dokucama

User Tools

Site Tools

Trace:
network_stuff:netscaler

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:netscaler [2019/02/12 13:31] – external edit 127.0.0.1network_stuff:netscaler [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 30: Line 30:
 Interface status:\\ Interface status:\\
  
-  show interface +  show interface stats    # bytes status and statistics per interfaces 
-  sh interface -summary          # to quickly see mac addressses+  show interface -summary          # to quickly see mac addresses
-  show channel # for lacp+  show channel # for lacp logical aggregate details
   show vlan # to see vlans and interfaces assigned to them   show vlan # to see vlans and interfaces assigned to them
  
Line 51: Line 51:
  
 ---- ----
 +
 +
  
 **NETSCALER TROUBLESHOOTING:**\\ **NETSCALER TROUBLESHOOTING:**\\
 +  * Check ns0 and ns1 config is stored in rancid
 +  * Check console works 
 +  * save ns config
 +
 +
 +
 +
 +
 +  * Logs in GUI:
 +    * recent: system > Auditing > Syslog
 +    * System>Diagnostics>Maintenance>Delete/Download log files
 +
 +  
 +  backups.dc.mycompany1.co.uk messageshosts]# xzgrep AdminFrontend_Cluster netscaler02-mgt.dc.mycompany1.co.uk.log-20191023.xz | grep DOWN
 +  
 Check this link: [[http://dknetscaler.blogspot.com/]] Check this link: [[http://dknetscaler.blogspot.com/]]
   sh ns connectiontable   sh ns connectiontable
Line 83: Line 100:
   tar xvfz newnslog.100.tar.gz   tar xvfz newnslog.100.tar.gz
   /netscaler/nsconmsg -K /var/nslog/newnslog   /netscaler/nsconmsg -K /var/nslog/newnslog
 +monitor
 \\  \\ 
 We can also use nsconmsg for **real time** statistics: \\ We can also use nsconmsg for **real time** statistics: \\
Line 129: Line 146:
 **UPGRADE NETSCALER**:\\ **UPGRADE NETSCALER**:\\
 __Cluster mode__\\ __Cluster mode__\\
 +  * Check console access to both nodes
   * Double check current configuration is stored in rancid   * Double check current configuration is stored in rancid
   * Check synchronization is OK   * Check synchronization is OK
   * Save configurations   * Save configurations
   * Access each node through its NetScaler IP (NSIP)    * Access each node through its NetScaler IP (NSIP) 
 +
 +  show cluster node
 +  show cluster instance
 +  force cluster sync   # This only IF Required
  
   cd /var/nsinstall   cd /var/nsinstall
Line 165: Line 187:
   root@netscaler01-mgt# tail -2  /etc/crontab   root@netscaler01-mgt# tail -2  /etc/crontab
   */5                             root    /netscaler/nscli -U 127.0.0.1:nsroot:xei1reiD "enable interface 1/10/3;enable interface 1/10/4;enable interface 1/10/7;enable interface 1/10/8;enable interface 1/LA/2;enable interface"   */5                             root    /netscaler/nscli -U 127.0.0.1:nsroot:xei1reiD "enable interface 1/10/3;enable interface 1/10/4;enable interface 1/10/7;enable interface 1/10/8;enable interface 1/LA/2;enable interface"
 +
 +----
 +
 +Types of SSL proxying:
 +SSL_BRIDGE
 +SSL
 +TCP
 +
 +----
 +
 +Routing in the netscaler (ZebOS)
 +http://docs.citrix.com/content/dam/docs/en-us/netscaler/10-1/downloads/Citrix-ZebOSBGPCmdRef.pdf
 +
 +
 +  show lb vserver -summary -fullValues    # to see all vservers in long format
 +  stat lb vserver Porky_Cluster_SSL -fullValues    # vservers status
 +  show serviceGroup -summary -fullValues
 +  ssh  nsroot@netscaler-vip "show serviceGroup Pepe_Cluster" | egrep State    # To be run from gatekeeper. To quickly see all serviceGroups and its members 
 +  show ns connectiontable  "CONNECTION.LB_VSERVER.NAME.EQ(\"Porky_Cluster_SSL\")"    # to filter connections going to a specific virtual server
 +  
 +  
 +  show ns connectiontable | grep EST | grep TCP | grep 94.142.190.6 | grep 4007  <-- To see who is connected to each port
 +  
 +
 +----
 +
 +CONFIGURATION\\
 +  show interface stats    # << <hidden> shows interface status in terse mode
 +
 +Typical server, service and vserver definition (see attachment):\\
 +
 +  - Bind service with server (add service)
 +  - Define vserver (add lb vserver)
 +  - Bind vserver with service
 +\\
 +**vserver** 
 +
 +Slow start algorithm makes the lb falls to round robin when a new server is added (see link [[https://support.citrix.com/article/CTX108886|Link]]).\\
 +
 + >> Configured Method: (load balancing method (see  [[https://docs.citrix.com/en-us/legacy-archive/|lbMethod]] ): \\
 + 
 +  * ROUNDROBIN: Rotates the outgoing packets among the available links. This method distributes packets equally among the links, even if they operate at different speeds. Therefore, it can result in retransmissions or out-of-order packets.
 +  * DESTINATIONHASH: Uses the hashed value of the destination IP address to select a link. You can mask the destination IP address to specify which part of it to use in the hash-value calculation, so that requests that are from different networks but destined for the same subnet are all directed to the same link.
 +  * LEASTBANDWIDTH: Selects the link that is currently serving the least amount of traffic, measured in megabits per second (Mbps).
 +  * LEASTPACKETS: Selects the link that has received the fewest packets in the last 14 seconds.
 +  * LEASTCONNECTION  <-- Be aware that the Current Method sometimes differs, reason [[here|https://discussions.citrix.com/topic/346871-lb-configured-method-vs-current-method/]]
 +\\
 +>>  Persistence (persistenceType)\\
 +
 +  * Persistence type for the virtual server. Possible values:
 +  * SOURCEIP: Persistence based on the source IP address of inbound packets. After the load balancing method selects a link for transmission of the first packet, the NetScaler directs all subsequent packets sent from the same source IP address to the same link.
 +  * DESTIP: Persistence based on the destination IP address of outbound packets. After the load balancing method selects a link for transmission of the first packet, the NetScaler directs all subsequent packets for the same destination IP address to the same link.
 +  * SRCIPDESTIP: Persistence based on the source IP address of inbound packets and destination IP address of outbound packets. After the load balancing method selects a link for transmission of the first packet, the NetScaler directs all subsequent requests from the same source IP address and to the same destination IP address to the same link.
 +
 +
 +
 +----
 +
 +**CLUSTER** INITIAL SETUP:\\
 +1.- Configure LOM: In each of the boxes, under shell. Then reserve that IP in the meraki:
 +  shell
 +  ipmitool lan set 1 ipsrc dhcp
 +  ipmitool lan print 1
 +\\
 +2.- If we are managing the ns via public address, limit http access just to prod (in both csw)
 +  
 +\\
 +4.- Configure management address in both ns
 +\\
 +3.- Create the cluster: [[https://docs.citrix.com/en-us/netscaler/12/clustering/cluster-setup/cluster-create.html]]
 +
 +
 +----
 +
 +**BARE METAL** INITIAL SETUP:\\
 +  * install: [[https://docs.citrix.com/en-us/citrix-adc-blx/13/network-modes-blx/network-mode-dedicated-blx.html]]
 +  * configure: [[https://docs.citrix.com/en-us/citrix-adc-blx/13/network-modes-blx/network-mode-dedicated-blx.html]]
 +
 +
 +----
 +
 +LICENSING NOTES:\\
 +sh ns license
 +
 +
 +----
 +BACKEND MONITOR OR HEALTHCHECKS:\\
 +
 +This is a classical, added, monitor:
 +
 +  add lb monitor http-healthcheck HTTP -respCode 200 -httpRequest "GET /healthcheck" -LRTM ENABLED -interval 30 -resptimeout 20 -destIP 0.0.0.0 -devno 247431220
 +
 +Then in the backend server:
 +  dnf install httpd
 +  change listening port in /etc/httpd/conf/httpd.conf
 +  systemctl start httpd
 +  touch /var/www/html/healthcheck # so the 'GET /healthcheck' succeeds 
 +
 +
network_stuff/netscaler.1549978308.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki