Embed Size (px)
Citation preview
NetScaler CPX 111
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Contents
Architecture and Traffic Flow 3
NetScaler CPX Licensing 6
Installing NetScaler CPX on a Docker Host Using the NetScaler Management and AnalyticsSystem 13
Configuring NetScaler CPX 17
Upgrading NetScaler CPX Instances 22
Using Wildcard Virtual Servers in NetScaler CPX Instance 24
Deploy NetScaler CPXwith Direct Access to the Network 25
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow 26
Deploy NetScaler CPX in a Single Host Network 30
Deploy NetScaler CPX in a Multi-Host Network 31
Deploy NetScaler CPX in a Mesos and Marathon Environment 37
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox and Nuage Networksby Using NetScaler MAS 42
Deploy NetScaler CPX in a Kubernetes Environment 47
copy 1999-2020 Citrix Systems Inc All rights reserved 2
NetScaler CPX 111
Architecture and Traffic Flow
September 6 2018
When you provision a NetScaler CPX instance on a Docker host the Docker engine creates a virtualinterface eth0 on the CPX instance This eth0 interface is directly connected to a virtual interface(veth) on the docker0 bridge The Docker engine also assigns an IP address to the NetScaler CPXinstance in the network 172170016
Thedefault gateway for theCPX instance is the IP address of thedocker0bridgewhichmeans that anycommunication with the NetScaler CPX instance is done through the Docker network All incomingtraffic received fromthedocker0bridge is receivedby theeth0 interfaceon theNetScaler CPX instanceand processed by the NetScaler CPX packet engine
The following figure illustrates the architecture of a NetScaler CPX instance on a Docker host
How Single IP Address Works on NetScaler CPX
A regular NetScaler MPX or VPX appliance requires at least three IP addresses to function
bull Management IP address called the NetScaler IP (NSIP) addressbull Subnet IP (SNIP) address for communicating with the server farmbull Virtual server IP (VIP) address(es) for accepting client requests
copy 1999-2020 Citrix Systems Inc All rights reserved 3
NetScaler CPX 111
A NetScaler CPX instance operates with one single IP address that is used for management as well asfor data traffic
During provisioning only one private IP address (single IP address) is assigned to a NetScaler CPXinstance by the Docker engine The three IP functions of a NetScaler instance are multiplexed ontoone IP address This single IP address uses different port numbers to function as the NSIP SNIP andVIP(s)
The following image illustrates how a single IP address is used to perform the functions of NSIP SNIPand VIP(s)
Traffic Flow for Requests Originating from the NetScaler CPX Instance
Docker implicitly configures IP tables and a NAT rule to direct traffic originating from the NetScalerCPX instance to the docker0 IP address
The following figure illustrates how a ping request originating from a NetScaler CPX instance reachesthe destination
copy 1999-2020 Citrix Systems Inc All rights reserved 4
NetScaler CPX 111
In this example the ping request is sent by the packet engine on eth0 interfacewith source IP addressas the NetScaler CPX IP address (1721704) The Docker host then performs network address trans-lation (NAT) to add the host IP address (19268xx) as the source IP address and sends the request tothe destination (21658xx) The response from the destination IP address follows the same path inreverse The Docker host performs NAT on the response and forwards the response to the NetScalerCPX instance on the eth0 interface
Traffic Flow for Requests Originating from the External Network
Toenableexternal communicationwhileprovisioningNetScalerCPX youhave tosetparameters suchthat Docker exposes certain ports such as 80 22 and any other port youwant If you have not set anyport to be exposed during provisioning then you have to configure NAT rules on the Docker host tomake these ports available
The client request that originates from the Internet is received by the Docker host which then per-forms port address translation (PAT) to map the public IP address and port to the single IP addressand port of the NetScaler CPX instance and forwards the traffic to the instance
The following figure shows how the Docker host performs port address translation to direct traffic tothe NetScaler CPX single IP address and port
copy 1999-2020 Citrix Systems Inc All rights reserved 5
NetScaler CPX 111
In this example the Docker host IP address is 19268xx and the single IP address of the NetScalerCPX instance is 1721704 The SSH port 22 of NetScaler CPX instance is mapped to port 1100 on theDocker host The SSH request from the client is received on IP address 19268xx at port 1100 TheDocker host performs port address translation to map this address and port to the single IP address1721704 on port 22 and forwards the client request
NetScaler CPX Licensing
September 6 2018
Licensing your CPX instance can enhance you NetScaler CPXrsquos performance You can use NetScalerMAS to pool your CPX licenses and use it as a licensing server You can install licenses in MAS usingthe GUI by uploading the license file you have purchased fromCITRIX To allocate licenses to your CPXinstances you can use Configuration Jobs or CPXrsquos Nitro
The following table describes the differences between a Licensed and Un-licensed CPX (CPX Express)
Un-licensed CPX Licensed CPX
Throughput 20 Mbps 1000 Mbps
copy 1999-2020 Citrix Systems Inc All rights reserved 6
NetScaler CPX 111
Un-licensed CPX Licensed CPX
SSL Connections 250 1500
To install CPX license files on NetScaler MAS
1 In a web browser type the IP address of the NetScaler Management and Analytics System (forexample http1921681001)
2 In User Name and Password enter the administrator credentials
3 On the Configuration tab navigate to Infrastructure gt Licenses gt Settings
4 In the details pane go to License Files and select Upload license files from a local computer
5 Click Browse and select the license file (lic) that you want to use to allocate your licenses ClickFinish
6 At any time you can add more licenses to the NetScaler Management and Analytics System fromthe License Settings
copy 1999-2020 Citrix Systems Inc All rights reserved 7
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Contents
Architecture and Traffic Flow 3
NetScaler CPX Licensing 6
Installing NetScaler CPX on a Docker Host Using the NetScaler Management and AnalyticsSystem 13
Configuring NetScaler CPX 17
Upgrading NetScaler CPX Instances 22
Using Wildcard Virtual Servers in NetScaler CPX Instance 24
Deploy NetScaler CPXwith Direct Access to the Network 25
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow 26
Deploy NetScaler CPX in a Single Host Network 30
Deploy NetScaler CPX in a Multi-Host Network 31
Deploy NetScaler CPX in a Mesos and Marathon Environment 37
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox and Nuage Networksby Using NetScaler MAS 42
Deploy NetScaler CPX in a Kubernetes Environment 47
copy 1999-2020 Citrix Systems Inc All rights reserved 2
NetScaler CPX 111
Architecture and Traffic Flow
September 6 2018
When you provision a NetScaler CPX instance on a Docker host the Docker engine creates a virtualinterface eth0 on the CPX instance This eth0 interface is directly connected to a virtual interface(veth) on the docker0 bridge The Docker engine also assigns an IP address to the NetScaler CPXinstance in the network 172170016
Thedefault gateway for theCPX instance is the IP address of thedocker0bridgewhichmeans that anycommunication with the NetScaler CPX instance is done through the Docker network All incomingtraffic received fromthedocker0bridge is receivedby theeth0 interfaceon theNetScaler CPX instanceand processed by the NetScaler CPX packet engine
The following figure illustrates the architecture of a NetScaler CPX instance on a Docker host
How Single IP Address Works on NetScaler CPX
A regular NetScaler MPX or VPX appliance requires at least three IP addresses to function
bull Management IP address called the NetScaler IP (NSIP) addressbull Subnet IP (SNIP) address for communicating with the server farmbull Virtual server IP (VIP) address(es) for accepting client requests
copy 1999-2020 Citrix Systems Inc All rights reserved 3
NetScaler CPX 111
A NetScaler CPX instance operates with one single IP address that is used for management as well asfor data traffic
During provisioning only one private IP address (single IP address) is assigned to a NetScaler CPXinstance by the Docker engine The three IP functions of a NetScaler instance are multiplexed ontoone IP address This single IP address uses different port numbers to function as the NSIP SNIP andVIP(s)
The following image illustrates how a single IP address is used to perform the functions of NSIP SNIPand VIP(s)
Traffic Flow for Requests Originating from the NetScaler CPX Instance
Docker implicitly configures IP tables and a NAT rule to direct traffic originating from the NetScalerCPX instance to the docker0 IP address
The following figure illustrates how a ping request originating from a NetScaler CPX instance reachesthe destination
copy 1999-2020 Citrix Systems Inc All rights reserved 4
NetScaler CPX 111
In this example the ping request is sent by the packet engine on eth0 interfacewith source IP addressas the NetScaler CPX IP address (1721704) The Docker host then performs network address trans-lation (NAT) to add the host IP address (19268xx) as the source IP address and sends the request tothe destination (21658xx) The response from the destination IP address follows the same path inreverse The Docker host performs NAT on the response and forwards the response to the NetScalerCPX instance on the eth0 interface
Traffic Flow for Requests Originating from the External Network
Toenableexternal communicationwhileprovisioningNetScalerCPX youhave tosetparameters suchthat Docker exposes certain ports such as 80 22 and any other port youwant If you have not set anyport to be exposed during provisioning then you have to configure NAT rules on the Docker host tomake these ports available
The client request that originates from the Internet is received by the Docker host which then per-forms port address translation (PAT) to map the public IP address and port to the single IP addressand port of the NetScaler CPX instance and forwards the traffic to the instance
The following figure shows how the Docker host performs port address translation to direct traffic tothe NetScaler CPX single IP address and port
copy 1999-2020 Citrix Systems Inc All rights reserved 5
NetScaler CPX 111
In this example the Docker host IP address is 19268xx and the single IP address of the NetScalerCPX instance is 1721704 The SSH port 22 of NetScaler CPX instance is mapped to port 1100 on theDocker host The SSH request from the client is received on IP address 19268xx at port 1100 TheDocker host performs port address translation to map this address and port to the single IP address1721704 on port 22 and forwards the client request
NetScaler CPX Licensing
September 6 2018
Licensing your CPX instance can enhance you NetScaler CPXrsquos performance You can use NetScalerMAS to pool your CPX licenses and use it as a licensing server You can install licenses in MAS usingthe GUI by uploading the license file you have purchased fromCITRIX To allocate licenses to your CPXinstances you can use Configuration Jobs or CPXrsquos Nitro
The following table describes the differences between a Licensed and Un-licensed CPX (CPX Express)
Un-licensed CPX Licensed CPX
Throughput 20 Mbps 1000 Mbps
copy 1999-2020 Citrix Systems Inc All rights reserved 6
NetScaler CPX 111
Un-licensed CPX Licensed CPX
SSL Connections 250 1500
To install CPX license files on NetScaler MAS
1 In a web browser type the IP address of the NetScaler Management and Analytics System (forexample http1921681001)
2 In User Name and Password enter the administrator credentials
3 On the Configuration tab navigate to Infrastructure gt Licenses gt Settings
4 In the details pane go to License Files and select Upload license files from a local computer
5 Click Browse and select the license file (lic) that you want to use to allocate your licenses ClickFinish
6 At any time you can add more licenses to the NetScaler Management and Analytics System fromthe License Settings
copy 1999-2020 Citrix Systems Inc All rights reserved 7
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Architecture and Traffic Flow
September 6 2018
When you provision a NetScaler CPX instance on a Docker host the Docker engine creates a virtualinterface eth0 on the CPX instance This eth0 interface is directly connected to a virtual interface(veth) on the docker0 bridge The Docker engine also assigns an IP address to the NetScaler CPXinstance in the network 172170016
Thedefault gateway for theCPX instance is the IP address of thedocker0bridgewhichmeans that anycommunication with the NetScaler CPX instance is done through the Docker network All incomingtraffic received fromthedocker0bridge is receivedby theeth0 interfaceon theNetScaler CPX instanceand processed by the NetScaler CPX packet engine
The following figure illustrates the architecture of a NetScaler CPX instance on a Docker host
How Single IP Address Works on NetScaler CPX
A regular NetScaler MPX or VPX appliance requires at least three IP addresses to function
bull Management IP address called the NetScaler IP (NSIP) addressbull Subnet IP (SNIP) address for communicating with the server farmbull Virtual server IP (VIP) address(es) for accepting client requests
copy 1999-2020 Citrix Systems Inc All rights reserved 3
NetScaler CPX 111
A NetScaler CPX instance operates with one single IP address that is used for management as well asfor data traffic
During provisioning only one private IP address (single IP address) is assigned to a NetScaler CPXinstance by the Docker engine The three IP functions of a NetScaler instance are multiplexed ontoone IP address This single IP address uses different port numbers to function as the NSIP SNIP andVIP(s)
The following image illustrates how a single IP address is used to perform the functions of NSIP SNIPand VIP(s)
Traffic Flow for Requests Originating from the NetScaler CPX Instance
Docker implicitly configures IP tables and a NAT rule to direct traffic originating from the NetScalerCPX instance to the docker0 IP address
The following figure illustrates how a ping request originating from a NetScaler CPX instance reachesthe destination
copy 1999-2020 Citrix Systems Inc All rights reserved 4
NetScaler CPX 111
In this example the ping request is sent by the packet engine on eth0 interfacewith source IP addressas the NetScaler CPX IP address (1721704) The Docker host then performs network address trans-lation (NAT) to add the host IP address (19268xx) as the source IP address and sends the request tothe destination (21658xx) The response from the destination IP address follows the same path inreverse The Docker host performs NAT on the response and forwards the response to the NetScalerCPX instance on the eth0 interface
Traffic Flow for Requests Originating from the External Network
Toenableexternal communicationwhileprovisioningNetScalerCPX youhave tosetparameters suchthat Docker exposes certain ports such as 80 22 and any other port youwant If you have not set anyport to be exposed during provisioning then you have to configure NAT rules on the Docker host tomake these ports available
The client request that originates from the Internet is received by the Docker host which then per-forms port address translation (PAT) to map the public IP address and port to the single IP addressand port of the NetScaler CPX instance and forwards the traffic to the instance
The following figure shows how the Docker host performs port address translation to direct traffic tothe NetScaler CPX single IP address and port
copy 1999-2020 Citrix Systems Inc All rights reserved 5
NetScaler CPX 111
In this example the Docker host IP address is 19268xx and the single IP address of the NetScalerCPX instance is 1721704 The SSH port 22 of NetScaler CPX instance is mapped to port 1100 on theDocker host The SSH request from the client is received on IP address 19268xx at port 1100 TheDocker host performs port address translation to map this address and port to the single IP address1721704 on port 22 and forwards the client request
NetScaler CPX Licensing
September 6 2018
Licensing your CPX instance can enhance you NetScaler CPXrsquos performance You can use NetScalerMAS to pool your CPX licenses and use it as a licensing server You can install licenses in MAS usingthe GUI by uploading the license file you have purchased fromCITRIX To allocate licenses to your CPXinstances you can use Configuration Jobs or CPXrsquos Nitro
The following table describes the differences between a Licensed and Un-licensed CPX (CPX Express)
Un-licensed CPX Licensed CPX
Throughput 20 Mbps 1000 Mbps
copy 1999-2020 Citrix Systems Inc All rights reserved 6
NetScaler CPX 111
Un-licensed CPX Licensed CPX
SSL Connections 250 1500
To install CPX license files on NetScaler MAS
1 In a web browser type the IP address of the NetScaler Management and Analytics System (forexample http1921681001)
2 In User Name and Password enter the administrator credentials
3 On the Configuration tab navigate to Infrastructure gt Licenses gt Settings
4 In the details pane go to License Files and select Upload license files from a local computer
5 Click Browse and select the license file (lic) that you want to use to allocate your licenses ClickFinish
6 At any time you can add more licenses to the NetScaler Management and Analytics System fromthe License Settings
copy 1999-2020 Citrix Systems Inc All rights reserved 7
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
A NetScaler CPX instance operates with one single IP address that is used for management as well asfor data traffic
During provisioning only one private IP address (single IP address) is assigned to a NetScaler CPXinstance by the Docker engine The three IP functions of a NetScaler instance are multiplexed ontoone IP address This single IP address uses different port numbers to function as the NSIP SNIP andVIP(s)
The following image illustrates how a single IP address is used to perform the functions of NSIP SNIPand VIP(s)
Traffic Flow for Requests Originating from the NetScaler CPX Instance
Docker implicitly configures IP tables and a NAT rule to direct traffic originating from the NetScalerCPX instance to the docker0 IP address
The following figure illustrates how a ping request originating from a NetScaler CPX instance reachesthe destination
copy 1999-2020 Citrix Systems Inc All rights reserved 4
NetScaler CPX 111
In this example the ping request is sent by the packet engine on eth0 interfacewith source IP addressas the NetScaler CPX IP address (1721704) The Docker host then performs network address trans-lation (NAT) to add the host IP address (19268xx) as the source IP address and sends the request tothe destination (21658xx) The response from the destination IP address follows the same path inreverse The Docker host performs NAT on the response and forwards the response to the NetScalerCPX instance on the eth0 interface
Traffic Flow for Requests Originating from the External Network
Toenableexternal communicationwhileprovisioningNetScalerCPX youhave tosetparameters suchthat Docker exposes certain ports such as 80 22 and any other port youwant If you have not set anyport to be exposed during provisioning then you have to configure NAT rules on the Docker host tomake these ports available
The client request that originates from the Internet is received by the Docker host which then per-forms port address translation (PAT) to map the public IP address and port to the single IP addressand port of the NetScaler CPX instance and forwards the traffic to the instance
The following figure shows how the Docker host performs port address translation to direct traffic tothe NetScaler CPX single IP address and port
copy 1999-2020 Citrix Systems Inc All rights reserved 5
NetScaler CPX 111
In this example the Docker host IP address is 19268xx and the single IP address of the NetScalerCPX instance is 1721704 The SSH port 22 of NetScaler CPX instance is mapped to port 1100 on theDocker host The SSH request from the client is received on IP address 19268xx at port 1100 TheDocker host performs port address translation to map this address and port to the single IP address1721704 on port 22 and forwards the client request
NetScaler CPX Licensing
September 6 2018
Licensing your CPX instance can enhance you NetScaler CPXrsquos performance You can use NetScalerMAS to pool your CPX licenses and use it as a licensing server You can install licenses in MAS usingthe GUI by uploading the license file you have purchased fromCITRIX To allocate licenses to your CPXinstances you can use Configuration Jobs or CPXrsquos Nitro
The following table describes the differences between a Licensed and Un-licensed CPX (CPX Express)
Un-licensed CPX Licensed CPX
Throughput 20 Mbps 1000 Mbps
copy 1999-2020 Citrix Systems Inc All rights reserved 6
NetScaler CPX 111
Un-licensed CPX Licensed CPX
SSL Connections 250 1500
To install CPX license files on NetScaler MAS
1 In a web browser type the IP address of the NetScaler Management and Analytics System (forexample http1921681001)
2 In User Name and Password enter the administrator credentials
3 On the Configuration tab navigate to Infrastructure gt Licenses gt Settings
4 In the details pane go to License Files and select Upload license files from a local computer
5 Click Browse and select the license file (lic) that you want to use to allocate your licenses ClickFinish
6 At any time you can add more licenses to the NetScaler Management and Analytics System fromthe License Settings
copy 1999-2020 Citrix Systems Inc All rights reserved 7
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
In this example the ping request is sent by the packet engine on eth0 interfacewith source IP addressas the NetScaler CPX IP address (1721704) The Docker host then performs network address trans-lation (NAT) to add the host IP address (19268xx) as the source IP address and sends the request tothe destination (21658xx) The response from the destination IP address follows the same path inreverse The Docker host performs NAT on the response and forwards the response to the NetScalerCPX instance on the eth0 interface
Traffic Flow for Requests Originating from the External Network
Toenableexternal communicationwhileprovisioningNetScalerCPX youhave tosetparameters suchthat Docker exposes certain ports such as 80 22 and any other port youwant If you have not set anyport to be exposed during provisioning then you have to configure NAT rules on the Docker host tomake these ports available
The client request that originates from the Internet is received by the Docker host which then per-forms port address translation (PAT) to map the public IP address and port to the single IP addressand port of the NetScaler CPX instance and forwards the traffic to the instance
The following figure shows how the Docker host performs port address translation to direct traffic tothe NetScaler CPX single IP address and port
copy 1999-2020 Citrix Systems Inc All rights reserved 5
NetScaler CPX 111
In this example the Docker host IP address is 19268xx and the single IP address of the NetScalerCPX instance is 1721704 The SSH port 22 of NetScaler CPX instance is mapped to port 1100 on theDocker host The SSH request from the client is received on IP address 19268xx at port 1100 TheDocker host performs port address translation to map this address and port to the single IP address1721704 on port 22 and forwards the client request
NetScaler CPX Licensing
September 6 2018
Licensing your CPX instance can enhance you NetScaler CPXrsquos performance You can use NetScalerMAS to pool your CPX licenses and use it as a licensing server You can install licenses in MAS usingthe GUI by uploading the license file you have purchased fromCITRIX To allocate licenses to your CPXinstances you can use Configuration Jobs or CPXrsquos Nitro
The following table describes the differences between a Licensed and Un-licensed CPX (CPX Express)
Un-licensed CPX Licensed CPX
Throughput 20 Mbps 1000 Mbps
copy 1999-2020 Citrix Systems Inc All rights reserved 6
NetScaler CPX 111
Un-licensed CPX Licensed CPX
SSL Connections 250 1500
To install CPX license files on NetScaler MAS
1 In a web browser type the IP address of the NetScaler Management and Analytics System (forexample http1921681001)
2 In User Name and Password enter the administrator credentials
3 On the Configuration tab navigate to Infrastructure gt Licenses gt Settings
4 In the details pane go to License Files and select Upload license files from a local computer
5 Click Browse and select the license file (lic) that you want to use to allocate your licenses ClickFinish
6 At any time you can add more licenses to the NetScaler Management and Analytics System fromthe License Settings
copy 1999-2020 Citrix Systems Inc All rights reserved 7
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
In this example the Docker host IP address is 19268xx and the single IP address of the NetScalerCPX instance is 1721704 The SSH port 22 of NetScaler CPX instance is mapped to port 1100 on theDocker host The SSH request from the client is received on IP address 19268xx at port 1100 TheDocker host performs port address translation to map this address and port to the single IP address1721704 on port 22 and forwards the client request
NetScaler CPX Licensing
September 6 2018
Licensing your CPX instance can enhance you NetScaler CPXrsquos performance You can use NetScalerMAS to pool your CPX licenses and use it as a licensing server You can install licenses in MAS usingthe GUI by uploading the license file you have purchased fromCITRIX To allocate licenses to your CPXinstances you can use Configuration Jobs or CPXrsquos Nitro
The following table describes the differences between a Licensed and Un-licensed CPX (CPX Express)
Un-licensed CPX Licensed CPX
Throughput 20 Mbps 1000 Mbps
copy 1999-2020 Citrix Systems Inc All rights reserved 6
NetScaler CPX 111
Un-licensed CPX Licensed CPX
SSL Connections 250 1500
To install CPX license files on NetScaler MAS
1 In a web browser type the IP address of the NetScaler Management and Analytics System (forexample http1921681001)
2 In User Name and Password enter the administrator credentials
3 On the Configuration tab navigate to Infrastructure gt Licenses gt Settings
4 In the details pane go to License Files and select Upload license files from a local computer
5 Click Browse and select the license file (lic) that you want to use to allocate your licenses ClickFinish
6 At any time you can add more licenses to the NetScaler Management and Analytics System fromthe License Settings
copy 1999-2020 Citrix Systems Inc All rights reserved 7
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Un-licensed CPX Licensed CPX
SSL Connections 250 1500
To install CPX license files on NetScaler MAS
1 In a web browser type the IP address of the NetScaler Management and Analytics System (forexample http1921681001)
2 In User Name and Password enter the administrator credentials
3 On the Configuration tab navigate to Infrastructure gt Licenses gt Settings
4 In the details pane go to License Files and select Upload license files from a local computer
5 Click Browse and select the license file (lic) that you want to use to allocate your licenses ClickFinish
6 At any time you can add more licenses to the NetScaler Management and Analytics System fromthe License Settings
copy 1999-2020 Citrix Systems Inc All rights reserved 7
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Verification
You can verify the licenses installed on your NetScalerMAS by navigating to Infrastructure gt Licensesgt CPX Licenses
Licensing a NetScaler CPX Instance by Using MAS Configuration Jobs
You can use NetScaler MAS to license NetScaler CPX instances by configuring jobs
To allocate licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
Note
By default the license server port number in NetScaler MAS is 27000
copy 1999-2020 Citrix Systems Inc All rights reserved 8
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
copy 1999-2020 Citrix Systems Inc All rights reserved 9
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
To remove licenses on NetScaler CPX by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source and type the following com-mands as shown in the image below
copy 1999-2020 Citrix Systems Inc All rights reserved 10
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Licensing a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to license NetScaler CPX instances
To add license server to a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignslicenseservergt
2 Set the HTTPmethod as POST
3 Add the Request Headers as following
copy 1999-2020 Citrix Systems Inc All rights reserved 11
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonslicenseserverrdquo34 rdquolicenseserveriprdquoltString_valuegt5 rdquoservernamerdquoltString_valuegt6 rdquoportrdquoltDouble_valuegt7 8
5 You can view the following Response
1 HTTP Status Code on Success 201 Created23 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
To set capacity on a NetScaler CPX instances
1 Go to httpnetscaler-ip-addressnitrov1confignscapacitygt
2 Set the HTTPmethod as PUT
3 Add the Request Headers as following
1 CookieNITRO_AUTH_TOKEN=lttokenvaluegt2 Content-Typeapplicationjson
4 Enter the Request Payload as following
1 2 rdquonscapacityrdquo34 rdquobandwidthrdquoltDouble_valuegt5 rdquoeditionrdquoltString_valuegt6 rdquounitrdquoltString_valuegt7 8
5 You can view the following Response
copy 1999-2020 Citrix Systems Inc All rights reserved 12
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
1 HTTP Status Code on Success 200 OK2 HTTP Status Code on Failure 4xx ltstringgt (for general HTTP
errors) or 5xx ltstringgt (for NetScaler-specific errors) Theresponse payload provides details of the error
Formore information about licensing aNetScaler CPX Instance you can download theNITROAPI Doc-umentation available on the NetScaler appliance Downloads section
Installing NetScaler CPX on a Docker Host Using the NetScalerManagement and Analytics System
September 6 2018
From the NetScaler Management and Analytics System (MAS) you can install NetScaler CPX on aDocker host using the NetScaler CPX Dockerfile
Prerequisites
Make sure that you have
bull Installed the NetScaler MAS server on Citrix XenServer For more information see NetScalerMAS Documentation
bull Obtained theNetScalerCPXDockerfile fromyourCitrix representative andcopied it to your localsystem
bull The Docker host hasndash 1 CPUndash 2 GB RAMndash Linux Ubuntu version 1404 and laterndash The system is updated by using the apt-get commandndash The following packages are installed libc6-devi386 gcc-multilib g++-multiliblib32ncurses5-dev zlib1g-devi386 libssl-devi386 build-essential
ndash Docker is installed on the Linux host system To install Docker run the following commandat the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
ndash Docker host has Internet connectivity
copy 1999-2020 Citrix Systems Inc All rights reserved 13
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
bull Docker remote API is enabled on the Linux Docker hostndash To enable the Docker remote API see httpsdocsdockercomenginearticlesconfiguringubuntuFor example on Ubuntu 1404 you can enable the remote API by using the followingsteps1 Edit the etcdefaultdocker file and add ndashH tcpltHost_IP_Addressgtltportgt -H
unixvarrundockersock to the DOCKER_OPTS variable2 Save your changes and restart Docker by running the following command
1 sudo restart docker
ndash To enable remote API on Docker hosts running systemd see httpwwwcampaluscomenable-remote-tcp-connections-to-docker-host-running-ubuntu-15-04
To provision NetScaler CPX using NetScaler MAS
1 In awebbrowser type the IP address of theNetScalerManagement andAnalytics System (forexample http1921681001)
2 In theUser Name andPassword fields enter the administrator credentials The default admin-istrator credentials are nsroot and nsroot
3 Navigate to Infrastructure gt Instances gt NetScaler CPX
4 On the NetScaler CPX page in the Docker Host tab click Add
copy 1999-2020 Citrix Systems Inc All rights reserved 14
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
5 On the Add Docker Host page specify the IP address of the Linux Docker host the root usercredentials of the Docker host and the remote API port (4243) and then clickOK
copy 1999-2020 Citrix Systems Inc All rights reserved 15
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
6 On the NetScaler CPX page in the Instances tab click Provision
7 On theProvisionCPXpage in theSelectLicenseType tab select anyof the followingNetScalerCPX type and click Next
bull LicensedCPX ndashTo install the licensedNetScaler CPX instances for enhancedNetScaler CPXperformance for more information see NetScaler CPX Licensing
bull CPX Express ndash To install the free distribution of the NetScaler CPX
8 In the Provision CPX tab browse and select the NetScaler CPX Dockerfile Then specify thestarting port number of the range of ports that have to be exposed to enable external commu-nication Finally specify the number of ports you want to assign to this instance These portsare in addition to the standard ports 80 22 and 161
copy 1999-2020 Citrix Systems Inc All rights reserved 16
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
9 Click Finish
The following figure shows the details of NetScaler CPX instances provisioned on a Docker host Inthe figure the IP addresses are the single IP addresses implicitly assigned by the Docker engine to theinstances You can also view the port range assigned to each instance and the ports mapped to theSSH (22) HTTP (80) and SNMP (161) ports of the NetScaler CPX instances
Configuring NetScaler CPX
September 6 2018
You can configure a NetScaler CPX instance by accessing the CLI prompt through the Linux Dockerhost or by using NetScaler Nitro APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 17
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Configuring a NetScaler CPX Instance by Using the Command Line Interface
Access the Docker host and log on to the SSH prompt of the instance as shown in the following figureThe default administrator credentials to log on to a NetScaler CPX instance are rootlinux
Type the following command to use the command line prompt of the instance to run CLI commandscli_scriptsh ldquoltcommandgtrdquo
Example
To log out of the instance prompt type log out
Configuring a NetScaler CPX Instance by Using the Nitro API
You can use the NetScaler Nitro API to configure NetScaler CPX instances
To configure NetScaler CPX instances by using the Nitro API in a web browser type
lthttplthost_IP_addressgtltportgtnitrov1configltresource-typegt
To retrieve statistics by using the Nitro API in a web browser type
httplthost_IP_addressgtltportgtnitrov1statltresource-typegt
For more information about using the Nitro API see RESTWeb Services For NetScaler CPX use ltCPXIP addressportgt where ldquonetscaler-ip-addressrdquo is mentioned
Configuring a NetScaler CPX Instance by Using Jobs
You can configure NetScaler CPX instances by creating and executing jobs in NetScaler MAS You canuse the configurations from configuration templates extract configurations available on other de-vices and use configurations saved in text files You can also record configurations done by using the
copy 1999-2020 Citrix Systems Inc All rights reserved 18
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
configuration utility of another instances NetScaler MAS then displays the corresponding CLI com-mands for you to use on your NetScaler CPX instance After you select the configuration you mustthen select the NetScaler CPX instances on which you want to load the configuration specify the vari-able values and execute the job
To configure NetScaler CPX instances by using Jobs
1 Log on to NetScaler MAS by using the administrative credentials
2 Navigate to Infrastructure gt Configuration Jobs and then click Create Job
3 Specify the required values and select the configuration source You can also type the com-mands you want to run
4 Select the NetScaler CPX instance(s) onwhich youwant to run the configuration and clickNext
copy 1999-2020 Citrix Systems Inc All rights reserved 19
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
5 Specify the execution settings and click Finish to run the commands on the NetScaler CPX in-stance If you want to save the configuration and run it at a later time click Save and Exit
Configuring Log Streaming on a NetScaler CPX Instance
You can configure log streaming on a NetScaler CPX instance to collect web page performance dataflow and user-session level information and database information required for application perfor-mance monitoring and analytics These data records are sent to NetScaler MAS where you can view
copy 1999-2020 Citrix Systems Inc All rights reserved 20
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
real-time and historical reports for all your applications
To configure log streamingonaNetScaler CPX instance youmust first enable theAppFlow feature andthe ulfd daemon on the NetScaler CPX instance When you enable the ulfd daemon youmust specifythe IP address of NetScaler MAS where you want to monitor the real-time and historical reports Youmust then configure an AppFlow collector action policy and bind the AppFlow policy globally
The ulfd daemon sends all the flow records to NetScaler MAS in a single unified logging format
You can configure log streaming either by using the command line interface of a NetScaler CPX in-stance or by using the Jobs feature in NetScaler MAS
Before you can monitor the records you must add the NetScaler CPX instance to NetScaler MAS Formore information about adding a NetScaler CPX instance to NetScaler MAS see Installing a NetScalerCPX Instance by Using NetScaler Management and Analytics System
To configure log streaming on a NetScaler CPX Instance
1 Enable the AppFlow feature by running the following command
1 enable ns feature AppFlow
2 Enable the ulfd daemon by using the following command
1 set ns param -ulfd ENABLED -loggerip ltNUMS_IP_Addressgt
3 Run the following commands to configure an AppFlow collector action and policy and to bindthe policy globally
1 add appflow collector ltnamegt -IPAddress ltipaddressgt23 set appflow param -templateRefresh 3600 -httpUrl ENABLED -
httpCookie ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -httpContentTypeENABLED -httpAuthorization ENABLED -httpVia ENABLED -httpXForwardedFor ENABLED -httpLocation ENABLED -httpSetCookieENABLED -httpSetCookie2 ENABLED -connectionChaining ENABLED -httpDomain Enabled
45 add appflow action ltnamegt --collectors ltstringgt [-
clientSideMeasurements (Enabled|Disabled) ]67 add appflow policy ltnamegt true ltactiongt89 bind appflow global ltpolicyNamegt ltprioritygt [lt
gotoPriorityExpression [-type lttypegt]
copy 1999-2020 Citrix Systems Inc All rights reserved 21
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Note
