Module 01 Core Configuration
Module 01 Core Configuration
Module 01 Core Configuration
Agenda
Day 1 (NetScaler Fundamental Concepts)
Core Configuration
NetScaler Hardware
MPX 5500
VPX
MPX 17000/17500/19500/21500
2012 Citrix | Confidential Do Not Distribute
SDX
NetScaler VPX
Gig+ performance
Labs/test environments
Development environments
Datacenter-in-a-box
FIPS requirements
CPU-intensive workloads
NetScaler SDX
Instances, not partitions
Complete CPU isolation
Complete memory isolation
Version independence
High availability independence
Lifecycle independence
Architecture
BSD manages
The boot process
Filesystem access
Long-term logging
2012 Citrix | Confidential Do Not Distribute
Initial Setup
Networking Concepts
Network Topologies
One-Armed
If you are able to, one-armed topologies are the preferred method of
deploying NetScaler in most environments, and is what we will use today
2012 Citrix | Confidential Do Not Distribute
Network Topologies
Two-Armed
NSIP
MIP
SNIP
VIP
GSLB
NetScaler IP Address
Mapped IP Address
Subnet IP Address
Virtual IP Address/Vserver IP Address
Site IP Address
Client
Client
IP
Citrix
NetScaler
VIP
MIP/SNIP
Backend
Server
Server
IP
NetScaler Networking
Citrix
Citrix NetScaler
NetScaler
Typical
Typical Network
Network Endpoint
Endpoint
Device
Device
NIC 1
IP Address 1IP
Address n
NIC 2
NIC 1
MAC 1
MAC 2
IP Address 1
IP Address 2
Subnet B
MAC 1
NIC 2
MAC 2
Subnet A
NetScaler Modes
Layer-3 mode
Layer-2 mode
MAC-Based forwarding
USIP
Router 1
MAC address: 00:01::e6:ff0d:69
IP address: 10.10.1.2
IP and MAC
addresses
are cached
Router 2
MAC address: 00:01::e6:ff0d:67
IP address: 10.10.1.1
Server 1
Service: service-ANY-1
Server 2
Service: service-ANY-2
IP address: 10.10.1.1
IP address: 10.10.1.1
RNAT Example
Packet received by the client after RNAT
Source IP Address
Destination IP Address
Source IP Address
Destination IP Address
100.100.100.1
200.200.200.1
192.168.1.1
200.200.200.1
Internet
Private Network
Client
(200.200.200.1)
Source IP Address
200.200.200.1
NetScaler MIP
Address
(100.100.100.1)
Destination IP Address
100.100.100.1
Backend Server
(192.168.1.1)
Source IP Address
Destination IP Address
200.200.200.1
192.168.1.1
GUI / CLI
Access the GUI by going to NSIP
Access the CLI through SSH client (PuTTY)
Access file system through SFTP client (WinSCP)
FreeBSD shell
e.g., train_73>
# FreeBSD
e.g., root@ns#
> shell
Use this command to move to the FreeBSD command prompt, where FreeBSD commands
may be entered
Press the <Control> + <D> keys or type exit to return to the Citrix NetScaler system CLI
prompt
Command completion
Entering a partial command followed by a question mark displays all commands
matching the partial command. For example, entering sh? displays shell, show and
shutdown (on successive lines)
Command help
Help displays a syntax description of any CLI command
Command history
History displays up to the last 100 previous commands
2012 Citrix | Confidential Do Not Distribute
Command Completion
<?> key
<Ctrl>+<a> keys
<Ctrl>+<e> keys
<Ctrl>+<u> keys
Show routes
> shell
Execute all the lines in lb.txt as cli commands, and capture output in error.log
> reboot
> quit
Licensing
NetScaler Offerings
Packaged for broad adoption for all users
Enterprise
Platinum
Edition
Edition
Edition
Comprehensive L47
load balancing and
optimizes
expensive server
and network
resources to reduce
cost Do Not Distribute
2012 Citrix | Confidential
Web application
delivery solution
providing advanced
traffic management
and powerful
application
acceleration
Web application
delivery solution
designed to deliver
mission-critical
applications with
web application
firewall security,
fastest
Standard
