NETSCALER OVERVIEW

-By Siddharth Kumar

Understanding NetScaler
ADC (Application Delivery Controller)
Often referred as Load balancers
NetScaler combines high-speed load balancing and
content switching, data compression, content
caching, SSL acceleration, network optimization,
application visibility and application security on a
single, comprehensive platform

Features of NS can be broadly categorized as

Switching features, Security and Protection
Features, and Optimization Features

Understanding NetScaler
(contd..)
Platforms : VPX, MPX, SDX
VPX Virtual
MPX Physical
SDX Physical, capable of running up to 40 VPX
Licenses : Standard, Enterprise, Platinum

Understanding NetScaler
(contd..)
Where in network ?
Between clients and servers

NetScaler IPs
NSIP (NetScaler IP address) to manage &
configure the NS
-The only Active IP on a Secondary (Standby) unit in an HA pair

SNIP (Subnet IP address) to route traffic

from/through the NS to a subnet directly connected
to the NS(used for server side connections)
-Only active on Active Unit (will show as Passive on standby)
- When a SNIP address is configured; a corresponding route is
added to the NS routing table (this is used to determine the
optimal route from NS to the internal n/w)

NetScaler IPs (contd..)

- Using SNIP requires, USNIP mode to be enabled.

MIP (Mapped IP address) similar to SNIP

- used when SNIP is not available or USNIP is
disabled.

A NS can have multiple SNIPs, but only one MIP.

VIP (Virtual IP address) IP to which end users
connect

Terminologies
Virtual Servers logical object within NS with a public IP
address + port + protocol

Public IP is known as VIP

this is where external users connects & then NS comes into
action

Server Objects logical object within NS representing back

end services with IP addresses of actual web/app servers

Service Objects(ServiceGroup) logical object to club all the

server objects serving same application/service along with
port and protocol information
- these are then bound to vservers

Terminologies (contd..)
Monitors for healthcheck
To allow NS to mark down the server objects
within NS in cases those are not serving

Is bound to ServiceGroup

High Availability
Netscalers are usually configured in HA mode (primary
& secondary config)

Pre-requisites :
- Both the nodes should be of same platform
- should contain same software versions and licenses
- configuration should be same except NSIP

All config is propagated from primary to secondary

HA mode needs to be enabled on both the node
Secondary sends continuous streams(Heartbeat
messages), checking to see if P is active & accepting
connections. If it fails to respond; S takes over. This
process of taking over is failover

SSL Offloading at
Netscaler
The encryption, decryption of the network traffic is
CPU intensive

These tasks if done by the individual hosts would

require them to be of high configuration to be able to
perform these CPU intensive tasks.

By implementing SSL offloading, all these tasks are

delegated to the NS freeing the web server from extra
load.

SSL offloading enables a secure connection between

client & NetScaler

In order to allow NS to accept SSL traffic and be able

to process it, certificate is required. Certificate along
with a key pair (Public key and Private key) allows
building up of a secure connection

SSL Offloading at
Netscaler(contd..)
A certificate validates if the connection has
landed to the right page or not

Certificates are issued by CAs (Certificate

Authorities).

Certificates can either be Self-Signed

Certificates or can be issued by External CAs like
GoDaddy, Verisign, DigiCert, etc.

GSLB
Global Server Load Balancing
To manage traffic flow between geographically
dispersed sites

Configuration can either be an Active-Active

setup or Active-Passive setup

Reasons to use GSLB can be loadbalancing,

HA, fault tolerance, disaster recovery, etc.

This requires each site to be individualy

configured within the DC NS and then all the DC
VIPs to be configured under GSLB NS