Cisco Citrix NetScaler 1000V User guide

Cisco Systems, Inc.

www.cisco.com

Cisco has more than 200 offices worldwide.

Addresses, phone numbers, and fax numbers

are listed on the Cisco website at

www.cisco.com/go/offices.

Citrix NetScaler 1000V

Administration Guide

Citrix NetScaler 10.5

December 11, 2014

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL

STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT

SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE

OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant

to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial

environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause

harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required

to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant

to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates,

uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications.

However, there is no guarantee that interference will not occur in a particular installation. If the equipment causes interference to radio or television reception, which can be

determined by turning the equipment off and on, users are encouraged to try to correct the interference by using one or more of the following measures:

• Reorient or relocate the receiving antenna.

• Increase the separation between the equipment and receiver.

• Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

• Consult the dealer or an experienced radio/TV technician for help.

Modifications to this product not authorized by Cisco could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH

ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF

DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,

WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this

URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display

output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in

illustrative content is unintentional and coincidental.

Citrix and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the United States Patent

and Trademark Office and in other countries. All other product names, company names, marks, logos, and symbols are trademarks of their respective owners.

Contents

1 Basic Operations.....................................................................................21

Viewing and Saving Configurations..........................................................22

To view the running configuration by using the command line interface.............. 22

To view the running configuration by using the configuration utility................... 22

To find the difference between two configuration files by using the command line

interface................................................................................. 22

To find the difference between two configuration files by using the configuration

utility..................................................................................... 22

To save configurations by using the command line interface..........................22

To save configurations by using the configuration utility...............................23

To view the saved configurations by using the command line interface...............23

To view the saved configurations by using the configuration utility....................23

Clearing the NetScaler Configuration........................................................23

To clear the configuration by using the command line interface.......................24

To clear the configuration by using the configuration utility............................24

Configuring Clock Synchronization.......................................................... 24

Setting Up Clock Synchronization......................................................24

To add an NTP server by using the command line interface..................... 24

To configure an NTP server by using the configuration utility.................... 25

Starting the NTP Daemon.............................................................. 25

To enable NTP synchronization by using the command line interface...........25

To enable NTP synchronization by using the configuration utility................25

Configuring Clock Synchronization Manually.......................................... 25

To enable clock synchronization on your NetScaler by modifying the

ntp.conf file.........................................................................25

Configuring System Session Timeout....................................................... 26

Viewing the System Date and Time..........................................................28

To view the system date and time by using the command line interface..............28

To view the system date and time by using the configuration utility...................28

Backing up and Restoring the NetScaler Appliance........................................ 28

Backing up a NetScaler Appliance..................................................... 29

iii

To backup the NetScaler by using the NetScaler command line interface.......30

To backup the NetScaler by using the configuration utility....................... 31

Restoring the NetScaler Appliance.....................................................31

To restore the NetScaler by using the command line interface...................31

To restore the NetScaler by using the configuration utility........................32

Restarting or Shutting down the Appliance..................................................32

To restart the NetScaler by using the command line interface.........................32

To restart the NetScaler by using the configuration utility..............................32

To shut down the NetScaler by using the command line interface.................... 33

2 Administration........................................................................................35

Authentication and Authorization............................................................ 37

Configuring Users and Groups......................................................... 37

Configuring User Accounts........................................................37

Configuring User Groups.......................................................... 38

Configuring Command Policies.........................................................39

Built-in Command Policies.........................................................39

Creating Custom Command Policies..............................................40

Binding Command Policies to Users and Groups................................ 42

Resetting the Default Administrator (nsroot) Password................................43

To reset the nsroot password......................................................44

Example of a User Scenario............................................................45

Configuration steps................................................................ 46

Configuring External User Authentication..............................................47

Configuring LDAP Authentication................................................. 47

Configuring RADIUS Authentication.............................................. 50

Configuring TACACS+ Authentication.............................................51

Binding the Authentication Policies to the System Global Entity.................52

TCP Configurations.......................................................................... 52

Setting Global TCP Parameters........................................................ 54

Default TCP profile.................................................................54

Global TCP command............................................................. 54

TCP buffering feature..............................................................55

Setting Service or Virtual Server Specific TCP Parameters........................... 55

To specify service or virtual server level TCP configurations by using the

command line interface............................................................56

To specify service or virtual server level TCP configurations by using the

configuration utility.................................................................56

Built-in TCP Profiles.....................................................................56