Youmust configure the AppFlow collector with a dummy IP address
Upgrading NetScaler CPX Instances
September 6 2018
You can upgrade the NetScaler CPX instance by deleting the current instance and re-installing thelatest versionofNetScalerCPXon the samemountpoint that youhadusedwhile installing theexistingNetScaler CPX instance Amount point is a directory on the host where youmount the cpxdirectoryFor more information see httpsdocsdockercomenginetutorialsdockervolumes
For example while installing the NetScaler CPX instance if you hadmounted the cpx directory of theexisting NetScaler CPX instance on varcpx directory on the host then the mount point is varcpxand the NetScaler CPXmount directory is cpx as shown below
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namemycpx -v varcpxcpx --ulimit core=-1 cpx111-48xx
Make sure that you use the same mount point and NetScaler CPX directory varcpxcpx when youinstall the latest version of the NetScaler CPX
Prerequisites
Make sure that you have
bull Details of the host directorywhere youhavemounted the existingNetScaler CPX instancersquos cpxdirectory You can use the following docker inspect command to obtain the details of the hostdirectory
1 docker inspect ltcontainer_namegt
Where is the name of the NetScaler CPX container
The output of the command provides the details on the container configurations including thevolumes Search for the entry called ldquoMountsrdquo as shown below
copy 1999-2020 Citrix Systems Inc All rights reserved 22
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
The Source specifies the mount point on the host
bull Download the latest NetScaler CPX Docker image file from httpswwwmicroloadbalancercomget-it-now and then load the NetScaler CPX Docker image to do so navigate to the direc-tory where you saved the Docker image file and then run the following command
1 docker load -i cpx-111-52xxgz
After the NetScaler CPX Docker image is loaded you can view the details of the image by using thefollowing command
1 docker images
For example
1 rootubuntu~ docker images2 REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE3 cpx 111-52xx 2e97aadf918b 43 hours ago 6055 MB
To upgrade the NetScaler CPX Instance
1 Stop the existing NetScaler CPX instance by using the following command
1 docker stop ltcontainer_namegt
Where ltcontainer_namegt is the name of the NetScaler CPX instance
For example
1 rootubuntu~ docker stop mycpx2 mycpx
2 Using the docker run command deploy the latest NetScaler CPX instance from the NetScalerCPX image that you have loaded on the host Make sure that you deploy the instance using thesame mount point (for example varcpxcpx) that you had used in your existing NetScalerCPX instance
copy 1999-2020 Citrix Systems Inc All rights reserved 23
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
1 docker run -dt --privileged=true -e EULA=yes --name ltcontainer_namegt -v lthost_dirgtcpx--ulimit core=-1 cpx111-52x
Where
bull ltcontainer_namegt is the name of the NetScaler CPX instancebull lthost_dirgt is the mount point on the host
1 rootubuntu~ docker run -dt --privileged=true -e EULA=yes --namelatestcpx -v varcpxcpx --ulimit core=-1 cpx111-52xx
You can verify if the latest NetScaler CPX instance is deployed by using the docker ps command
For example
1 rootubuntu~ docker ps2 CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES3 ead12ec4e965 cpx111-52xx rdquobinsh -c rsquobash -C rdquo 5 seconds
ago Up 5 seconds 22tcp 80tcp 443tcp 161udplatestcpx
3 After you verify if the latest NetScaler CPX instance is deployed delete the older version of theNetScaler CPX instance by using the following command
1 docker rm ltcontainer_namegt
For example
1 rootubuntu~ docker rm mycpx2 mycpx
UsingWildcard Virtual Servers in NetScaler CPX Instance
September 6 2018
When you provision a NetScaler instance only one private IP address (single IP address) is assignedto a NetScaler CPX instance by the Docker engine The three IP functions of a NetScaler instance aremultiplexed onto one IP address This single IP address uses different port numbers to function as theNSIP SNIP and VIP(s)
copy 1999-2020 Citrix Systems Inc All rights reserved 24
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Thesingle IPaddress that is assignedby theDockerengine isdynamic youcanadd theLoadBalancing(LB) or Content Switching (CS) virtual servers using the single IP address or using 127001 IP addressThe virtual servers created using 127001 is called as Wildcard Virtual Servers By default when youcreate a wildcard virtual server the NetScaler CPX replaces the assigned IP address of the wildcardvirtual server that is 127001 with the NSIP assigned to the NetScaler CPX instance by the Dockerengine
In high-availability NetScaler CPX deployments you can add wildcard virtual servers on one of theNetScaler CPX instance and copy thensconf file from the instance to otherNetScaler CPX instances inthe deployment andmake sure that the NetScaler configuration is consistent across all the NetScalerCPX instances in the deployment instead of identifying the single IP address assigned by the Dockerengine to the NetScaler instance and create the LB or CS virtual servers based on the single IP addresson all the NetScaler CPX instances in the deployment
Points to Note
bull Make sure that the port number that you assign to thewildcard virtual server is not used by anyother virtual server in the deployment
bull character is not supported by wildcard virtual server
To create a wildcard load balancing virtual server at the command prompt enter the following com-mand
1 add lb vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add lb vserver testlbvserver HTTP 127001 30000
To create a wildcard content switching virtual server at the command prompt enter the followingcommand
1 add cs vserver ltnamegt ltserviceTypegt 127001 ltportgt2 add cs vserver testcsvserver HTTP 127001 30000
Deploy NetScaler CPXwith Direct Access to the Network
September 6 2018
You can configure NetScaler CPX instance to have direct access to the network In this scenario theincoming traffic is directly received on the NetScaler CPX VIP
Toenable this communication youhave to first configureapublic IPaddressondocker0bridge Thenremove the public IP address from the network port eth0 and bind the network port to the docker0bridge
copy 1999-2020 Citrix Systems Inc All rights reserved 25
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Configure load balancing by adding the two services and then configure a network public IP addressas the VIP on the NetScaler CPX instance The client requests are received directly on the VIP
Note In the example configuration the 10xxx network denotes a public network
To configure this scenario run the following command at the Linux shell prompt
1 ip addr add 101022910024 dev docker0 2 ip addr del 101022910024 dev eth0 3 brctl addif docker0 eth0 4 ip route del default 5 ip route add default via 10102291 dev docker0
Eitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs run the followingcommands
1 add service s1 1721708 http 802 add service s2 1721709 http 803 add lb vserver cpx-vip HTTP 1010229102 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow
September 6 2018
In this deployment the NetScaler CPX instance acts as a proxy to enable communication betweenapplication containers residing on multiple hosts The NetScaler CPX instance is provisioned alongwith the applications in multiple hosts and provides the shortest path for communication
The following image illustrates traffic flow between two applications through the NetScaler CPX in-stances
copy 1999-2020 Citrix Systems Inc All rights reserved 26
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
This image shows traffic flowbetween application C and application B andbetween application A andapplication B When app C (in any of the hosts) sends a request to B the request is first received onthe NetScaler CPX container on the same host as app C Then the NetScaler CPX container passesthe traffic to the NetScaler CPX container hosted on the same host as app B and then the traffic isforwarded to app B A similar traffic path is followed when app A sends request to app B
In this example a NetScaler MPX is also deployed to allow traffic to the applications from the Internetthrough a global VIP The traffic from the NetScaler MPX is received on the NetScaler CPX containerswhich then distributes the traffic across the application containers
The following diagram illustrates this topologywith the configurations that need to be set for commu-nication to happen
copy 1999-2020 Citrix Systems Inc All rights reserved 27
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
The following table lists the IP addresses andports that are configured on theNetScaler CPX instancesin this example configuration
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
copy 1999-2020 Citrix Systems Inc All rights reserved 28
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 30000-30002 30000-30002 --ulimit core=-1 --privileged=truecpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
On NetScaler CPX instance on Docker Host 1
1 add lb vserver VIP-A1 HTTP 1721702 300002 add service svc-A1 1010229100 HTTP 803 bind lb vserver VIP-A1 svc-A14 add lb vserver VIP-B1 HTTP 1721702 300015 add service svc-B1 1010229100 HTTP 906 bind lb vserver VIP-B1 svc-B17 add lb vserver VIP-C1 HTTP 1721702 300028 add service svc-VIP-C2 1010229105 HTTP 300029 add service svc-VIP-C3 1010229110 HTTP 3000210 bind lb vserver VIP-C1 svc-VIP-C211 bind lb vserver VIP-C1 svc-VIP-C3
On the NetScaler CPX instance on Docker host 2
1 add lb vserver VIP-A2 HTTP 1721703 300002 add service svc-A2 1010229105 HTTP 803 bind lb vserver VIP-A2 svc-A24 add lb vserver VIP-B2 HTTP 1721703 300015 add service svc-VIP-B1 1010229100 HTTP 300016 bind lb vserver VIP-B2 svc-VIP-B17 add lb vserver VIP-C2 HTTP 1721703 300028 add service svc-C2 1010229105 HTTP 709 bind lb vserver VIP-C2 svc-C2
On the NetScaler CPX instance on Docker host 3
1 add lb vserver VIP-A3 HTTP 1721704 300002 add service svc-VIP-A1 1010229100 HTTP 300003 add service svc-VIP-A2 1010229105 HTTP 300004 bind lb vserver VIP-A3 svc-VIP-A15 bind lb vserver VIP-A3 svc-VIP-A26 add lb vserver VIP-B3 HTTP 1721704 300017 add service svc-VIP-B1 1010229100 HTTP 300018 bind lb vserver VIP-B3 svc-VIP-B19 add lb vserver VIP-C3 HTTP 1721704 3000210 add service svc-C3 1010229110 HTTP 7011 bind lb vserver VIP-C3 svc-C3
copy 1999-2020 Citrix Systems Inc All rights reserved 29
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Deploy NetScaler CPX in a Single Host Network
September 6 2018
In a single host network the NetScaler CPX instance acts as a proxy between application containerson the same host In this capacity the NetScaler CPX instance provides scalability and security to thecontainer-basedapplications Additionally it optimizesperformanceandalsoprovidesan insight intotelemetry data
In a single host network the client the servers and the NetScaler CPX instance are deployed as con-tainers on the same Docker host All the containers are connected through docker0 bridge
In this environment the NetScaler CPX instance acts as a proxy for the applications provisioned ascontainers on the same Docker host
The following figure illustrates the single host topology
In this example a web app container (1721702) is the client and the two database containers DB1(17217010) and DB2 (17217011) are the servers The NetScaler CPX container (1721704) sits be-tween the client and the servers acting as a proxy
To enable the web application to communicate with the database containers through NetScaler CPXyou have to first configure two services on the NetScaler CPX container to represent the two serversThen configure a virtual server by using the NetScaler CPX IP address and a non-standard HTTP port(such as 81) because theNetScaler CPX reserves the standardHTTPport 80 forNITROcommunication
copy 1999-2020 Citrix Systems Inc All rights reserved 30
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
In this topology you do not have to configure any NAT rules because the client and the server are onthe same network
To configure this scenario run the following commands either by using the Jobs feature in NetScalerMAS or by using NITRO APIs
1 add service db1 HTTP 17217010 802 add service db2 HTTP 17217011 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip db15 bind lb vserver cpx-vip db2
Deploy NetScaler CPX in a Multi-Host Network
September 6 2018
A NetScaler CPX instance in a multi-host network may be configured in a production deployment inthedatacenterwhere it provides loadbalancing functions It can furtherprovidemonitoring functionsand analytics data
In a multi-host network the NetScaler CPX instances backend servers and the clients are deployedondifferent hosts You can usemulti-host topologies in production deploymentswhere theNetScalerCPX instance loadbalances a set of container-based applications and servers or evenphysical servers
Topology 1 NetScaler CPX and Backend Servers on Same Host Client on a DifferentNetwork
In this topology the NetScaler CPX instance and the database servers are provisioned on the sameDocker host but the client traffic originates from elsewhere on the network This topology might beused in a production deployment where the NetScaler CPX instance load balances a set of container-based applications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 31
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
In this example the NetScaler CPX instance (1721704) and the two servers DB1 (17217010) and DB2(17217011) are provisioned on the same Docker host with IP address 1010229100 The client resideselsewhere on the network
The client requests originating from the Internet are received on the VIP configured on the NetScalerCPX instance which then distributes the requests across the two servers
There are twomethods you can use to configure this topology
bull Using an additional IP address and standard port for the VIP
1 Configure the VIP on theNetScaler CPX container by using an additional IP address insteadof the NetScaler CPX IP address This enables you to use the standard port 80 on the con-tainer to receive client requests
2 Configure an additional IP address for the Docker host3 Configure NAT rules to forward all traffic received on the Docker hostrsquos additional IP ad-
dress to the VIPrsquos additional IP address4 Configure the two servers as services on the NetScaler CPX instance5 Finally bind the services to the VIP
Note In this example configuration the 10xxx network denotes a public network
To configure this example scenario run the following commands either by using the Jobs fea-ture in NetScaler MAS or by using NITRO APIs
copy 1999-2020 Citrix Systems Inc All rights reserved 32
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
1 add service s1 17217010 HTTP 802 add service s2 17217011 HTTP 803 add lb vserver cpx-vip HTTP 172174100 804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Configure an additional public IP address for the Docker host and a NAT rule by running the followingcommands at the Linux shell prompt
1 ip addr add 101022910324 dev eth02 iptables -t nat -A PREROUTING -p ip -d 1010229103 -j DNAT --to-
destination 172174100
bull Using the NetScaler CPX IP address for the VIP and by configuring port mapping
1 Configure the VIP and the two services on the NetScaler CPX instance Use a non-standard port81 with the VIP
2 Bind the services to the VIP3 Configure a NAT rule to forward all traffic received on port 50000 of the Docker host to the VIP
and port 81
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container on all three Docker hosts
1 docker run -dt -p 22 -p 80 -p 161udp -p 5000081 --ulimit core=-1--privileged=true cpx62
After the NetScaler CPX instance is provisioned run the following commands either by using the Jobsfeature in NetScaler MAS or by using NITRO APIs
1 add service s1 17217010 http 802 add service s2 17217011 http 803 add lb vserver cpx-vip HTTP 1721704 814 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Note
If you have not configured portmapping during provisioning of the NetScaler CPX instance thenconfigure a NAT rule by running the following commands at the Linux shell prompt
iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -m tcp--dport s50000 -j DNAT --to-destination 172170481
copy 1999-2020 Citrix Systems Inc All rights reserved 33
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Topology 2 NetScaler CPXwith Physical Servers and Client
In this topology only the NetScaler CPX instance is provisioned on a Docker host The client and theservers are not container-based and reside elsewhere on the network
In this environment you can configure the NetScaler CPX instance to load balance traffic across thephysical servers
The following figure illustrates this topology
In this example the NetScaler CPX container (1721704) sits between the client and the physicalservers acting as a proxy The servers DB1 (1010229105) and DB2 (1010229110) reside outside aDocker host on the network The client request originates from the Internet and is received on theNetScaler CPX which distributes it across the two servers
To enable this communication between the client and the servers through NetScaler CPX you haveto first configure port mapping while creating the NetScaler CPX container Then configure the twoservices on the NetScaler CPX container to represent the two servers And finally configure a virtualserver by using the NetScaler CPX IP address and the non-standard mapped HTTP port 8080
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
copy 1999-2020 Citrix Systems Inc All rights reserved 34
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Then run the followingcommandseitherbyusing theJobs feature inNetScalerMASorbyusingNITROAPIs
1 add service s1 HTTP 1010229105 802 add service s2 HTTP 1010229110 803 add lb vserver cpx-vip HTTP 1721704 80804 bind lb vserver cpx-vip s15 bind lb vserver cpx-vip s2
Topology 3 NetScaler CPX and Servers Provisioned on Different Hosts
In this topology the NetScaler CPX instance and the database servers are provisioned in differentDocker hosts and the client traffic originates from the Internet This topology might be used in aproduction deployment where the NetScaler CPX instance load balances a set of container-based ap-plications or servers
The following diagram illustrates this topology
copy 1999-2020 Citrix Systems Inc All rights reserved 35
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
In this example the NetScaler CPX instance and a server (DB1) are provisioned on the same Dockerhost with IP address 1010229100 Four other servers (DB2 DB3 DB4 and DB5) are provisioned ontwo different Docker hosts 1010229105 and 1010229110
The client requests originating from the Internet are received on the NetScaler CPX instance whichthen distributes the requests across the five servers To enable this communication youmust config-ure the following
1 Set portmappingwhile creating your NetScaler CPX container In this example thismeans thatyou have to forward port 8080 on the container to port 8080 on the host When the client re-quest arrives on port 8080 of the host it maps to port 8080 of the CPX container
2 Configure the five servers as services on the NetScaler CPX instance You have to use a combi-nation of the respective Docker host IP address andmapped port to set these services
3 Configure a VIP on the NetScaler CPX instance to receive the client request This VIP should berepresented by the NetScaler CPX IP address and port 8080 that was mapped to port 8080 ofthe host
4 Finally bind the services to the VIP
