Ns Release Notes

7/30/2019 Ns Release Notes

1/20

Citr ix NetScaler 9.1 Classic, 9.1 nCore, and 9.1 VPX Beta

Citrix NetScalerRelease Notes


2/20

Copyright and Trademark Notice

CITRIX SYSTEMS, INC., 2009. ALL RIGHTS RESERVED. NO PART OF THIS DOCUMENT MAY BE REPRODUCED OR

TRANSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK (SUCH AS TRANSLATION,

TRANSFORMATION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTEN PERMISSION OF CITRIX SYSTEMS, INC.

ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE ACCURATE, IT IS PRESENTED

WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE ALL RESPONSIBILITY FOR THE USE

OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS MANUAL.

CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT MAY OCCUR DUE TO THE USE OR

APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS DOCUMENT. INFORMATION IN THIS DOCUMENT IS SUBJECT

TO CHANGE WITHOUT NOTICE. COMPANIES, NAMES, AND DATA USED IN EXAMPLES ARE FICTITIOUS UNLESS

OTHERWISE NOTED.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits

for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against

harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-

frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio

communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be

required to correct the interference at their own expense.

Modifying the equipment without Citrix' written authorization may result in the equipment no longer complying with FCC requirements

for Class A digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to

correct any interference to radio or television communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused bythe NetScaler Request Switch 9000 Series equipment. If the NetScaler equipment causes interference, try to correct the interference by

using one or more of the following measures:

Move the NetScaler equipment to one side or the other of your equipment.

Move the NetScaler equipment farther away from your equipment.

Plug the NetScaler equipment into an outlet on a different circuit from your equipment. (Make sure the NetScaler equipment and your

equipment are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Citrix Systems, Inc., could void the FCC approval and negate your authority to operate the

product.

BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, and NetScaler Request Switch are trademarks of

Citrix Systems, Inc. Linux is a registered trademark of Linus Torvalds. Internet Explorer, Microsoft, PowerPoint, Windows and Windows

product names such as Windows NT are trademarks or registered trademarks of the Microsoft Corporation. NetScape is a registered

trademark of Netscape Communications Corporation. Red Hat is a trademark of Red Hat, Inc. Sun and Sun Microsystems are registeredtrademarks of Sun Microsystems, Inc. Other brand and product names may be registered trademarks or trademarks of their respective

holders.

Software covered by the following third party copyrights may be included with this product and will also be subject to the software license

agreement: Copyright 1998 Carnegie Mellon University. All rights reserved. Copyright David L. Mills 1993, 1994. Copyright

1992, 1993, 1994, 1997 Henry Spencer. Copyright Jean-loup Gailly and Mark Adler. Copyright 1999, 2000 by Jef Poskanzer. All

rights reserved. Copyright Markus Friedl, Theo de Raadt, Niels Provos, Dug Song, Aaron Campbell, Damien Miller, Kevin Steves. All

rights reserved. Copyright 1982, 1985, 1986, 1988-1991, 1993 Regents of the University of California. All rights reserved. Copyright

1995 Tatu Ylonen, Espoo, Finland. All rights reserved. Copyright UNIX System Laboratories, Inc. Copyright 2001 Mark R V

Murray. Copyright 1995-1998 Eric Young. Copyright 1995,1996,1997,1998. Lars Fenneberg. Copyright 1992. Livingston

Enterprises, Inc. Copyright 1992, 1993, 1994, 1995. The Regents of the University of Michigan and Merit Network, Inc. Copyright

1991-2, RSA Data Security, Inc. Created 1991. Copyright 1998 Juniper Networks, Inc. All rights reserved. Copyright 2001, 2002

Networks Associates Technology, Inc. All rights reserved. Copyright (c) 2002 Networks Associates Technology, Inc. Copyright 1999-

2001 The Open LDAP Foundation. All Rights Reserved. Copyright 1999 Andrzej Bialecki. All rights reserved. Copyright 2000

The Apache Software Foundation. All rights reserved. Copyright (C) 2001-2003 Robert A. van Engelen, Genivia inc. All Rights

Reserved. Copyright (c) 1997-2004 University of Cambridge. All rights reserved. Copyright (c) 1995. David Greenman. Copyright (c)2001 Jonathan Lemon. All rights reserved. Copyright (c) 1997, 1998, 1999. Bill Paul. All rights reserved. Copyright (c) 1994-1997 Matt

Thomas. All rights reserved. Copyright 2000 Jason L. Wright. Copyright 2000 Theo de Raadt. Copyright 2001 Patrik Lindergren.

