Deployment Guide Citrix NetScaler Citrix NetScaler LLB Deployment Guide Deployment Guide for Using a NetScaler Appliance for Outbound Link Load Balancing www.citrix.com
Contents Introduction... 3 Solution Requirements... 4 Prerequisites... 4 Link Load Balancing... 5 Network Diagram... 5 Deployment Model... 6 Link Selection Algorithms... 7 Round Robin... 7 Least Bandwidth... 7 Least Packets... 7 Destination IP Hash... 7 Persistence Types... 7 Source IP... 7 Destination IP... 7 Source IP and Destination IP... 8 Configuring LLB... 8 Prerequisites... 9 Creating Services... 10 Configuring a Link Load Balancing Virtual Server... 10 Selecting the LB Method... 11 Creating the LLB Route... 11 Additional Notes... 12 Conclusion... 12 Page 2
Introduction A Citrix NetScaler appliance is a fully integrated, all-in-one application delivery controller (ADC). Deployed in front of Web and application servers in demilitarized zones (DMZs) and datacenters, the NetScaler appliance ensures application availability through advanced L4 L7 load balancing and traffic management. A NetScaler appliance also performs application acceleration and performance optimization, provides better security with an integrated application firewall, and substantially lowers costs by increasing web server efficiency. Deployed in front of application servers, the appliance significantly reduces processing overhead of application and web servers by reducing hardware and bandwidth costs. Choosing a Citrix NetScaler appliance provides the best total cost of ownership (TCO), security, availability, and performance for web applications. Enterprises often subscribe to multiple ISP links providing connectivity to internet to avoid single point of failures and to get access to high bandwidth. Link Load Balancing solutions help enterprises optimize the use of existing links and increase the reliability ensuring business continuity. Traditional methods like policy based routing cannot distribute packets based on bandwidth, and the links with a high throughput cannot be used to a full extent. Link load balancing can balance load among multiple links by a dynamic algorithm and adapt to network changes. LLB provides the following advantages: High performance: Intelligently distributes load to multiple links, ensuring that none of the links is overloaded. Scalability: Facilitates easy addition of links to meet ever-increasing connectivity requirements for enterprises. Reliability: Monitors the status of the links in real time. In case of a link failure, uses other available links. Transparency: Offers a choice among many algorithms for distributing the load transparently across multiple links. LLB balances outbound traffic across multiple Internet connections provided by different service providers. LLB enables the NetScaler appliance to monitor and control traffic so that packets are transmitted seamlessly over the best possible link. Unlike with server load balancing, where a service represents a server, with LLB, a service represents a router or the next hop. A link is a connection between the NetScaler and the router. Load balancing methods that are applicable to LLB are Round Robin, Destination IP Hash, Least Bandwidth, and Least Packets. You can optionally configure persistence for connections to be sustained on a specific link. The available persistence types are Source IP address-based, Destination IP address-based, and Source IP and Destination IP address-based. PING is the default monitor, but configuring a transparent monitor, which can help track the availability of the path beyond immediate router, is recommended. Page 3
Solution Requirements Solution Requirements for the sample deployment covered in this document are: NetScaler appliance (link load balancer) Clients L2 Switch Router Prerequisites Citrix NetScaler ADC running version 9.3 or later software Client computer running a web browser with requisite configuration to connect to the network VLAN capable L2 Switches Routers Internet links Page 4
Link Load Balancing To configure LLB, you first create services representing each router that provides a path to an Internet Service Providers (ISP). A PING monitor is bound by default to each service. Binding a transparent monitor is optional but recommended. Then, you create a virtual server, bind the services to the virtual server, and configure a route for the virtual server. The route identifies the virtual server as the gateway to the physical routers represented by the services. The virtual server selects a router by using the load balancing method that you specify. Optionally, you can configure persistence to make sure that all traffic for a particular session is sent over a specific link. Network Diagram The following diagram shows the setup used for developing this deployment guide. 3.3.3.27 15.15.15.3 16.16.16.3 SNIP - 16.16.16.1 SNIP - 15.15.15.1 SNIP 10.10.100.1 Page 5