Sample TCP Configurations............................................................ 58

Contents

iv

Defending TCP against spoofing attacks......................................... 58

Explicit Congestion Notification (ECN)............................................58

Selective ACKnowledgment (SACK)..............................................59

Window Scaling (WS) .............................................................59

Maximum Segment Size (MSS)...................................................59

NetScaler to learn the MSS of a virtual server ................................... 59

TCP keep-alive.....................................................................59

Buffer size - using TCP profile ....................................................59

Buffer size - using TCP buffering feature .........................................60

MPTCP.............................................................................60

Congestion control.................................................................60

Dynamic receive buffering.........................................................60

HTTP Configurations.........................................................................60

Setting Global HTTP Parameters.......................................................61

Default HTTP profile............................................................... 61

Global HTTP command............................................................61

Setting Service or Virtual Server Specific HTTP Parameters..........................62

To specify service or virtual server level HTTP configurations by using the

command line interface............................................................62

To specify service or virtual server level HTTP configurations by using the

configuration utility.................................................................63

Built-in HTTP Profiles................................................................... 63

Sample HTTP Configurations...........................................................63

HTTP band statistics...............................................................63

WebSocket connections...........................................................64

SNMP.........................................................................................64

Importing MIB Files to the SNMP Manager and Trap Listener........................ 65

Configuring the NetScaler to Generate SNMP Traps..................................65

Enabling an SNMP Alarm......................................................... 65

Configuring Alarms.................................................................66

Configuring SNMPv1 or SNMPv2 Traps.......................................... 67

Enabling Unconditional SNMP Trap Logging..................................... 68

Configuring SNMPv3 Traps.............................................................68

To configure an SNMPv3 trap by using the command line interface ............ 68

To configure an SNMPv3 trap by using the configuration utility..................69

Configuring the NetScaler for SNMP v1 and v2 Queries.............................. 69

Specifying an SNMP Manager.................................................... 70

Specifying an SNMP Community..................................................71

Configuring SNMP Alarms for Rate Limiting........................................... 72

Configuring an SNMP Alarm for Throughput or PPS.............................72

Citrix NetScaler System Guide

v

Configuring SNMP Alarm for Dropped Packets...................................73

Configuring the NetScaler for SNMPv3 Queries.......................................74

Setting the Engine ID.............................................................. 75

Configuring a View.................................................................75

Configuring a Group............................................................... 76

Configuring a User.................................................................76

Audit Logging.................................................................................77

Configuring the NetScaler Appliance for Audit Logging................................78

Configuring Audit Servers......................................................... 78

Configuring Audit Policies......................................................... 79

Binding the Audit Policies Globally................................................80

Configuring Policy-Based Logging................................................ 81

Installing and Configuring the NSLOG Server......................................... 82

Installing NSLOG Server on the Linux Operating System........................83

Installing NSLOG Server on the FreeBSD Operating System....................84

Installing NSLOG Server Files on the Windows Operating System..............85

NSLOG Server Command Options................................................86

Adding the NetScaler Appliance IP Addresses on the NSLOG Server.......... 88

Verifying the NSLOG Server Configuration File...................................88

Running the NSLOG Server............................................................ 88

To start audit server logging....................................................... 88

To stop audit server logging that starts as a background process in

FreeBSD or Linux..................................................................89

To stop audit server logging that starts as a service in Windows.................89

Customizing Logging on the NSLOG Server...........................................89

Creating Filters.....................................................................89

Specifying Log Properties......................................................... 90

Default Settings for the Log Properties.................................................92

Sample Configuration File (audit.conf)................................................. 92

Web Server Logging..........................................................................93

Configuring the NetScaler for Web Server Logging....................................93

To configure web server logging by using the command line interface.......... 93

To configure web server logging by using the configuration utility............... 94

Installing the NetScaler Web Logging (NSWL) Client..................................94

Downloading the NSWL Client.................................................... 96

Installing the NSWL Client on a Solaris System..................................96

Installing the NSWL Client on a Linux System....................................97

Installing the NSWL Client on a FreeBSD System............................... 98

Installing the NSWL Client on a Mac System.....................................98

Installing the NSWL Client on a Windows System................................99

Contents

vi

Installing the NSWL Client on a AIX System......................................99

Configuring the NSWL Client..........................................................100

Adding the IP Addresses of the NetScaler Appliance...........................101

Verifying the NSWL Configuration File...........................................102

Running the NSWL Client........................................................102

