net scaler introduction
TRANSCRIPT
1
Netscaler IntroductionD’Sunte Wilson
2
Day 1Understanding the NetScalerAccessing a Citrix NetScalerConfiguring a NetScaler for the First TimeUnderstanding Common Network
TopologiesConfiguring System Management
SettingsLoad Balancing Traffic on a NetScalerAccelerating Load Balanced Traffic by
Using Compression
3
Understanding the NetScaler
The Citrix NetScaler product is an application switch that performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4-Layer 7 (L4-L7) network traffic for web applications.
It has switching feature. When deployed in front of application servers, a NetScaler ensures optimal distribution of traffic by the way in which it directs client requests.
4
Understanding the NetScaler
NetScaler security and protection features protect web applications from application-layer attacks.
A NetScaler allows legitimate client requests and can block malicious requests.
It provides built-in defenses against denial-of-service (DoS) attacks and supports features that protect applications against legitimate surges in application traffic that would otherwise overwhelm the servers.
5
Understanding the NetScaler
Optimization features offload resource-intensive operations such as Secure Sockets Layer (SSL) processing, data compression, client keep-alive, TCP buffering, and the caching of static and dynamic content from servers.
6
Understanding the NetScalerA NetScaler resides between the clients
and the servers, so that client requests and server responses pass through it.
In a typical installation, virtual servers (vservers) configured on the NetScaler provide connection points that clients use to access the applications behind the NetScaler.
In this case, the NetScaler owns public IP addresses that are associated with its vservers, while the real servers are isolated in a private network.
7
Understanding the NetScalerA NetScaler logically residing between
clients and servers can be deployed in either of two physical modes: inline and one-arm.
In inline mode, multiple network interfaces are connected to different Ethernet segments, and the NetScaler is placed between the clients and the servers.
The NetScaler has a separate network interface to each client network and a separate network interface to each server network.
8
Understanding the NetScalerInline
9
Understanding the NetScalerIn one-arm mode, only one network
interface of the NetScaler is connected to an Ethernet segment.
The NetScaler in this case does not isolate the client and server sides of the network, but provides access to applications through configured vservers.
One-arm mode can simplify network changes needed for NetScaler installation in some environments.
10
Understanding the NetScalerA NetScaler functioning as an L2 device is
said to operate in L2 mode. In L2 mode, the NetScaler forwards
packets between network interfaces when all of the following conditions are met:◦The packets are destined to another device's
media access control (MAC) address.◦The destination MAC address is on a different
network interface.◦The network interface is a member of the
same virtual LAN (VLAN).
11
Understanding the NetScalerA NetScaler can function as a packet
forwarding device, and this mode of operation is called L3 mode.
With L3 mode enabled, the NetScaler forwards any received unicast packets that are destined for an IP address that it does not have internally configured, if there is a route to the destination.
A NetScaler can also route packets between VLANs.
12
Understanding the NetScalerA NetScaler is usually deployed in
front of a server farm and functions as a transparent TCP proxy between clients and servers, without requiring any client-side configuration.
This basic mode of operation is called Request Switching technology and is the core of NetScaler functionality.
13
Understanding the NetScalerNetScaler IP address (NSIP)Mapped IP address (MIP)Virtual server IP address
(VIP)Subnet IP address (SNIP)IP SetNet Profile
14
Understanding the NetScaler
15
Understanding the NetScalerIn the absence of a vserver, when a
NetScaler receives a request, it transparently forwards the request to the server.
This is called the transparent mode of operation.
When operating in transparent mode, a NetScaler translates the source IP addresses of incoming client requests to the MIP or SNIP but does not change the destination IP address.
16
Understanding the NetScaler
17
Understanding the NetScalerLoad balancing
18
Understanding the NetScalerA vserver is a named NetScaler
entity that external clients can use to access applications hosted on the servers.
It is represented by an alphanumeric name, virtual IP address (VIP), port, and protocol.
The name of the vserver is only of local significance and is designed to make the vserver easier to identify.
19
Understanding the NetScaler
20
Understanding the NetScalerLoad balancing virtual serverCache redirection virtual
serverContent switching virtual
serverVirtual private network (VPN)
virtual serverSSL virtual server
21
Understanding the NetScalerA policy defines specific details of
traffic filtering and management on a NetScaler.
It consists of two parts: the expression and the action.
The expression defines the types of requests that the policy matches.
22
Accessing a Citrix NetScaler
A NetScaler® appliance has both a command line interface (CLI) and a graphical user interface (GUI).
The GUI includes a configuration utility for configuring the appliance and a statistical utility, called Dashboard.
For initial access, all NetScaler appliances ship with the default NetScaler IP address (NSIP) of 192.168.100.1 and default subnet mask of 255.255.0.0.
You can assign a new NSIP and an associated subnet mask during initial configuration.
23
Configuring a NetScaler for the First Time
Your new NetScaler is preconfigured with a default IP address (the NSIP) and associated subnet mask for management access.
The default NSIP is 192.168.100.1 and the subnet mask (netmask) is 255.255.0.0.
You can change these values to fit the addressing scheme for your network.
For your initial configuration, you must also specify at least one SNIP or MIP.
Before saving your new configuration, you should change the administrator password.
If you are setting up two NetScaler appliances as a high availability pair, you configure one as primary and the other as secondary.
24
Understanding Common Network Topologies
In a two-arm topology, one network interface is connected to the client network and another network interface is connected to the server network, ensuring that all traffic flows through the NetScaler.
25
Understanding Common Network Topologies
Topology Diagram for Two-Arm Mode, Multiple Subnets
26
Understanding Common Network Topologies
Topology Diagram for Two-Arm, Transparent Mode
27
Understanding Common Network Topologies
Topology Diagram for One-Arm Mode, Single Subnet
28
Understanding Common Network Topologies
Topology Diagram for One-Arm Mode, Multiple Subnets