This post will show the basic setup for load balancing a website.
This is is the environment. Basic Round Robin load balance to 2 web servers listening on TCP 8000.
Here is where we stand before configuration as we start on the raw Netscaler.
> sh interface summary
--------------------------------------------------------------------------------
Interface MTU MAC Suffix
--------------------------------------------------------------------------------
1 0/1 1500 00:0c:29:ed:7b:b5 NetScaler Virtual Interface
2 1/1 1500 00:0c:29:ed:7b:bf NetScaler Virtual Interface
3 1/2 1500 00:0c:29:ed:7b:c9 NetScaler Virtual Interface
4 LO/1 1500 00:0c:29:ed:7b:b5 Netscaler Loopback interface
Done
> sh vlan
1) VLAN ID: 1
Link-local IPv6 addr: fe80::20c:29ff:feed:7bb5/64
Interfaces : 0/1 1/1 1/2 LO/1
Done
> sh ip
Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State
--------- -------------- ---- ---- --- ---- ------- ------
1) 192.168.10.10 0 NetScaler IP Active Enabled Enabled NA Enabled
Done
> sh ns feature
Feature Acronym Status
------- ------- ------
1) Web Logging WL ON
2) Surge Protection SP OFF
3) Load Balancing LB ON
4) Content Switching CS ON
> sh ns mode | grep ON
1) Fast Ramp FR ON
7) Edge configuration Edge ON
8) Use Subnet IP USNIP ON
9) Layer 3 mode (ip forwarding) L3 ON
10) Path MTU Discovery PMTUD ON
>
1) Add VLANs and SNIPs
Multiple VLANs/subnets as we have above, require VLAN configuration on the VPX
On the VPX, each subnet should have a Subnet IP address (SNIP) created for that subnet.
Only associate each VLAN with one interface.
> add ns ip 192.168.20.10 255.255.255.0 -type SNIP
Done
> add ns ip 192.168.30.10 255.255.255.0 -type SNIP
Done
>
Note how the SNIPs appear in the actual config.
> sh run | grep "ns ip" | grep -v VIP | grep -v ip6
add ns ip 192.168.20.10 255.255.255.0 -vServer DISABLED
add ns ip 192.168.30.10 255.255.255.0 -vServer DISABLED
>
> add vlan 20
Done
> add vlan 30
Done
2) Bind VLANs to Interfaces and IPs
> bind vlan 20 -ifnum 1/1
Done
> bind vlan 20 -ipaddress 192.168.20.10 255.255.255.0
Done
> bind vlan 30 -ifnum 1/2
Done
> bind vlan 30 -ipaddress 192.168.30.10 255.255.255.0
Done
>
> sh vlan
1) VLAN ID: 1
Link-local IPv6 addr: fe80::20c:29ff:feed:7bb5/64
Interfaces : 0/1 LO/1
2) VLAN ID: 20 VLAN Alias Name:
Interfaces : 1/1
IPs :
192.168.20.10 Mask: 255.255.255.0
3) VLAN ID: 30 VLAN Alias Name:
Interfaces : 1/2
IPs :
192.168.30.10 Mask: 255.255.255.0
Done
>
3) Add real web servers and the VIP that will be used to access them.
> add server web1 192.168.30.200
Done
> add server web2 192.168.30.201
Done
> add ns ip 192.168.20.100 255.255.255.0 -type VIP
Done
>
> sh ns ip
Ipaddress Traffic Domain Type Mode Arp Icmp Vserver State
--------- -------------- ---- ---- --- ---- ------- ------
1) 192.168.10.10 0 NetScaler IP Active Enabled Enabled NA Enabled
2) 192.168.20.10 0 SNIP Active Enabled Enabled NA Enabled
3) 192.168.30.10 0 SNIP Active Enabled Enabled NA Enabled
4) 192.168.20.100 0 VIP Active Enabled Enabled Enabled Enabled
Done
>
4) Create a service group, vserver and monitor.
Note the vserver will add the VIP with port 80 meaning we will talk on port 80 to the VIP whilst the actual physical servers, web1 and web2 will be listening on port 8000.
> add servicegroup SG_web HTTP
Done
> add lb vserver VS_web HTTP 192.168.20.100 80 -lbmethod ROUNDROBIN
Done
> add lb monitor MON_web TCP -destport 8000
Done
>
5) Glue it all together!
Bind the vserver (Which has the VIP), the monitor and the real servers all to the service group.