Entities Value(s) VLAN Default Service Routers (15.15.15.3 and 16.16.16.3) Link Load Balance Virtual Server llb (0.0.0.0:0) SNIPs (Internet Side) 15.15.15.1 and 16.16.16.1 SNIP (Intranet Side) 10.10.100.1 LLB Route Default route to LLB Vserver Deployment Model The NetScaler appliance in this example is configured in two-arm mode. One interface is connected to a switch on the internal side of the network, and the other interface is connected to a switch on the external side of the network. The switch on the external side of the network is connected the ISP routers providing connectivity to the Internet. Traffic destined for Internet passes through the NetScaler appliance, giving the appliance control over how to distribute outgoing traffic through the available links. Page 6
Link Selection Algorithms The NetScaler ADC gives you choices for selecting the algorithm to use for distribution of load among available links. The following algorithms are supported: Round Robin If you select the Round Robin algorithm, the outgoing packets are distributed equally among the available links in a circular fashion. This method distributes packets equally among the links, without considering the available bandwidth or load. It can therefore can result in retransmissions or out-oforder packets if some of the links are functioning slowly or are used beyond their capacity. Least Bandwidth The NetScaler keeps track of how much bandwidth each link is using and, selects the link that is currently serving the least amount of traffic, measured in megabits per second (Mbps). Least Packets The NetScaler selects the link that has received the fewest packets in the last 14 seconds. Destination IP Hash The NetScaler uses the hashed value of the destination IP address to select a link. You can mask the destination IP address to specify which part of it to use in the hash-value calculation, so that requests that are from different networks but destined for the same subnet are all directed to the same link. Persistence Types The various persistence types supported for LLB are: Source IP Persistence based on the source IP address of incoming packets. After the load balancing method selects a link for transmission of the first packet, the NetScaler directs all subsequent packets sent from the same source IP address to the same link. Destination IP Persistence based on the destination IP address of outgoing packets. After the load balancing method selects a link for transmission of the first packet, the NetScaler directs all subsequent packets for the same destination IP address to the same link. Page 7
Source IP and Destination IP Persistence based on the source IP address of incoming packets and destination IP address of outgoing packets. After the load balancing method selects a link for transmission of the first packet, the NetScaler directs all subsequent requests from the same source IP address and to the same destination IP address to the same link. Configuring LLB Configure LLB on a NetScaler appliance consists of the following tasks: 1. Configure Services These services represent each router connected to the Internet. A default monitor (PING) is automatically bound to a service when the service is created, but you can replace the default monitor with a transparent monitor. 2. Configure an LLB virtual server and bind the services to it, a. Create a virtual server Note that default LB method of least connections is not supported for LLB. b. Bind the services to the virtual server. 3. Select an LLB method Select the LLB algorithm suited to your requirements/environment. Available algorithms are: a. Round Robin b. Least Packets c. Least Bandwidth d. Destination IP Hash 4. Configure Persistence (Optional) Persistence can be configured to ensure that packets matching the criteria always use the same link. Available persistent methods are: a. Source IP b. Destination IP c. Source IP Destination IP 5. Configure an LLB Route Configure an LLB route specifying the virtual server as the gateway. Page 8
Prerequisites Before configuring the LLB setup in this example, make sure that the load balancing feature, subnet IP, and Layer 3 mode are enabled. You also have to configure the subnet IP (SNIP) addresses shown in the diagram on page 5 and the table on page 6. At the NetScaler command line, type the following commands to enable load balancing, use subnet IP, and Layer 3 mode: > enable ns feature LB > enable ns mode usnip l3 Type the following commands to configure the SNIP addresses on NetScaler appliance: > add ip 10.10.100.1 255.255.255.192 -type SNIP > add ip 15.15.15.1 255.255.255.192 -type SNIP > add ip 16.16.16.1 255.255.255.192 -type SNIP To configure the SNIP addresses from the configuration utility, navigate to the Create IP dialog box, as shown: NetScaler Network IPs Add Page 9
