dokucama

User Tools

Site Tools

Trace:
network_stuff:netscaler

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:netscaler [2019/10/02 14:59] jotasandokunetwork_stuff:netscaler [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 30: Line 30:
 Interface status:\\ Interface status:\\
  
-  show interface +  show interface stats    # bytes status and statistics per interfaces 
-  sh interface -summary          # to quickly see mac addressses+  show interface -summary          # to quickly see mac addresses
-  show channel # for lacp+  show channel # for lacp logical aggregate details
   show vlan # to see vlans and interfaces assigned to them   show vlan # to see vlans and interfaces assigned to them
  
Line 51: Line 51:
  
 ---- ----
 +
 +
  
 **NETSCALER TROUBLESHOOTING:**\\ **NETSCALER TROUBLESHOOTING:**\\
 +  * Check ns0 and ns1 config is stored in rancid
 +  * Check console works 
 +  * save ns config
 +
 +
 +
 +
 +
 +  * Logs in GUI:
 +    * recent: system > Auditing > Syslog
 +    * System>Diagnostics>Maintenance>Delete/Download log files
 +
 +  
 +  backups.dc.mycompany1.co.uk messageshosts]# xzgrep AdminFrontend_Cluster netscaler02-mgt.dc.mycompany1.co.uk.log-20191023.xz | grep DOWN
 +  
 Check this link: [[http://dknetscaler.blogspot.com/]] Check this link: [[http://dknetscaler.blogspot.com/]]
   sh ns connectiontable   sh ns connectiontable
Line 83: Line 100:
   tar xvfz newnslog.100.tar.gz   tar xvfz newnslog.100.tar.gz
   /netscaler/nsconmsg -K /var/nslog/newnslog   /netscaler/nsconmsg -K /var/nslog/newnslog
 +monitor
 \\  \\ 
 We can also use nsconmsg for **real time** statistics: \\ We can also use nsconmsg for **real time** statistics: \\
Line 129: Line 146:
 **UPGRADE NETSCALER**:\\ **UPGRADE NETSCALER**:\\
 __Cluster mode__\\ __Cluster mode__\\
 +  * Check console access to both nodes
   * Double check current configuration is stored in rancid   * Double check current configuration is stored in rancid
   * Check synchronization is OK   * Check synchronization is OK
   * Save configurations   * Save configurations
   * Access each node through its NetScaler IP (NSIP)    * Access each node through its NetScaler IP (NSIP) 
 +
 +  show cluster node
 +  show cluster instance
 +  force cluster sync   # This only IF Required
  
   cd /var/nsinstall   cd /var/nsinstall
Line 179: Line 201:
  
  
-  stat lb vserver oe-4010-secondary-StateStreet -fullValues  <-- vservers sumary  +  show lb vserver -summary -fullValues    # to see all vservers in long format 
-  stat service <-services summary +  stat lb vserver Porky_Cluster_SSL -fullValues    # vservers status 
-  stat lb vserver oe-4006-primary-Barcap+  show serviceGroup -summary -fullValues 
 +  ssh  nsroot@netscaler-vip "show serviceGroup Pepe_Cluster" | egrep State    # To be run from gatekeeper. To quickly see all serviceGroups and its members  
 +  show ns connectiontable  "CONNECTION.LB_VSERVER.NAME.EQ(\"Porky_Cluster_SSL\")"    # to filter connections going to a specific virtual server 
 +   
 +  
   show ns connectiontable | grep EST | grep TCP | grep 94.142.190.6 | grep 4007  <-- To see who is connected to each port   show ns connectiontable | grep EST | grep TCP | grep 94.142.190.6 | grep 4007  <-- To see who is connected to each port
      
Line 219: Line 245:
 ---- ----
  
-CLUSTER INITIAL SETUP:\\+**CLUSTER** INITIAL SETUP:\\
 1.- Configure LOM: In each of the boxes, under shell. Then reserve that IP in the meraki: 1.- Configure LOM: In each of the boxes, under shell. Then reserve that IP in the meraki:
   shell   shell
Line 225: Line 251:
   ipmitool lan print 1   ipmitool lan print 1
 \\ \\
-2.- Limit http access just to prod (in both csw) +2.- If we are managing the ns via public address, limit http access just to prod (in both csw)
-  del firewall family inet filter ACL-IN term IN-Allow-HTTP-S from destination-address 185.89.204.0/24 +
-  set firewall family inet filter ACL-IN term IN-Allow-HTTP-S from destination-address 185.89.204.0/25 +
-  set firewall family inet filter ACL-IN term IN-Allow-Corp-HTTP-S from source-address 148.64.57.0/24 +
-  set firewall family inet filter ACL-IN term IN-Allow-Corp-HTTP-S from source-address 148.64.56.0/24 +
-  set firewall family inet filter ACL-IN term IN-Allow-Corp-HTTP-S from destination-address 185.89.204.0/24 +
-  set firewall family inet filter ACL-IN term IN-Allow-Corp-HTTP-S from protocol tcp +
-  set firewall family inet filter ACL-IN term IN-Allow-Corp-HTTP-S from destination-port ssh +
-  set firewall family inet filter ACL-IN term IN-Allow-Corp-HTTP-S then accept +
-  +
      
 +\\
 +4.- Configure management address in both ns
 \\ \\
 3.- Create the cluster: [[https://docs.citrix.com/en-us/netscaler/12/clustering/cluster-setup/cluster-create.html]] 3.- Create the cluster: [[https://docs.citrix.com/en-us/netscaler/12/clustering/cluster-setup/cluster-create.html]]
  
  
 +----
 +
 +**BARE METAL** INITIAL SETUP:\\
 +  * install: [[https://docs.citrix.com/en-us/citrix-adc-blx/13/network-modes-blx/network-mode-dedicated-blx.html]]
 +  * configure: [[https://docs.citrix.com/en-us/citrix-adc-blx/13/network-modes-blx/network-mode-dedicated-blx.html]]
 +
 +
 +----
 +
 +LICENSING NOTES:\\
 +sh ns license
 +
 +
 +----
 +BACKEND MONITOR OR HEALTHCHECKS:\\
 +
 +This is a classical, added, monitor:
 +
 +  add lb monitor http-healthcheck HTTP -respCode 200 -httpRequest "GET /healthcheck" -LRTM ENABLED -interval 30 -resptimeout 20 -destIP 0.0.0.0 -devno 247431220
  
 +Then in the backend server:
 +  dnf install httpd
 +  change listening port in /etc/httpd/conf/httpd.conf
 +  systemctl start httpd
 +  touch /var/www/html/healthcheck # so the 'GET /healthcheck' succeeds 
  
  
network_stuff/netscaler.1570028352.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki