Sunday, April 25, 2021

SSL Offloading

Today we are going to setup SSL offload for a VS.


1) First lets check that CS is enabled.

> sh ns feature | grep 'SSL Offloading'
 9)     SSL Offloading                 SSL                  OFF
>
> enable ns feature SSL
 Done
>
> sh ns feature | grep 'SSL Offloading'
 9)     SSL Offloading                 SSL                  ON
>


2) Add IPs, VLANs and Bind them together.

add ns ip 192.168.20.10 255.255.255.0 -type SNIP
add ns ip 172.16.100.10 255.255.255.0 -type SNIP
add vlan 20
add vlan 100
bind vlan 20 -ifnum 1/1
bind vlan 20 -ipaddress 192.168.20.10 255.255.255.0
bind vlan 100 -ifnum 1/2
bind vlan 100 -ipaddress 172.16.100.10 255.255.255.0

> sh ns ip
        Ipaddress        Traffic Domain  Type             Mode     Arp      Icmp     Vserver  State
        ---------        --------------  ----             ----     ---      ----     -------  ------
1)      192.168.10.10    0               NetScaler IP     Active   Enabled  Enabled  NA       Enabled
2)      192.168.20.10    0               SNIP             Active   Enabled  Enabled  NA       Enabled
3)      172.16.100.10    0               SNIP             Active   Enabled  Enabled  NA       Enabled
 Done

Read more »
at
Labels: , , , ,

Sunday, April 18, 2021

Basic Content Switching

This post will show a basic Content Switching (CS) setup.

We will have 2 clients: 192.168.20.50 and 192.168.20.60. 

They will both access the same CS VIP 192.168.20.100

Client .50 will be redirected to an internal VIP which will load balance 4 servers that as a group we will call pool1 and client .60 will be redirected to a different internal VIP that will load balance 4 servers we will call group 2.

So in this lab the CS is therefore happening based on the source IP of the client.


 

Read more »
at
Labels: , ,

Sunday, April 4, 2021

Load balance a website.

This post will show the basic setup for load balancing a website.

This is is the environment. Basic Round Robin load balance to 2 web servers listening on TCP 8000.

Here is where we stand before configuration as we start on the raw Netscaler.

> sh interface summary
--------------------------------------------------------------------------------
      Interface  MTU        MAC                  Suffix                         
--------------------------------------------------------------------------------
1     0/1        1500       00:0c:29:ed:7b:b5    NetScaler Virtual Interface    
2     1/1        1500       00:0c:29:ed:7b:bf    NetScaler Virtual Interface    
3     1/2        1500       00:0c:29:ed:7b:c9    NetScaler Virtual Interface    
4     LO/1       1500       00:0c:29:ed:7b:b5    Netscaler Loopback interface   
 Done
> sh vlan

1)      VLAN ID: 1
        Link-local IPv6 addr: fe80::20c:29ff:feed:7bb5/64
        Interfaces : 0/1 1/1 1/2 LO/1
 Done
> sh ip
        Ipaddress        Traffic Domain  Type             Mode     Arp      Icmp     Vserver  State
        ---------        --------------  ----             ----     ---      ----     -------  ------
1)      192.168.10.10    0               NetScaler IP     Active   Enabled  Enabled  NA       Enabled
 Done
> sh ns feature

        Feature                        Acronym              Status
        -------                        -------              ------
 1)     Web Logging                    WL                   ON
 2)     Surge Protection               SP                   OFF
 3)     Load Balancing                 LB                   ON
 4)     Content Switching              CS                   ON

> sh ns mode | grep ON
 1)     Fast Ramp                      FR                   ON
 7)     Edge configuration             Edge                 ON
 8)     Use Subnet IP                  USNIP                ON
 9)     Layer 3 mode (ip forwarding)   L3                   ON
 10)    Path MTU Discovery             PMTUD                ON

Read more »
at

First Boot CLI message

 This is the message that shows up after initial power up on the CLI.

###############################################################################
#                                                                             #
#        WARNING: Access to this system is for authorized users only          #
#         Disconnect IMMEDIATELY if you are not an authorized user!           #
#                                                                             #
###############################################################################


###############################################################################
#                     CallHome has been enabled by default.                   #
# This feature lets the NetScaler device/instance automatically upload        #
# diagnostic and usage information to Citrix. This data will help detect      #
# critical errors and will also be used to improve the features and the       #
# product.                                                                    #
#                                                                             #
# This feature can be configured anytime using the command line interface or  #
# the configuration utility. Please see the documentation for more details.   #
###############################################################################

###############################################################################
#              'Citrix ADM Service Connect' feature is enabled                #
#                                                                             #
# This feature helps you discover your Citrix ADC instances effortlessly on   #
# Citrix ADM service and get insights and curated machine learning based      #
# recommendations for applications and Citrix ADC infrastructure.             #
# This feature lets the Citrix ADC instance automatically send system, usage  #
# and telemetry data to Citrix ADM service.                                   #
# View here [https://docs.citrix.com/en-us/citrix-adc/13/data-governance.html]#
# to learn more about this feature.                                           #
# You can also configure this feature anytime using the Citrix ADC command    #
# line interface, API or GUI Settings.                                        #
# Use of this feature is subject to the Citrix End User ServiceAgreement.     #
# View here [https://www.citrix.com/buy/licensing/agreements.html]            #
#                                                                             #
###############################################################################

###############################################################################
#          Secure option for all the RPC nodes is turned ON.                  #
#                                                                             #
#  This secures the communication between the ADC nodes in the                #
#  HA, Cluster, and GSLB deployments, which use the port number 3008.         #
#  If the port number 3008 is blocked by firewall between the ADC nodes,      #
#  unblock it and proceed. Otherwise, configuration synchronization           #
#  and configuration propagation fails.                                       #
#                                                                             #
#  You can change this option any time using the command line                 #
#  interface or the configuration utility. See the documentation for          #
#  more details.                                                              #
#                                                                             #
###############################################################################


> sh ver
        NetScaler NS12.1: Build 61.19.nc, Date: Mar  8 2021, 09:45:59   (64-bit)
 Done
>


at
Labels:
Subscribe to: Posts (Atom)