> bind lb vserver VS_web SG_web
Done
> bind servicegroup SG_web web1 8000
Done
> bind servicegroup SG_web web2 8000
Done
> bind servicegroup SG_web -monitorName MON_web
Done
>
6) Status checks now that everything is configured.
Servicegroup status - we have the monitors and servers up.
> sh servicegroup SG_web
SG_web - HTTP
State: ENABLED Effective State: UP Monitor Threshold : 0
Max Conn: 0 Max Req: 0 Max Bandwidth: 0 kbits
Use Source IP: NO
Client Keepalive(CKA): NO
TCP Buffering(TCPB): NO
HTTP Compression(CMP): NO
Idle timeout: Client: 180 sec Server: 360 sec
Client IP: DISABLED
Cacheable: NO
SC: OFF
SP: OFF
Down state flush: ENABLED
Monitor Connection Close : NONE
Appflow logging: ENABLED
ContentInspection profile name: ???
Process Local: DISABLED
Traffic Domain: 0
1) Monitor Name: MON_web State: ENABLED Weight: 1 Passive: 0
1) 192.168.30.200:8000 State: UP Server Name: web1 Server ID: None Weight: 1
Last state change was at Mon Apr 5 05:06:15 2021
Time since last state change: 0 days, 00:00:36.670
Monitor Name: MON_web State: UP Passive: 0
Probes: 8 Failed [Total: 0 Current: 0]
Last response: Success - TCP syn+ack received.
Response Time: 0 millisec
2) 192.168.30.201:8000 State: UP Server Name: web2 Server ID: None Weight: 1
Last state change was at Mon Apr 5 05:06:15 2021
Time since last state change: 0 days, 00:00:36.660
Monitor Name: MON_web State: UP Passive: 0
Probes: 8 Failed [Total: 0 Current: 0]
Last response: Success - TCP syn+ack received.
Response Time: 0 millisec
Done
>
Vserver status
> sh vserver VS_web
VS_web (192.168.20.100:80) - HTTP Type: ADDRESS
State: UP
Last state change was at Mon Apr 5 05:06:21 2021
Time since last state change: 0 days, 00:04:26.100
Effective State: UP
Client Idle Timeout: 180 sec
Down state flush: ENABLED
Disable Primary Vserver On Down : DISABLED
Appflow logging: ENABLED
Port Rewrite : DISABLED
No. of Bound Services : 2 (Total) 2 (Active)
Configured Method: ROUNDROBIN BackupMethod: NONE
Mode: IP
Persistence: NONE
Vserver IP and Port insertion: OFF
Push: DISABLED Push VServer:
Push Multi Clients: NO
Push Label Rule: none
L2Conn: OFF
Skip Persistency: None
Listen Policy: NONE
IcmpResponse: PASSIVE
RHIstate: PASSIVE
New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0
Mac mode Retain Vlan: DISABLED
DBS_LB: DISABLED
Process Local: DISABLED
Traffic Domain: 0
TROFS Persistence honored: ENABLED
Retain Connections on Cluster: NO
Bound Service Groups:
1) Group Name: SG_web
1) SG_web (192.168.30.200: 8000) - HTTP State: UP Weight: 1
2) SG_web (192.168.30.201: 8000) - HTTP State: UP Weight: 1
Warning: Feature(s) not licensed [SSLVPN]
Warning: Feature(s) not licensed [AAA]
Warning: Feature(s) not enabled [CR]
Warning: Feature(s) not licensed [GSLB]
Done
>
7) Stat checks
Generate some traffic to the vserver
> stat lb vserver
Virtual Server(s) Summary
vsvrIP port Protocol State Req/s
VS_web 192.168.20.100 80 HTTP UP 10/s
Done
>
Below we can see on the servicegroup stats equal traffic to each web srv as we have vserver load balance method set to ROUNDROBIN.