Customizing Logging on the NSWL Client System...................................103

Sample Configuration File........................................................103

Creating Filters................................................................... 105

Specifying Log Properties........................................................107

Understanding the NCSA and W3C Log Formats...............................109

Creating a Custom Log Format.................................................. 114

Arguments for Defining a Custom Log Format.................................. 116

Time Format Definition........................................................... 119

Reporting Tool...............................................................................121

Using the Reporting Tool.............................................................. 122

To invoke the Reporting tool......................................................122

Working with Reports.............................................................122

Working with Charts..............................................................126

Examples......................................................................... 130

Stopping and Starting the Data Collection Utility..................................... 131

To stop nscollect..................................................................131

To start nscollect on the local system............................................131

3 AppFlow.............................................................................................133

How AppFlow Works........................................................................135

Flow Records.......................................................................... 136

Templates.............................................................................. 136

EIEs for web page performance data............................................137

EIEs for database information ...................................................137

Configuring the AppFlow Feature.......................................................... 138

Enabling AppFlow..................................................................... 138

To enable the AppFlow feature by using the command line interface.......... 139

To enable the AppFlow feature by using the configuration utility............... 139

Specifying a Collector................................................................. 139

To specify a collector by using the command line interface.....................139

To specify a collector by using the configuration utility..........................139

Configuring an AppFlow Action....................................................... 139

To configure an AppFlow action by using the command line interface......... 140

.................................................................................... 140

To configure an AppFlow action by using the configuration utility.............. 140

Citrix NetScaler System Guide

vii

Configuring an AppFlow Policy........................................................140

To configure an AppFlow policy by using the command line interface..........140

To configure an AppFlow policy by using the configuration utility...............141

To add an expression by using the Add Expression dialog box.................141

Binding an AppFlow Policy............................................................ 141

To globally bind an AppFlow policy by using the command line interface......142

To bind an AppFlow policy to a specific virtual server by using the command

line interface...................................................................... 142

To globally bind an AppFlow policy by using the configuration utility........... 142

To bind an AppFlow policy to a specific virtual server by using the

configuration utility................................................................142

Enabling AppFlow for Virtual Servers.................................................142

To enable AppFlow for a virtual server by using the command line interface.. 143

To enable AppFlow for a virtual server by using the configuration utility....... 143

Enabling AppFlow for a Service.......................................................143

To enable AppFlow for a service by using the command line interface.........143

To enable AppFlow for a service by using the configuration utility..............143

Setting the AppFlow Parameters......................................................143

To set the AppFlow Parameters by using the command line interface......... 144

To set the AppFlow parameters by using the configuration utility...............144

Example: Configuring AppFlow for DataStream......................................144

Exporting Performance Data of Web Pages to AppFlow Collector........................145

Prerequisites for Exporting Performance Data of Web Pages to AppFlow

Collectors.............................................................................. 145

Associating an AppFlow Action with the EdgeSight Monitoring Responder Policy..146

To associate an AppFlow action with the EdgeSight Monitoring Responder

policy by using the command line interface......................................146

To associate an AppFlow action with the EdgeSight Monitoring Responder

policy by using the configuration utility...........................................146

Configuring a Virtual Server to Export EdgeSight Statistics to Appflow

Collectors......................................................................... 147

4 AutoScale: Automatic Scaling in the Citrix CloudPlatform Environment......................149

How AutoScale Works......................................................................151

Supported Environment.....................................................................152

Prerequisites................................................................................ 152

NetScaler Configuration Details............................................................ 152

Troubleshooting.............................................................................157

The AutoScale configuration was successfully configured in CloudPlatform. Yet,

the minimum number of VMs has not been created. ................................ 157

Contents

viii

The AutoScale configuration is rapidly spawning a large number of VMs...........158

When I ran the top command on my VM, I noticed that the CPU usage on my

VM had breached the threshold that was configured for the scale-up action in

AutoScale. Yet, the application is not scaling up......................................158

One or more additional VMs have been created, but they are not accepting

traffic (that is, VMs have been created, but the average value of the metrics is

still above the threshold) ..............................................................158

The AutoScale configuration has been deleted, but the VMs continue to exist......159

5 Clustering............................................................................................161

NetScaler Features Supported on a Cluster............................................... 162

Hardware and Software Requirements.....................................................166

How Clustering Works...................................................................... 167

Synchronization Across Cluster Nodes............................................... 167

Striped, Partially Striped, and Spotted Configurations................................168

Communication in a Cluster Setup....................................................169

Traffic Distribution in a Cluster Setup................................................. 171

Cluster Nodegroups................................................................... 173

Nodegroup - For Spotted and Partially-Striped Configurations................. 173

Nodegroup - For Datacenter Redundancy.......................................176

Cluster and Node States.............................................................. 177

Routing in a Cluster....................................................................179

Setting up a NetScaler Cluster............................................................. 180

Setting up Inter-Node Communication................................................180

To set up the cluster backplane, do the following for every node...............181

Creating a NetScaler Cluster..........................................................182

To create a cluster by using the command line interface........................182

To create a cluster by using the configuration utility.............................183

Adding a Node to the Cluster..........................................................183

To add a node to the cluster by using the command line interface............. 184

To add a node to the cluster by using the configuration utility.................. 185

To join a previously added node to the cluster by using the configuration

utility...............................................................................185

Removing a Cluster Node.............................................................185

To remove a cluster node by using the command line interface................186

To remove a cluster node by using the configuration utility..................... 186

Viewing the Details of a Cluster.......................................................186

To view details of a cluster instance by using the command line interface.....186

To view details of a cluster node by using the command line interface.........186

To view details of a cluster instance by using the configuration utility.......... 186

Citrix NetScaler System Guide

ix

To view details of a cluster node by using the configuration utility..............187

Distributing Traffic Across Cluster Nodes.................................................. 187

Using Equal Cost Multiple Path (ECMP)..............................................187

To configure ECMP on the cluster by using the command line interface.......188

Use Case: ECMP with BGP Routing.............................................190

Using Linksets......................................................................... 191

To configure a linkset by using the command line interface.....................193

To configure a linkset by using the configuration utility..........................194

Managing the NetScaler Cluster............................................................194

Configuring a Nodegroup to Define Spotted and Partially-Striped Configurations.. 194

To configure a node group by using the command line interface............... 194

To configure a node group by using the configuration utility ....................195

Configuring Nodegroups for Datacenter Redundancy................................196

Disabling a Cluster Node..............................................................197

To disable a cluster node by using the command line interface................ 197

To disable a cluster node by using the configuration utility......................197

Discovering NetScaler Appliances.................................................... 198

To discover appliances by using the configuration utility........................198

Viewing the Statistics of a Cluster.....................................................198

To view the statistics of a cluster instance by using the command line

interface...........................................................................198

To view the statistics of a cluster node by using the command line interface.. 198

To view the statistics of a cluster instance by using the configuration utility....199

To view the statistics of a cluster node by using the configuration utility....... 199

Synchronizing Cluster Configurations.................................................199

To synchronize cluster configurations by using the command line interface... 199

To synchronize cluster configurations by using the configuration utility........ 199

Synchronizing Cluster Files........................................................... 200

To synchronize cluster files by using the command line interface.............. 201

To synchronize cluster files by using the configuration utility................... 201

Synchronizing Time on Cluster Nodes................................................201

To enable/disable PTP by using the command line interface................... 201

To enable/disable PTP by using the configuration utility........................ 201

Upgrading or Downgrading the Cluster Software.....................................202

To upgrade or downgrade the software of the cluster nodes....................202

Use Cases...................................................................................203

Creating a Two-Node Cluster..........................................................203

Migrating an HA Setup to a Cluster Setup............................................204

To convert a HA setup to cluster setup by using the NetScaler command line 204

Migrating an HA Setup to a Cluster Setup without Downtime........................205

Contents

x

To convert a HA setup to cluster setup (without downtime) by using the

NetScaler command line......................................................... 206

Setting Up GSLB in a Cluster......................................................... 208

To set up GSLB in a cluster by using the command line interface..............208

Using Cache Redirection in a Cluster.................................................210

Using L2 Mode in a Cluster Setup.................................................... 210

Backplane on LA Channel.............................................................210

Common Interfaces for Client and Server and Dedicated Interfaces for Backplane 212

Common Switch for Client, Server, and Backplane...................................213

Common Switch for Client and Server and Dedicated Switch for Backplane........216

Different Switch for Every Node.......................................................218

Sample Cluster Configurations........................................................218

Troubleshooting the NetScaler Cluster.....................................................221

Tracing the Packets of a NetScaler Cluster...........................................221

To trace packets of a standalone appliance..................................... 222

To trace packets of a cluster..................................................... 222

Merge multiple trace files.........................................................223