All rights reserved.

Last Updated: May 2009


3/20

CONTENTS

Contents

Chapter 1 New Features and Enhancements

NetScaler 9.1 nCore Enhancements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Features With Improved Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Per-Core Statistics (nCore) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

NetScaler 9.1 VPX Enhancements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

NetScaler 9.1 Classic Enhancements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Chapter 2 Issues Fixed in this Release

NetScaler 9.1 nCore Resolved Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Chapter 3 Limitations

Features Not Supported in NetScaler 9.1 nCore . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Supported Features with Unchanged or Moderately Improved Performance inNetScaler 9.1 nCore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Chapter 4 Known Issues and Workarounds

Issues and Workarounds in NetScaler 9.1 nCore. . . . . . . . . . . . . . . . . . . . . . . . . . .11

Installation and Upgrade Issues and Workarounds . . . . . . . . . . . . . . . . . . . . . .11

General Issues and Workarounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Traffic Management Issues and Workarounds. . . . . . . . . . . . . . . . . . . . . . . . . .13

Other Configuration Issues and Workarounds . . . . . . . . . . . . . . . . . . . . . . . . . .13

Issues and Workarounds Common to NetScaler 9.1 Classic and 9.1 nCore. . . . . .15

Issues and Workarounds Common to NetScaler 9.1 Classic and 9.1 VPX. . . . . . .16

Issues and Workarounds in NetScaler 9.1 VPX. . . . . . . . . . . . . . . . . . . . . . . . . . . .16


4/20

iv Citr ix NetScaler 9.1 Classic, nCore, and VPX Beta Release Notes


5/20

CHAPTER 1

New Features and Enhancements

This chapter describes enhancements in the beta releases of NetScaler 9.1,

NetScaler 9.1 nCore (which introduces multiple CPU cores for improved

performance), and NetScaler 9.1 VPX (which introduces a software-onlyappliance). These release notes primarily discuss the NetScaler 9.1 nCore

software.

Note: You can determine your NetScaler type by looking at the build

information in the upper-right corner of the NetScaler browser window, or by

issuing the show ver si on command at the command line. The file extension

indicates the product type, for example, an nCore Netscaler has a .nc extension

and a classic NetScaler has a .cl extension.

In This Chapter

NetScaler 9.1 nCore Enhancements

NetScaler 9.1 VPX Enhancements

NetScaler 9.1 Classic Enhancements

NetScaler 9.1 nCore EnhancementsThe NetScaler nCore software uses multiple CPU cores for packet handling,

which greatly improves the performance of many NetScaler features.

Performance of the other available features is either somewhat improved or the

same as before the enhancement. A few previously supported features are not

supported in this release of the nCore NetScaler (see Limitations, on page 7),

but will be supported in the single-core 9.1 NetScaler and in future releases of thenCore NetScaler.

This version of the NetScaler nCore software is currently intended for use on the

MPX 15000 and MPX 17000.


6/20

2 Citrix NetScaler 9.1 Classic, nCore, and VPX Beta Release Notes

Features With Improved PerformanceThe following table describes features that exhibit improved performance due tothe introduction of multiple CPU cores.

Features With Improved Performance in This Release

Category Feature

Load Balancing, ContentSwitching, Link LoadBalancing

HTTP, TCP, FTP support

DNS

Monitoring (with a partial exception for User monitors, asdescribed in Known Issues and Workarounds, on page11)

Stateful Session Failover (SSF). High availability must be

configured

SSL SSL, SSL Offload

Networking IPv4

ACL

SNMP

Failover

Dynamic Routing (with the exception of dynamic routingfor IPv6)

Reverse Network Address Translation (RNAT)

Inbound Network Address Translation (INAT)

Security and Performancefeatures

Compression

HTML Injection

TCP Buffering

HTTP response body parsing (HTTP Pipelining)

Content Filtering

Responder

URL Rewrite

Body URL Transformation

Policies Classic Policies

Advanced Policies

Cache Redirection Cache Redirection

HTTP Service Callouts HTTP Service Callouts


7/20

New Features and Enhancements 3

Note: Web logs, historical charting, application templates, auditing, role-based

access control, and the Xen Desktop wizards are not throughput-intensive. These

features are fully supported in this release, but performance is not a salient factor.