Note that in the example configuration the 10xxx network denotes a public network
To configure this example scenario run the following command at the Linux shell prompt while creat-ing the NetScaler CPX container
1 docker run -dt -p 22 -p 80 -p 161udp -p 80808080 --ulimit core=-1 --privileged=true cpx62
Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITROAPIs
1 add service s1 1010229100 HTTP 80812 add service s2 1010229105 HTTP 80813 add service s3 1010229105 HTTP 80824 add service s4 1010229110 HTTP 80815 add service s5 1010229110 HTTP 80826 add lb vserver cpx-vip HTTP 1721702 80807 bind lb vserver cpx-vip s18 bind lb vserver cpx-vip s29 bind lb vserver cpx-vip s310 bind lb vserver cpx-vip s411 bind lb vserver cpx-vip s5
copy 1999-2020 Citrix Systems Inc All rights reserved 36
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Deploy NetScaler CPX in a Mesos and Marathon Environment
September 6 2018
In this deployment you can use a Mesos and Marathon environment to launch and scale up or scaledownyour applications Mesos enables resource isolationandsharingacrossdistributedapplicationsor frameworks Marathon is an application orchestration framework that can launch and scale up orscale down your applications For more information about Mesos and Marathon see httpsdocsmesospherecomgettingstartedoverview
To deploy NetScaler CPX in a Mesos and Marathon environment you must complete the followingtasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 Youcan then launchyourapplicationsandNetScalerCPX instancesbyusingeither theMarathonCLI or the Marathon GUI Note that Marathon launches a NetScaler CPX instance as an applica-tion For more information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
The following figure illustrates thedeployment ofNetScaler CPX inMesos andMarathonenvironment
copy 1999-2020 Citrix Systems Inc All rights reserved 37
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
In this example UH1 is an Ubuntu host that is configured as a Mesosmaster Ubuntu hosts UH2 UH3and UH4 are configured as Mesos slaves Marathon is installed on the Mesos master App1 and App2are the applications that you want your NetScaler CPX to load balance To launch applications theMesos master allocates a Mesos slave and other resources to the applications and then Marathonlaunches the applications on the allocated Mesos slaves In this example CPX App1 and App2 arelaunched on Ubuntu hosts UH2 UH3 and UH4 respectively
You can launch your applications and NetScaler CPX instances by using either the Marathon CLI orthe Marathon GUI
Launching Applications and NetScaler CPX instances by using the Marathon CLI
To launch an application or a NetScaler CPX instance you must write JSON scripts The JSON scriptsmust include details such as ID number of instances container type application image file namesport mappings network labels and health check specifications Youmust then run the JSON scriptson the Mesos master to launch the applications and NetScaler CPX instances
To launch an application and NetScaler CPX instance
1 Write a JSON script for every application and NetScaler CPX instance you want to launch
copy 1999-2020 Citrix Systems Inc All rights reserved 38
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
For example to launch an application write a JSON script as shown in the following samplescript
1 23 rdquoidrdquo rdquoweb-backendrdquo4 rdquocpusrdquo 015 rdquomemrdquo 10006 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquonginx_backendlatestrdquo13 rdquoforcePullImagerdquo false14 rdquonetworkrdquo rdquoBRIDGErdquo15 rdquoportMappingsrdquo [16 17 rdquocontainerPortrdquo 80 rdquohostPortrdquo 0 rdquoservicePortrdquo 20002 rdquo
protocolrdquo rdquotcprdquo 1819 ]20 2122 23 24 rdquolabelsrdquo 2526 rdquoNETSCALER_GROUPrdquordquoBACKENDrdquo27 28 29 rdquohealthChecksrdquo [30 3132 rdquoprotocolrdquo rdquoHTTPrdquo33 rdquoportIndexrdquo 034 rdquopathrdquo rdquordquo35 rdquogracePeriodSecondsrdquo 536 rdquointervalSecondsrdquo 2037 rdquomaxConsecutiveFailuresrdquo 338 3940 ]41
copy 1999-2020 Citrix Systems Inc All rights reserved 39
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Note
Make sure that for an application you do not set the label as NETSCALER_CPX If you setthe label parameter to NETSCALER_CPX for an application you cannot configure that ap-plication on your NetScaler CPX instance
For example to launch a NetScaler CPX instance write a JSON script as shown in the followingsample script
1 23 rdquoidrdquo rdquocpxrdquo4 rdquocpusrdquo 0255 rdquomemrdquo 5126 rdquoinstancesrdquo 27 rdquocontainerrdquo 89 rdquotyperdquo rdquoDOCKERrdquo10 rdquodockerrdquo 1112 rdquoimagerdquo rdquocpx105-53535rdquo13 rdquonetworkrdquo rdquoHOSTrdquo14 rdquoprivilegedrdquo true15 rdquoparametersrdquo [16 17 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 18 19 20 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNS_NETMODE=HOSTrdquo 21 22 23 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquoNETSCALER_GROUP=BACKENDrdquo 24 25 26 rdquokeyrdquo rdquoenvrdquo rdquovaluerdquo rdquomarathon_url=http101021032228080rdquo
2728 ]29 3031 32 33 rdquolabelsrdquo 3435 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 40
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
36 3738
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore in the JSON script you must set thevalue of the network parameter to HOST
2 On the Mesos master run the following command to execute the JSON script
1 curl -X POST httpltMarathon_IP_AddressgtltMarathon portgtv2apps-d ltJSON_Script_Namegtjson -H rdquoContent-type applicationjsonrdquo
Alternatively you can start the NetScaler CPX instance by using the following docker run com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 -e marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo cpx7
If Marathon needs authentication you can use the following docker run command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo--ulimit core=-1 marathon_url=ldquo httpltMarathon_IP_AddressgtltMarathon portgtrdquo ‒ e marathon_user=abcd ‒ e marathon_password=secret cpx7
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-
copy 1999-2020 Citrix Systems Inc All rights reserved 41
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list select Host
4 Click + Create
5 The applications that you have launched are displayed under Applications
Integrate NetScaler CPX Instances with Mesos Marathon Infoblox andNuage Networks by Using NetScaler MAS
September 6 2018
As a network administrator you can use Marathon scheduler to deploy your applications in Mesoscluster andprovisionmultipleNetScalerCPX instancesand loadbalance the traffic to theapplicationsYou can use Nuage VSP solution to provide network connectivity to every application and NetScaler
copy 1999-2020 Citrix Systems Inc All rights reserved 42
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
CPX instance in your deployment and also use the InfoBlox solution to set up DNS services in yourdeployment
Using NetScaler MAS you can manage monitor and gain visibility into your NetScaler CPX instancesand applications
For this deployment perform the following tasks
1 Set up a Mesos and Marathon master-slave cluster Every application and NetScaler CPX in-stance must be configured on an Ubuntu host and these hosts must be configured as Mesosslaves Youmust configure anUbuntuhost as aMesosmaster and installMarathonon theMesosmaster For more information see httpsopenmesospherecomgetting-startedinstall
2 You must store the images of your applications and NetScaler CPX instances on all the Mesosslaves
3 You can then launch your applications and NetScaler CPX instances by using the Marathon CLIor Marathon GUI Note that Marathon launches a NetScaler CPX instance as an application Formore information about running applications on Marathon see httpsmesospheregithubiomarathondocsapplication-basicshtml
4 Set up a VIP subnet on the Nuage VSP solution The VIP subnetmust be large enough to accom-modate the VIP needs for all Mesos applications in the future The VIP subnet must not be usedby any Mesos applications and no Nuage endpoints (vports) must be created on it
5 Set up a DNS server on the InfoBlox solution for DNS resolution6 Register the applications Marathon scheduler Nuage and InfoBlox details with NetScaler MAS7 Add the NetScaler CPX instances to NetScaler MAS
Points to Note
1 TheNetScaler CPX IP address (management IP address)must be fully routablewithin theMesoscluster
2 Whenyouprovision theNetScaler CPX instanceonaMesos slave youmust specify the followingdetails
bull NetScaler MAS host name or IP addressbull NetScaler MAS administrator user name and passwordbull The DNS server name that you will configure on the NetScaler CPX instance for DNS reso-lution
3 There must be a one-to-one mapping between an application and a Nuage subnet4 NetScaler CPX must be connected to the network using the Nuage Docker monitor running on
the Mesos slave5 Only theMarathon application tasks (IPportmembers of the applicationrsquos VIP address)must be
present on the subnet associated with it6 Marathon application port must be specified in one of the Marathon labels
copy 1999-2020 Citrix Systems Inc All rights reserved 43
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Launching Applications and NetScaler CPX instances by using the Marathon GUI
You can access theMarathon GUI by typing theMarathon IP address and port in a browser By defaultthe Marathon port is 8080
To launch an application and NetScaler CPX instance
1 Log on to the Marathon GUI
2 On the Applications tab in the top-left pane click Create
3 In the New Application screen specify the parameters in the Docker container settings En-vironment variables LabelsHealth checks andOptional settings sections
Note