Examples......................................................................... 223

Troubleshooting Common Issues..................................................... 224

Clustering FAQs.............................................................................227

Operations Not Propagated to Cluster Nodes............................................. 231

Operations Supported on Individual Cluster Nodes........................................231

6 High Availability.....................................................................................233

Considerations for a High Availability Setup............................................... 235

Configuring High Availability................................................................236

Adding a Remote Node................................................................237

To add a node by using the command line interface............................ 237

To disable an HA monitor by using the command line interface................ 238

To add a remote node by using the configuration utility.........................238

Disabling or Enabling a Node......................................................... 238

To disable or enable a node by using the command line interface............. 238

To disable or enable a node by using the configuration utility...................238

Removing a Node......................................................................239

To remove a node by using the command line interface........................239

To remove a node by using the configuration utility............................. 239

Configuring the Communication Intervals..................................................239

To set the hello and dead intervals by using the command line interface............239

To set the hello and dead intervals by using the configuration utility.................239

Configuring Synchronization................................................................240

Citrix NetScaler System Guide

xi

Disabling or Enabling Synchronization................................................240

To disable or enable automatic synchronization by using the command line

interface...........................................................................240

To disable or enable synchronization by using the configuration utility.........240

Forcing the Secondary Node to Synchronize with the Primary Node................240

To force synchronization by using the command line interface................. 241

To force synchronization by using the configuration utility...................... 241

Synchronizing Configuration Files in a High Availability Setup............................241

To synchronize files in a high availability setup by using the command line

interface................................................................................241

To synchronize files in a high availability setup by using the configuration utility....242

Configuring Command Propagation........................................................242

To disable or enable command propagation by using the command line interface..242

To disable or enable command propagation by using the configuration utility.......242

Configuring Fail-Safe Mode.................................................................243

To enable fail-safe mode by using the command line interface...................... 244

To enable fail-safe mode by using the configuration utility........................... 244

Configuring Virtual MAC Addresses........................................................244

Configuring IPv4 VMACs..............................................................245

Creating or Modifying an IPv4 VMAC............................................245

Removing an IPv4 VMAC........................................................246

Configuring IPv6 VMAC6s.............................................................246

Creating or Modifying a VMAC6................................................. 246

Removing a VMAC6..............................................................247

Configuring High Availability Nodes in Different Subnets..................................248

Adding a Remote Node................................................................249

To add a node by using the command line interface............................ 249

To disable an HA monitor by using the command line interface................ 250

To add a remote node by using the configuration utility.........................250

Removing a Node......................................................................250

To remove a node by using the command line interface........................250

To remove a node by using the configuration utility............................. 251

Configuring Route Monitors.................................................................251

Adding a Route Monitor to a High Availability Node..................................251

To add a route monitor by using the command line interface................... 251

To add a route monitor by using the configuration utility........................ 251

Removing Route Monitors.............................................................251

To remove a route monitor by using the command line interface...............252

To remove a route monitor by using the configuration utility....................252

Limiting Failovers Caused by Route Monitors in non-INC mode..........................252

Contents

xii

Configuring FIS............................................................................. 254

Creating or Modifying an FIS..........................................................254

To add an FIS and bind interfaces to it by using the command line interface.. 254

To unbind an interface from an FIS by using the command line interface......255

To configure an FIS by using the configuration utility............................255

Removing an FIS...................................................................... 255

To remove an FIS by using the command line interface........................ 255

To remove an FIS by using the configuration utility............................. 255

Understanding the Causes of Failover..................................................... 255

Forcing a Node to Fail Over................................................................ 256

Forcing the Secondary Node to Stay Secondary.......................................... 258

To force the secondary node to stay secondary by using the command line

interface................................................................................258

To force the secondary node to stay secondary by using the configuration utility...258

Forcing the Primary Node to Stay Primary.................................................258

To force the primary node to stay primary by using the command line interface.... 259

To force the primary node to stay primary by using the configuration utility......... 259

Understanding the High Availability Health Check Computation..........................259

High Availability............................................................................. 260

Troubleshooting High Availability Issues .................................................. 262

7 Networking.......................................................................................... 267

IP Addressing............................................................................... 268

Configuring NetScaler-Owned IP Addresses ........................................ 268

Configuring the NetScaler IP Address (NSIP) .................................. 268

Configuring and Managing Virtual IP (VIP) Addresses .........................269

Configuring ARP response Suppression for Virtual IP addresses (VIPs).......272

Configuring Subnet IP Addresses (SNIPs) ......................................274