NetScaler Licensing
Appliance licensing
One license per appliance
(physical or virtual)
Ability to upgrade throughput via a
license within each physical
MPX/SDX appliance
License file determines the
available features and system
performance limits to enable on the
appliance
License Files
NetScaler MPX
License File
MyCitrix
NetScaler VPX
License File
Instance License
Files
NetScaler Feature
Matrix
MPX
MPX
MPX
Standa Enterpri Platinu
rd
se
m
SDX
Mod
el
MPX
Standa
rd
MPX
MPX
Enterpri Platinu
se
m
SDX
5500
YES
YES
YES
NO
17550
YES
YES
YES
YES
7500
YES
YES
YES
NO
18500
YES
YES
YES
YES
9500
YES
YES
YES
NO
19500
YES
YES
YES
YES
9700
YES
YES
YES
NO
19550
YES
YES
YES
YES
10500
YES
YES
YES
NO
20550
YES
YES
YES
YES
11500
YES
YES
YES
YES
21500
YES
YES
YES
YES
12500
YES
YES
YES
NO
21550
YES
YES
YES
YES
13500
YES
YES
YES
YES
14500
YES
YES
YES
YES
15500
YES
YES
YES
NO
16500
YES
YES
YES
YES
17500
YES
YES
YES
YES
MPX7500-9500
MPX10500-15500
MPX17500-21550
Power supply AC
Power supply DC
Not available
Not available
Available
Available
Available
Available
Available
Not available
Available
Available
Available
Available
Available
Available
Not available
Available
Not available
Available
Available
Not available
Not available
Not available
Not available
Not available
Available
Available
Available
Not available
Available
Not available
Available
Available
Available
Available
Available
Not available
Not available
Not available
Available
Available
Available
Available
Not available
Available
Available
Available
Available
Available
Available
Available
Not available
Available
Available
Available
Available
Available
Not available
Not available
Not available
Not available
Not available
Available
Available
Edition
Standard
Enterprise
Platinum
AppCompress
GSLB
Application Firewall
AppCache (MPX 5500/7500, 7000 series)
AppCache (excluding MPX 5500/7500, 7000 series)
EdgeSight for NetScaler
Additional Cost
Additional Cost
N/A
N/A
N/A
N/A
Included
Included
Additional Cost
Additional Cost
Additional Cost
Additional Cost
Included
Included
Included
Included
Included
Included
HTTP
Throughput
10 Mpbs
200 Mbps
500 Mpbs
NetScaler CloudBridge
Standard
Edition
Enterprise
Edition
Platinum
Edition
NS 9010 FIPS
N/A
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
Firewall
Firewall
Firewall
Firewall
Firewall
5500 Platform
7500 Platform
9500 Platform
10500 Platform
12500 Platform
MPX
12500
Throughput
500 Mpbs
1 Gbps
2 Gbps
3 Gbps
5 Gbps
MPX
10500
MPX
9500
MPX
5500
2012 Citrix | Confidential Do Not Distribute
MPX
7500
NetScaler Upgrades
MPX
MPX
Via software license
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
MPX
Standa
rd
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
MPX 16500
20500
MPX 18500
20500
MPX 17550
19550
MPX 17550
20550
MPX 17550
21550
MPX 19550
20550
MPX 19550
21550
MPX 20550
21550
MPX 19500
21500
to MPX
to MPX
to MPX
to MPX
to MPX
to MPX
to MPX
to MPX
to MPX
Standa
rd
Enterpri Platinu
se
m
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
Platinu
m
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
Available
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
MPX
12500
Throughput
Upgrade
1Gbp to 2 Gbps
3 Gbps to 5 Gbps
MPX
10500
MPX
9500
MPX
7500
License
Upgrad
e
License
Upgrad
e
Upgrade
Charge
to MPX 15500
Upgrade
Charge to
MPX 19500
Upgrade
Charge to
MPX 21500
MPX 10500
Available
----
----
MPX 12500
Available
----
----
MPX 17500
----
Available
Available
MPX 19500
----
-----
Available
MPX 21500
----
----
----
Model
Burst License
to MPX 15500
Burst License
to MPX 19500
Burst License
to MPX
21500
MPX 10500
Available
----
----
MPX 12500
Available
----
----
MPX 17500
----
----
Available
MPX 19500
----