In a Mesos and Marathon environment support is available to run the NetScaler CPX in-stance in only the host networking mode Therefore if you are launching a NetScaler CPXinstance in the Docker container settings section in the Network list selectHost
4 Click + Create
5 The applications that you have launched are displayed under Applications
copy 1999-2020 Citrix Systems Inc All rights reserved 44
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
Registering the applications Marathon scheduler Nuage and InfoBlox details withNetScaler MAS
Youmust register the details of your applications Marathon scheduler Nuage and InfoBlox solutionswith NetScaler MAS to successfully deploy the NetScaler CPX instance
You must configure your network in a way that the NetScaler CPX instance can open connections toNetScaler MAS Once the NetScaler CPX container starts up and acquires a management IP addressfrom the Nuage environment it sends a registration request to NetScaler MAS using a secure connec-tion
As part of the registration process NetScaler MAS learns about the NetScaler CPX instance and the IPaddress or the port on which it can reach it for configuration using NITRO REST APIs Then NetScalerMAS starts monitoring its health
To register details with NetScaler MAS
1 Log on to NetScaler MAS2 Navigate to Orchestration gt Container Orchestration gt Mesos Configuration and then click
Add3 Under Application Settings specify the following parameters
bull App Default Domain Suffix Domain suffix that is used to create a DNS name for an appli-cation to be configured in InfoBlox
bull VIP Subnet Name Name of the Nuage subnet used by NetScaler MAS to allocate VIPsfor applications You must create this subnet beforehand on the Nuage system and thenregister it with NetScaler MAS
4 UnderMarathon Scheduler Details specify the Marathon URL user name and password5 Under Nuage Details specify the VSD URL user name password and the VSD enterprise ID6 Under InfoBlox specify the InfoBlox URL user name and password7 In the etcresolvconf file add the InfoBlox DNS IP address and the domain search path
Note When you restart the NetScaler Management and Analytics System to retain the InfoBloxDNS IP address and the domain search path in the etcresolvconf file update the following inthe mpsconfigsvmconf filempschangenameserversh ltDNS IP address1gt ltDNS IP address2gtecho ldquosearch ltdomain namegtrdquo gtgt etcresolvconf
copy 1999-2020 Citrix Systems Inc All rights reserved 45
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
8 Launch the NetScaler CPX Instance using a JSON script file The following is sample JSONscript fileNote Make sure that you include the following lines in your JSON script fileldquocmdrdquo ldquocd varnetscalerbins sed -i lsquos Creating NSPPE startup conf Read By PE Cre-ating NSPPE startup conf Read By PEnecho ldquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquodocker_startupsh bash -C docker_startupsh bashrdquo
Sample JSON script
1 curl -X POST http10xxxx628080v2apps -dcpx_nuage_custom_etchostcorrectionjson -H rdquoContent-typeapplicationjsonrdquo
2 34 rdquoidrdquo rdquocpx-host3rdquo5 rdquocpusrdquo 16 rdquomemrdquo 10247 rdquoinstancesrdquo 28 rdquocmdrdquo rdquocd varnetscalerbins sed -i rsquos Creating NSPPE
startup conf Read By PE Creating NSPPE startup conf Read ByPEnecho rdquo$NSIP $HOSTNAMErdquo gtgt etchostsrsquo
docker_startupsh bash -C docker_startupsh bashrdquo9 rdquoconstraintsrdquo [[rdquohostnamerdquo rdquoUNIQUErdquo]]10 rdquocontainerrdquo 1112 rdquotyperdquo rdquoDOCKERrdquo13 rdquodockerrdquo 1415 rdquoimagerdquo ldquo cpx111403rdquo16 rdquonetworkrdquo rdquoNONErdquo17 rdquoprivilegedrdquo true18 rdquoparametersrdquo [19 20 rdquokeyrdquo rdquottyrdquo rdquovaluerdquo rdquotruerdquo 2122 ]23 2425 26 27 rdquoenvrdquo 2829 rdquoNUAGE-ENTERPRISErdquo rdquoltnuage_enterprisegtrdquo30 rdquoNUAGE-DOMAINrdquo rdquoltnuage_domaingtrdquo31 rdquoNUAGE-ZONErdquordquoltnuage_zonegtrdquo
copy 1999-2020 Citrix Systems Inc All rights reserved 46
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
32 rdquoNUAGE-NETWORKrdquordquoltnuage_networkgtrdquo33 rdquoNUAGE-USERrdquordquoltnuage_usergtrdquo34 rdquoNS_MGMT_SERVERrdquordquoltNMAS_server_IPgtrdquo35 36 37 rdquolabelsrdquo 3839 rdquoNETSCALER_AS_APPrdquo rdquotruerdquo40 4142
Where
bull ltnuage_enterprisegt is the Nuage enterprise namebull ltnuage_domaingt is the Nuage domain namebull ltnuage_zonegt is the Nuage zone namebull ltnuage_networkgt is the Nuage network detailsbull ltnuage_usergt is the Nuage admin usernamebull ltNMAS_server_IPgt is the NetScaler MAS server IP address
Deploy NetScaler CPX in a Kubernetes Environment
September 6 2018
You can integrate NetScaler CPX into a Kubernetes deployment to load balance containerized applica-tions in a cluster environment For information on Kubernetes see httpkubernetesiodocs
In a Kubernetes environment NetScaler CPX replaces kube-proxy on the minions and balances theload across the containers in a pod When started with Kubernetes support NetScaler CPX starts upin the privileged host mode with a NetScaler IP address of 19216801 It clears the configuration andiptables on its host queries Kubernetes for the current state of the services and endpoints and listensfor events in the following event streams in the Kubernetes framework
bull Service channel NetScaler CPX uses the information in this channel to determine the numberof virtual servers required It creates a virtual server for each service and assigns a virtual IPaddress of 19216802 to each virtual server The virtual servers are differentiated based onan ephemeral port number that is selected from the 20000ndash30000 range NetScaler CPX alsocreates iptables rules to redirect traffic destined for the cluster IP address to the various virtualIP addresses
copy 1999-2020 Citrix Systems Inc All rights reserved 47
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
bull Endpoint channel NetScaler CPX uses the information in this channel to configure servicegroup members on a service group bound to the virtual IP address for load balancing of ap-plication instances
NetScaler CPX does not save the NetScaler configuration that it creates for the services
Note
The range fromwhich IP addresses are assigned to services must not conflict with the NetScalerIP address and the subsequent three IP addresses
The following figure illustrates how NetScaler CPX works in a Kubernetes environment
Before you begin installing the NetScaler CPX instance make sure you have the following
bull Docker is installed on the Linux host systemTo install Docker run the following command at the Linux shell prompt
1 curl ‒ ssl httpsgetdockercom | sh
For more information about Docker installation on Linux see httpsdocsdockercomengineinstallationubuntulinux
bull Docker host has Internet connectivitybull You are logged on as the root userbull Kubernetes environment is set up with all the cluster nodes configured
copy 1999-2020 Citrix Systems Inc All rights reserved 48
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
NetScaler CPX 111
bull Add the NetScaler CPX docker image to all the nodes in the Kubernetes environment
Note
You can use NetScaler CPX instance along with kube-proxy but you need to start the NetScalerCPX only after starting the kube-proxy and also you need to make sure that kube-proxy is notrestarted
To install NetScaler CPX instance in the docker host with Kubernetes set up run the following com-mand
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -ekubernetes_url=ldquo http101021032228080apirdquo cpxlatest
Note
If the 1921681024 network cannot be reserved for NetScaler CPX you can use any other subnetthat is free Assign the first IP address in that subnet as the NetScaler IP (NSIP) For example ifyou want to use 102030024 as the subnet run the following command
1 docker run -dt --privileged=true --net=host -e NS_NETMODE=rdquoHOSTrdquo -eNS_IP=10203041 -e kubernetes_url=rdquohttp102172121858080apirdquocpxlatest
copy 1999-2020 Citrix Systems Inc All rights reserved 49
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
LocationsCorporate Headquarters | 851 Cypress Creek Road Fort Lauderdale FL 33309 United StatesSilicon Valley | 4988 Great America Parkway Santa Clara CA 95054 United States
copy 2020 Citrix Systems Inc All rights reserved Citrix the Citrix logo and other marks appearing herein are property of
Citrix Systems Inc andor one or more of its subsidiaries andmay be registered with the US Patent and Trademark Office
and in other countries All other marks are the property of their respective owner(s)
Citrix Product Documentation | docscitrixcom May 15 2020
![Terminal CPX - Festo...Manual de la parte electrónica Nodo de bus CPX Tipo CPX−FB33 Tipo CPX−FB34 Protocolo de red PROFINETIO Terminal CPX Manual 548 761 es 0812a [743 955] Contenido](https://img.pdfslide.net/doc/110x75/5f34d0a98dafea6fde7083e1/terminal-cpx-festo-manual-de-la-parte-electrnica-nodo-de-bus-cpx-tipo-cpxafb33.jpg)
![Terminal CPX Bus node CPX-FB14 - Festo USA · Description CANopen network protocol 526410 en 1411d [8041138] Terminal CPX Bus node CPX-FB14](https://img.pdfslide.net/doc/110x75/5b4c9fef7f8b9ad1338b9f4c/terminal-cpx-bus-node-cpx-fb14-festo-usa-description-canopen-network-protocol.jpg)
![CPX Terminal...Manual electronics CPX control block Type CPX−SF34 Type CPX−SF35 PCWORX integrated Network protocol PROFINET IO CPX Terminal Manual 570 541 en 1007NH [748 167] Contents](https://img.pdfslide.net/doc/110x75/5f0378aa7e708231d4094b43/cpx-terminal-manual-electronics-cpx-control-block-type-cpxasf34-type-cpxasf35.jpg)
![CPX terminal · 2020-03-11 · Electronics manual CPX−Front−End Controller Type CPX−FEC CPX terminal Manual 538 475 en 0404NH [677 480]](https://img.pdfslide.net/doc/110x75/5f0a30077e708231d42a6f3f/cpx-terminal-2020-03-11-electronics-manual-cpxafrontaend-controller-type-cpxafec.jpg)