Configuring Mapped IP Addresses (MIPs) ......................................281

Configuring GSLB Site IP Addresses (GSLBIP) ................................283

Removing a NetScaler-Owned IP Address ..................................... 283

Configuring Application Access Controls ....................................... 284

How the NetScaler Proxies Connections .............................................286

How the Destination IP Address Is Selected ....................................286

How the Source IP Address Is Selected ........................................ 287

Enabling Use Source IP Mode ........................................................287

Recommended Usage............................................................289

To globally enable or disable USIP mode by using the command line

interface...........................................................................289

To enable USIP mode for a service by using the command line interface......290

Citrix NetScaler System Guide

xiii

To globally enable or disable USIP mode by using the configuration utility.... 290

To enable USIP mode for a service by using the configuration utility...........290

Configuring Network Address Translation ............................................290

Configuring INAT................................................................. 290

Coexistence of INAT and Virtual Servers ....................................... 292

Stateless NAT46 Translation.....................................................293

DNS64............................................................................ 297

Stateful NAT64 Translation.......................................................303

Configuring RNAT................................................................ 307

RNAT in USIP, USNIP, and LLB Modes .........................................311

Configuring RNAT for IPv6 Traffic................................................312

Configuring Prefix-Based IPv6-IPv4 Translation................................ 313

Configuring Static ARP ............................................................... 315

To add a static ARP entry by using the command line interface................315

To remove a static ARP entry by using the command line interface............315

To add a static ARP entry by using the configuration utility.....................315

Setting the Timeout for Dynamic ARP Entries........................................315

To set the time-out for dynamic ARP entries by using the command line

interface...........................................................................315

To set the time-out for dynamic ARP entries to its default value by using the

command line interface...........................................................316

To set the time-out for dynamic ARP entries by using the configuration utility 316

Configuring Neighbor Discovery ......................................................316

Adding IPv6 Neighbors .......................................................... 317

Removing IPv6 Neighbors .......................................................318

Configuring IP Tunnels................................................................ 318

NetScaler as an Encapsulator (Load Balancing with DSR Mode).............. 319

NetScaler as a Decapsulator.....................................................319

Creating IP Tunnels.............................................................. 319

Customizing IP Tunnels Globally.................................................320

Interfaces....................................................................................321

Configuring MAC-Based Forwarding..................................................321

To enable or disable MAC-based forwarding by using the command line

interface...........................................................................323

Configuring Network Interfaces....................................................... 323

Setting the Network Interface Parameters.......................................323

Enabling and Disabling Network Interfaces......................................325

Resetting Network Interfaces.................................................... 326

Monitoring a Network Interface.................................................. 326

Configuring Forwarding Session Rules............................................... 327

Contents

xiv

To create an IPv4 forwarding session rule by using the command line

interface...........................................................................328

To configure an IPv4 forwarding session rule by using the configuration

utility...............................................................................328

To create an IPv6 forwarding session rule by using the command line

interface...........................................................................328

To configure an IPv6 forwarding session rule by using the configuration

utility...............................................................................329

Understanding VLANs.................................................................329

Applying Rules to Classify Frames.............................................. 330

Configuring a VLAN....................................................................331

Creating or Modifying a VLAN................................................... 332

Monitoring VLANS................................................................333

Configuring VLANs in an HA Setup .............................................333

Configuring VLANs on a Single Subnet .........................................334

Configuring VLANs on Multiple Subnets ........................................334

Configuring Multiple Untagged VLANs across Multiple Subnets ...............335

Configuring Multiple VLANs with 802.1q Tagging............................... 336

Configuring NSVLAN.................................................................. 338

To configure NSVLAN by using the command line interface....................338

To restore the default NSVLAN configuration by using the command line

interface...........................................................................338

To configure NSVLAN by using the configuration utility.........................339

Configuring Bridge Groups............................................................ 339

To add a bridge group and bind VLANs by using the command line interface. 339

To remove a bridge group by using the command line interface................340

To configure a bridge group by using the configuration utility .................. 340

Configuring VMACs....................................................................340

Configuring Link Aggregation..........................................................340

Configuring Link Aggregation by Using the Link Aggregation Control

Protocol...........................................................................341

Configuring Link Redundancy using LACP channels........................... 343

Binding an SNIP address to an Interface............................................. 346

To configure the example settings............................................... 348