Creating Services Type the following commands to create the services: > add service r1 15.15.15.3 ANY * > add service r2 16.16.16.3 ANY * Note that services are created to represent the routers for reaching the Internet (in this case, 3.3.3.27). We will bind these services to a virtual server that load balances the traffic. To configure the services from configuration utility, naviate to the Services dialog box, as shown: NetScaler Load Balancing Services Add Configuring a Link Load Balancing Virtual Server Type the following command to create a load balancing virtual server: > add lb vserver llb ANY Now bind the services (in this case, r1 and r2) to the virtual server: > bind lb vserver llb r2 > bind lb vserver llb r1 Page 10
To configure the virtual server from configuration utility, navigate to the Create Virtual Server (Load Balancing) dialog box, as shown: NetScaler Load Balacing Virtual Servers Add Selecting the LB Method Type the following command to specify the load balancing method (in this case, round robin): > Set lb vserver llb lbmethod ROUNDROBIN Creating the LLB Route Type the following command to create the LLB route. > add lb route 0.0.0.0 0.0.0.0 llb This route ensures that the traffic that needs to be load balanced to outgoing ISP links reaches the LLB virtual server. Page 11
Additional Notes RNAT can optionally be configured to: o Provide network address translation for traffic going out of the network. o Ensure that the return traffic takes the same reverse path. o NetScaler appliances support configuration of a backup route to avoid disruption when the primary route is down. Once the backup route is configured, the NetScaler appliance automatically uses it when the primary route fails. To configure a backup route, create another virtual server and designate it as backup virtual server You can create a transparent monitor to monitor the health of upstream devices, such as routers. You can then bind the transparent monitor to services. The default PING monitor monitors the connectivity between the NetScaler appliance and the upstream device only. A transparent monitor monitors all the devices in the path from the appliance to the device that owns the destination IP address specified in the monitor. If a transparent monitor is not configured, and the status of the router is UP but one of the next hop devices from that router is down, the service is not marked as DOWN. Consequently, the appliance includes the router in the load balancing rotation and forwards packets to the router. Those packets are not delivered to their final destination, because one of the next hop devices is down. By binding a transparent monitor, if any of the devices (including the router) are down, the service is marked as DOWN and the router is not included when the appliance performs link load balancing. You can use Net Profiles to control the selection of IP addresses used in monitoring the link Conclusion A mobile workforce, remote employees, partners, and enterprise DCs depend on Internet connectivity to work anywhere anytime. Enterprises often resort to multiple ISP links to ensure that there is always a redundant path should the primary ISP fail. Managing multiple ISP connections and maximizing use of the available bandwidth require continuous monitoring of links, seamless failover in cases of link failure, and intelligent load distribution across links. NetScaler link load balancing is an easy to use and easy to manage solution for ISP link load balancing. The NetScaler provides various options for distributing the load and for monitoring and managing the ISP links. It also enables an organization to add or delete ISP links without any disruption of the existing environment. Page 12
About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is the leading provider of virtualization, networking and software as a service technologies for more than 230,000 organizations worldwide. It s Citrix Delivery Center, Citrix Cloud Center (C3) and Citrix Online Services product families radically simplify computing for millions of users, delivering applications as an on-demand service to any user, in any location, on any device. Citrix customers include the world s largest Internet companies, 99 percent of Fortune Global 500 enterprises, and hundreds of thousands of small businesses worldwide. Citrix partners with over 10,000 companies worldwide in more than 100 countries. 2012 Citrix Systems, Inc. All rights reserved. Citrix, Access Gateway, Branch Repeater, Citrix Repeater, HDX, XenServer, XenApp, XenDesktop and Citrix Delivery Center are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners. Page 13