-----
Available
MPX 21500
----
----
----
Commercial: EASY
SMB Customers
No Customer Discounts
Advisor Rewards Eligible
Commercial: ELA
Medium to Large
Businesses
Customer Discounts based
on Initial Purchase
Advisor Rewards Eligible
ELA 7 Require AVP, GEO
VP and Finance Controller
approval
Public Sector
Education Academic
and Non-Profit
Institutions
GSA Federal, State,
and Local Government
entities inside the United
States
GELA other
Government programs,
outside the United States
MPX 7500 to
MPX 9500
(1 Gb 3 Gb)
MPX 10500
to MPX
15500
(5 Gb 15
Gb)
MPX 11500
to MPX
18500
(5 Gb 30
Gb)
MPX 12500
to MPX
15500
(8 Gb 15
Gb)
MPX 13500
to MPX
18500
(12 Gb 30
Gb)
MPX 14500
to MPX
18500
(16 Gb 30
Gb)
MPX 16500 MPX 17500 MPX 17550 MPX 19500 MPX 19550 MPX 20550
VPX100 to
to MPX
to MPX
to MPX
to MPX
to MPX
to MPX
VPX3000
18500
21500
21550
21500
21550
21550
(1 Gb 3
(20 Gb
(20 Gb
(20 Gb
(35 Gb
(30 Gb
(40 Gb
Gb)
30 Gb)
50 Gb)
50 Gb)
50 Gb)
50 Gb)
50 Gb)
Notes:
A 90-day license used to accommodate above average traffic conditions and reassess permanent capacity requirements
Licenses are purchased in quantity of one
For Burst Licenses, use a web key obtained via email to generate Burst License via http://www.mycitrix.com.
There are no associated maintenance
2012 Citrix | Confidential Do Not Distribute
STD
ENT
PLT
STD
ENT
PLT
STD
ENT
PLT
YES
YES
YES
YES
YES
YES
N/A
N/A
YES
YES
YES
YES
YES
YES
YES
N/A
N/A
YES
YES
YES
YES
YES
YES
YES
N/A
N/A
YES
YES
YES
YES
N/A
N/A
YES
N/A
N/A
YES
YES
YES
YES
N/A
N/A
YES
N/A
N/A
YES
YES
YES
YES
YES
YES
YES
N/A
N/A
YES
YES
YES
YES
N/A
N/A
YES
N/A
N/A
YES
YES
YES
YES
N/A
N/A
YES
N/A
N/A
YES
YES
YES
YES
N/A
N/A
YES
YES
YES
YES
N/A
N/A
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
High Availability
HA - Concepts
NetScaler High Availability (HA) is a base functionality
Does not need to be enabled
Does need to be configured
HA - Concepts
Negotiation
Whos in charge?
Propagation
Commands sent from Primary to Secondary
Synchronization
Configuration synchronized between Primary and Secondary
HA - Design Considerations
By default management and heartbeat sent via L2
Distance between nodes is not a limitation
L2 connectivity between the two HA nodes must allow the heartbeat to be
received within 3 seconds by default
HA - Typical Configuration
HA - Configuration Process
Starting with two new systems
NS-A and NS-B
Setup overview
Setup NS-A
HA - GUI
HA - Completing Setup
Verify negotiation
NS-A primary, NS-B secondary
HA - Managing Configurations
set node command
> set node [hastatus (ENABLE | STAYSECONDARY | DISABLE )] [
hasync ( ENABLE | DISABLE )]
STAYSECONDARY - Holds node secondary, even if primary goes down
DISABLE - Hold node secondary and do not synchronize to primarys configuration
HA - Force Synchronization
> force ns synch
Will not work when:
Executed on Standalone System
HA is Disabled
HA Synchronization is disabled
HA - Upgrade Procedure
Perform rolling upgrade
Code Upgrade
Overview
Code upgrades are done by uploading a compressed tar file, extracting it, then
running an install script
Through the GUI, this is handled behind the scenes, but it can be done
manually as well
Downgrades are handled the same way, but risk having parts of the
configuration dropped due to additional configuration directives.
In some cases, old boot files will need to be removed manually via the BSD
shell, as indicated by an error on the install
To start the upgrade process through the GUI, go to the Diagnostics tab under
System and select the Upgrade Wizard button
Next, point to the upgrade file (.tgz) located locally or on the appliance:
NETSCALER-WORKSHOP
2012 Citrix | Confidential Do Not Distribute