Monitoring the Bridge Table and Changing the Aging time...........................350

To change the aging time by using the command line interface................ 351

To change the aging time by using the configuration utility..................... 351

To view the statistics of a bridge table by using the command line interface...351

To view the statistics of a bridge table by using the configuration utility........351

Understanding NetScaler Appliances in Active-Active Mode Using VRRP..........351

Citrix NetScaler System Guide

xv

Health Tracking...................................................................353

Preemption........................................................................354

Sharing............................................................................354

Configuring Active-Active Mode.......................................................354

Adding a VMAC...................................................................354

Configuring Send to Master......................................................355

An Active-Active Deployment Scenario..........................................357

Using the Network Visualizer..........................................................358

To open the Network Visualizer..................................................359

To locate a VLAN or bridge group in the Visualizer............................. 359

To modify the network settings of the appliance by using the Visualizer....... 360

To add a channel by using the Visualizer........................................360

To add a VLAN by using the Visualizer.......................................... 360

To add a bridge group by using the Visualizer...................................360

To modify the settings of an interface or channel by using the Visualizer...... 360

To enable or disable an interface or channel by using the Visualizer...........360

To remove a configured channel, VLAN, or bridge group by using the

Visualizer......................................................................... 361

To view statistics for a node, channel, interface, or VLAN by using the

Visualizer......................................................................... 361

To set up an HA deployment by using the Visualizer............................361

To force the secondary node to take over as the primary by using the

Visualizer......................................................................... 361

To synchronize the secondary node's configuration with the primary node

by using the Visualizer........................................................... 361

To remove the peer node from the HA configuration............................361

To copy the properties of a node or network entity by using the Visualizer.....361

Configuring Link Layer Discovery Protocol........................................... 361

Jumbo Frames.........................................................................364

Configuring Jumbo Frames Support on a NetScaler Appliance................ 365

Use Case 1 – Jumbo to Jumbo Setup...........................................367

Configuration Tasks.............................................................. 369

Use Case 2 – Non-Jumbo to Jumbo Setup......................................370

Configuration Tasks.............................................................. 373

Use Case 3 – Coexistence of Jumbo and Non-Jumbo flows on the Same

Set of Interfaces.................................................................. 374

Configuration Tasks.............................................................. 379

Jumbo Frames.............................................................................. 381

Configuring Jumbo Frames Support on a NetScaler Appliance......................382

Use Case 1 – Jumbo to Jumbo Setup................................................ 383

Contents

xvi

Configuration Tasks....................................................................386

Use Case 2 – Non-Jumbo to Jumbo Setup...........................................387

Configuration Tasks....................................................................390

Use Case 3 – Coexistence of Jumbo and Non-Jumbo flows on the Same Set of

Interfaces...............................................................................391

Configuration Tasks....................................................................396

Access Control Lists........................................................................ 398

ACL Precedence ......................................................................399

Configuring Simple ACLs .............................................................399

Creating Simple ACLs ........................................................... 400

Monitoring Simple ACLs .........................................................400

Removing Simple ACLs ......................................................... 401

Configuring Extended ACLs .......................................................... 401

Creating and Modifying an Extended ACL ......................................402

Applying an Extended ACL ......................................................403

Disabling and Enabling Extended ACLs ........................................ 403

Renumbering the priority of Extended ACLs ....................................404

Configuring Extended ACL Logging .............................................405

Monitoring the Extended ACL ................................................... 406

Removing Extended ACLs ...................................................... 407

Configuring Simple ACL6s............................................................ 408

Creating Simple ACL6s.......................................................... 408

Monitoring Simple ACL6s........................................................ 409

Configuring ACL6s ....................................................................410

Creating and Modifying ACL6s ..................................................410

Applying ACL6s ..................................................................410

Enabling and Disabling ACL6s .................................................. 411

Renumbering the Priority of ACL6s ............................................. 412

Monitoring ACL6s ................................................................413

Removing ACL6s ................................................................ 414

Terminating Established Connections.................................................414

To terminate all established IPv4 connections that match any of your

configured simple ACLs by using the command line interface..................415

To terminate all established IPv4 connections that match any of your

configured simple ACLs by using the configuration utility.......................415

To terminate all established IPv6 connections that match any of your

configured simple ACL6s by using the command line interface................ 415

To terminate all established IPv6 connections that match any of your

configured simple ACL6s by using the configuration utility..................... 415

IP Routing...................................................................................415

