applying ACL6s ..................................................................410
Enabling and Disabling ACL6s .................................................. 411
Renumbering the Priority of ACL6s ............................................. 412
Monitoring ACL6s ................................................................413
Removing ACL6s ................................................................ 414
Terminating Established Connections.................................................414
To terminate all established IPv4 connections that match any of your
configured simple ACLs by using the command line interface..................415
To terminate all established IPv4 connections that match any of your
configured simple ACLs by using the configuration utility.......................415
To terminate all established IPv6 connections that match any of your
configured simple ACL6s by using the command line interface................ 415
To terminate all established IPv6 connections that match any of your
configured simple ACL6s by using the configuration utility..................... 415
IP Routing...................................................................................415
Citrix NetScaler System Guide
xvii
Dynamic Routing Protocol Command Reference Guides and Unsupported
Commands.............................................................................416
Configuring Static Routes .............................................................417
Weighted Static Routes.......................................................... 417
Null Routes....................................................................... 418
Configuring IPv4 Static Routes ..................................................418
Configuring IPv6 Static Routes ..................................................419
Route Health Injection Based on Virtual Server Settings.............................420
Configuring Policy-Based Routes .................................................... 422
Configuring a Policy-Based Routes (PBR) for IPv4 Traffic......................423
Configuring a Policy-Based Routes (PBR6) for IPv6 Traffic.................... 429
Internet Protocol version 6 (IPv6)...........................................................432
Implementing IPv6 Support............................................................433
To enable or disable IPv6 by using the command line interface................434
To enable or disable IPv6 by using the configuration utility..................... 434
VLAN Support..........................................................................434
Simple Deployment Scenario..........................................................434
To create IPv4 services by using the command line interface.................. 436
To create IPv4 services by using the configuration utility....................... 436
To create IPv6 vserver by using the command line interface................... 437
To create IPv6 vserver by using the configuration utility........................ 437
To bind a service to an LB vserver by using the command line interface.......437
To bind a service to an LB vserver by using the configuration utility............438
Host Header Modification..............................................................438
To change the IPv6 address in the host header to an IPv4 address by using
the command line interface...................................................... 438
To change the IPv6 address in the host header to an IPv4 address by using
the configuration utility............................................................438
VIP Insertion........................................................................... 438
To configure a mapped IPv6 address by using the command line interface....439
To configure a mapped IPv6 address by using the configuration utility.........439
To enable VIP insertion by using the command line interface.................. 439
To enable VIP insertion by using the configuration utility........................439
Traffic Domains............................................................................. 440
Benefits of using Traffic Domains..................................................... 440
Default Traffic Domain ................................................................ 440
How Traffic Domains Work............................................................ 441
Supported NetScaler Features in Traffic Domains....................................444
Configuring Traffic Domains...........................................................445
Contents
xviii
To create a VLAN and bind interfaces to it by using the command line
interface...........................................................................446
To create a traffic domain entity and bind VLANs to it by using the
command line interface...........................................................446
To create a service by using the command line interface....................... 446
To create a load balancing virtual server and bind services to it by using the
command line interface...........................................................446
To create a VLAN by using the configuration utility..............................446
To create a traffic domain entity by using the configuration utility...............446
To create a service by using the configuration utility............................ 446
To create a load balancing virtual server by using the configuration utility..... 447
Inter Traffic Domain Entity Bindings...................................................447
VMAC Based Traffic Domains.........................................................447
VXLAN.......................................................................................453
How VXLANs Work....................................................................454
VXLAN Use Case: Load Balancing across Datacenters .............................455
Points to Consider for Configuring VXLANs.......................................... 460
Configuration Steps....................................................................461
Configuration Using the Command Line Interface...............................462
Configuration Using the Configuration Utility.................................... 463
8 Web Interface........................................................................................465
How Web Interface Works..................................................................466
Prerequisites................................................................................ 466
Installing the Web Interface.................................................................467
To install the Web interface and JRE tar files by using the command line interface 467
To install the Web interface and JRE tar files by using the configuration utility......468
Configuring the Web Interface..............................................................468
Configuring a Web Interface Site for LAN Users Using HTTP....................... 468
To configure a Web interface site for LAN users using HTTP by using the
configuration utility................................................................469
To configure a Web interface site for LAN users using HTTP by using the
command line interface...........................................................470
Configuring a Web Interface Site for LAN Users Using HTTPS......................471
To configure a Web interface site for LAN users using HTTPS by using the
configuration utility................................................................472
To configure a Web interface site for LAN users using HTTPS by using the
command line.....................................................................473
Using the WebInterface.conf Dialog Box...................................................475
To search a string in the webinterface.conf file by using the configuration utility....475
Citrix NetScaler System Guide
xix
To save the content of the webinterface.conf to your local system by using the
configuration utility.....................................................................476
Using the config.xml Dialog Box............................................................476
To search a string in the config.xml file by using the configuration utility............ 476
To save the content of the config.xml to the local system by using the
configuration utility.....................................................................477
Contents
xx
/