> stat servicegroup SG_web
Service group Summary
Type State
SG_web HTTP ENABLED
Bound Service Group Member(s) Summary
IP port Type State Req/s Rsp/s
SG_w...?8000 192.168.30.200 8000 HTTP UP 6/s 6/s
SG_w...?8000 192.168.30.201 8000 HTTP UP 6/s 6/s
Reqb/s Rspb/s ClntConn SvrConn MaxConn SurgeQ ReuseP
SG_w...?8000 2332/s 12324/s 0 9 0 0 1
SG_w...?8000 2332/s 12324/s 0 9 0 0 1
SvrTTFB
SG_w...?8000 1
SG_w...?8000 1
Done
>
Total requests to the vserver
> stat lb vserver VS_web | grep Requests
Requests 0 725
Requests in surge queue -- 0
Requests in vserver's surgeQ -- 0
Requests in service's surgeQs -- 0
>
All vserver stats
> stat lb vserver VS_web
Virtual Server Summary
vsvrIP port Protocol State Health actSvcs
VS_web 192.168.20.100 80 HTTP UP 100 2
inactSvcs
VS_web 0
Virtual Server Statistics
Rate (/s) Total
Vserver hits 0 725
Requests 0 725
Responses 0 725
Request bytes 0 280740
Response bytes 0 1491504
Total Packets rcvd 0 3962
Total Packets sent 0 2699
Current client connections -- 0
Current Client Est connections -- 0
Current server connections -- 0
Current Persistence Sessions -- 0
Current Backup Persistence Sessi -- 0
Requests in surge queue -- 0
Requests in vserver's surgeQ -- 0
Requests in service's surgeQs -- 0
Spill Over Threshold -- 0
Spill Over Hits -- 0
Labeled Connection -- 0
Push Labeled Connection -- 0
Deferred Request 0 0
Invalid Request/Response -- 0
Invalid Request/Response Dropped -- 0
Vserver Down Backup Hits -- 0
Current Multipath TCP sessions -- 0
Current Multipath TCP subflows -- 0
Apdex for client response times. -- 1.00
Average client TTLB -- 0
Bound Service Group Member(s) Summary
IP port Type State Req/s Rsp/s
SG_w...?8000 192.168.30.200 8000 HTTP UP 0/s 0/s
SG_w...?8000 192.168.30.201 8000 HTTP UP 0/s 0/s
Reqb/s Rspb/s ClntConn SvrConn MaxConn SurgeQ ReuseP
SG_w...?8000 0/s 0/s 0 9 0 0 0
SG_w...?8000 0/s 0/s 0 9 0 0 0
SvrTTFB
SG_w...?8000 0
SG_w...?8000 0
Done
>
Some HTTP stats.
> stat http
HTTP Statistics - Summary
Rate (/s) Total
Total requests 3 457
Total responses 3 457
Request bytes received 1113 179702
Response bytes received 5738 925046
Done
>
Display current TCP connections.
From the SNIP to the real servers (SRCIP being the SNIP on VLAN 30).
> show ns connectiontable CONNECTION.SRCIP.EQ(192.168.30.10) | grep HTTP
192.168.30.10 7003 192.168.30.201 8000 HTTP 2 ESTABLISHED 0 S
192.168.30.10 26736 192.168.30.200 8000 HTTP 2 ESTABLISHED 0 S
192.168.30.10 7374 192.168.30.200 8000 HTTP 45 TIME_WAIT 0 S
>
From the client to the VIP (SRCIP being the client).
> show ns connectiontable CONNECTION.SRCIP.EQ(192.168.20.1) | grep HTTP
192.168.20.1 63992 192.168.20.100 80 HTTP 3 TIME_WAIT 0 C
192.168.20.1 63952 192.168.20.100 80 HTTP 45 TIME_WAIT 0 C
192.168.20.1 63950 192.168.20.100 80 HTTP 45 TIME_WAIT 0 C
192.168.20.1 64006 192.168.20.100 80 HTTP 1 ESTABLISHED 0 C
192.168.20.1 63995 192.168.20.100 80 HTTP 2 TIME_WAIT 0 C
>
8) All config commands used.
add ns ip 192.168.20.10 255.255.255.0 -type SNIP
add ns ip 192.168.30.10 255.255.255.0 -type SNIP
add vlan 20
add vlan 30
bind vlan 20 -ifnum 1/1
bind vlan 20 -ipaddress 192.168.20.10 255.255.255.0
bind vlan 30 -ifnum 1/2
bind vlan 30 -ipaddress 192.168.30.10 255.255.255.0
add server web1 192.168.30.200
add server web2 192.168.30.201
add ns ip 192.168.20.100 255.255.255.0 -type VIP
add servicegroup SG_web HTTP
add lb vserver VS_web HTTP 192.168.20.100 80 -lbmethod ROUNDROBIN
add lb monitor MON_web TCP -destport 8000
bind lb vserver VS_web SG_web
bind servicegroup SG_web web1 8000
bind servicegroup SG_web web2 8000
bind servicegroup SG_web -monitorName MON_web
> sh ver
NetScaler NS12.1: Build 61.19.nc, Date: Mar 8 2021, 09:45:59 (64-bit)
Done
>