Citrix NetScaler System Guide

xvii

Dynamic Routing Protocol Command Reference Guides and Unsupported

Commands.............................................................................416

Configuring Static Routes .............................................................417

Weighted Static Routes.......................................................... 417

Null Routes....................................................................... 418

Configuring IPv4 Static Routes ..................................................418

Configuring IPv6 Static Routes ..................................................419

Route Health Injection Based on Virtual Server Settings.............................420

Configuring Policy-Based Routes .................................................... 422

Configuring a Policy-Based Routes (PBR) for IPv4 Traffic......................423

Configuring a Policy-Based Routes (PBR6) for IPv6 Traffic.................... 429

Internet Protocol version 6 (IPv6)...........................................................432

Implementing IPv6 Support............................................................433

To enable or disable IPv6 by using the command line interface................434

To enable or disable IPv6 by using the configuration utility..................... 434

VLAN Support..........................................................................434

Simple Deployment Scenario..........................................................434

To create IPv4 services by using the command line interface.................. 436

To create IPv4 services by using the configuration utility....................... 436

To create IPv6 vserver by using the command line interface................... 437

To create IPv6 vserver by using the configuration utility........................ 437

To bind a service to an LB vserver by using the command line interface.......437

To bind a service to an LB vserver by using the configuration utility............438

Host Header Modification..............................................................438

To change the IPv6 address in the host header to an IPv4 address by using

the command line interface...................................................... 438

To change the IPv6 address in the host header to an IPv4 address by using

the configuration utility............................................................438

VIP Insertion........................................................................... 438

To configure a mapped IPv6 address by using the command line interface....439

To configure a mapped IPv6 address by using the configuration utility.........439

To enable VIP insertion by using the command line interface.................. 439

To enable VIP insertion by using the configuration utility........................439

Traffic Domains............................................................................. 440

Benefits of using Traffic Domains..................................................... 440

Default Traffic Domain ................................................................ 440

How Traffic Domains Work............................................................ 441

Supported NetScaler Features in Traffic Domains....................................444

Configuring Traffic Domains...........................................................445

Contents

xviii

To create a VLAN and bind interfaces to it by using the command line

interface...........................................................................446

To create a traffic domain entity and bind VLANs to it by using the

command line interface...........................................................446

To create a service by using the command line interface....................... 446

To create a load balancing virtual server and bind services to it by using the

command line interface...........................................................446

To create a VLAN by using the configuration utility..............................446

To create a traffic domain entity by using the configuration utility...............446

To create a service by using the configuration utility............................ 446

To create a load balancing virtual server by using the configuration utility..... 447

Inter Traffic Domain Entity Bindings...................................................447

VMAC Based Traffic Domains.........................................................447

VXLAN.......................................................................................453

How VXLANs Work....................................................................454

VXLAN Use Case: Load Balancing across Datacenters .............................455

Points to Consider for Configuring VXLANs.......................................... 460

Configuration Steps....................................................................461

Configuration Using the Command Line Interface...............................462

Configuration Using the Configuration Utility.................................... 463

8 Web Interface........................................................................................465

How Web Interface Works..................................................................466

Prerequisites................................................................................ 466

Installing the Web Interface.................................................................467

To install the Web interface and JRE tar files by using the command line interface 467

To install the Web interface and JRE tar files by using the configuration utility......468

Configuring the Web Interface..............................................................468

Configuring a Web Interface Site for LAN Users Using HTTP....................... 468

To configure a Web interface site for LAN users using HTTP by using the

configuration utility................................................................469

To configure a Web interface site for LAN users using HTTP by using the

command line interface...........................................................470

Configuring a Web Interface Site for LAN Users Using HTTPS......................471

To configure a Web interface site for LAN users using HTTPS by using the

configuration utility................................................................472

To configure a Web interface site for LAN users using HTTPS by using the

command line.....................................................................473

Using the WebInterface.conf Dialog Box...................................................475

To search a string in the webinterface.conf file by using the configuration utility....475

Citrix NetScaler System Guide

xix

To save the content of the webinterface.conf to your local system by using the

configuration utility.....................................................................476

Using the config.xml Dialog Box............................................................476

To search a string in the config.xml file by using the configuration utility............ 476

To save the content of the config.xml to the local system by using the

configuration utility.....................................................................477

Contents

xx

Page is loading ...

Cisco Citrix NetScaler 1000V User guide

Cisco Citrix NetScaler 1000V User guide

Related papers

Other documents