Per-Core Statistics (nCore)In this release, the Reporting Tool for the nCore NetScaler displays statistics for

individual cores, which you select in the Counters dialog box. You can also

collect historical log data on a per-core basis in the newnslog file.

NetScaler 9.1 VPX EnhancementsNetScaler VPX is a virtual NetScaler appliance that is hosted on a XenServer.

NetScaler VPX distributes, optimizes, and secures Layer 4 - Layer 7 (L4-L7)

network traffic for Web applications.

NetScaler VPX performs application-specific traffic analysis to provide an

effective implementation of the enabled features. For example, a NetScaler VPX

makes load balancing decisions based on individual HTTP requests rather than on

the basis of long-lived TCP connections. This ensures that the failure or

slowdown of a server is managed quickly and with less disruption to clients.

Other features can be used to reduce load and simplify server-farm management

and to accelerate end-user performance.

NetScaler VPX, though installed on XenServer, appears to the administrator as a

separate physical NetScaler appliance with its own network identity, user

authorization, authentication capabilities, operating system version,

configuration, applications, and data. However, it shares physical resources with

other virtual machines.

NetScaler 9.1 Classic EnhancementsNetScaler 9.1 Classic enhancements will be documented in a later version of

these release notes.


8/20



9/20

CHAPTER 2

Issues Fixed in this Release

This chapter describes resolved issues in this beta release of NetScaler 9.1 nCore.

NetScaler 9.1 nCore Resolved IssuesIssue 58309: An internal logic error causes some timer-based functions to fail

after 49 days. Features that relied on timers stopped working at that time (for

example, logging).

Issue 57374: Several Perl modules that are required for server monitoring are not

present.

Issue 56685: The show t r ansf or m pr of i l e ProfileName commanddoes not not display the list of actions for the profile.

Issue 55835: The show t echsuppor t command does not return a response.

Issue 55612, 52115: SNMP processing can take up to 20 percent of CPUcapacity. In a large deployment, if you enable an SNMP alarm, the processing of

SNMP data can occupy as much as 20 percent of the CPU, and traps for request

rate, service request rate, and RX TX might not be generated.

Issue 54811: An earlier release note reported that Link Aggregation Control

Protocol (LACP) settings could not be disabled. However, this was a

configuration issue, not a bug. You can use LACP to aggregate a group of ports to

take advantage of the increased speed and redundancy of the aggregated

interfaces. Note that LACP is not currently supported. Use static Link

Aggregation instead of LACP.

Issue 54571:Newly-added virtual servers (vservers) can remain in Slow Start

mode for more time than was expected. In normal NetScaler operations,

immediately after you add a vserver a Slow Start phase is initiated in which the

vserver uses the default Round Robin method. Slow Start continues until the

vserver has received the number of HTTP requests that determines the end of this

phase. In this release, traffic is distributed across multiple cores and a vserver can

remain in slow start mode for additional requests.


10/20


Issue 50153: A Transparent SSL/SSL TCP service can be displayed as down on

some of the NetScaler packet engines even if you had bound a certificate. This

potentially leads to intermittent failure to establish a connection to the service.


11/20

CHAPTER 3

Limitations

This chapter describes known limitations in NetScaler 9.1 nCore.

In This Chapter

Features Not Supported in NetScaler 9.1 nCore

Supported Features with Unchanged or Moderately Improved Performance in

NetScaler 9.1 nCore


12/20


Features Not Supported in NetScaler 9.1 nCoreThe following table lists the features that are not supported in this release.

NetScaler Features That Are Not Supported in the 9.1 nCore NetScaler

Category Feature

Traffic Management All of GSLB, as described in the Global Server LoadBalancing chapter in the Citrix NetScaler Traffic

Management Guide.

Real Time Streaming Protocol (RTSP) support for a loadbalancing service or vserver, as described in the LoadBalancing chapter in the Citrix NetScaler Traffic

Management Guide.

Link load balancing persistence, as described in the Link

Load Balancing chapter in the Citrix NetScaler TrafficManagement Guide.

Policies that examine the traffic rate and their use in trafficrate limiting, redirection, and other features, as described inthe Traffic Rate chapter in the Citrix NetScaler Traffic

Management Guide.

Connection failover for a load balancing virtual server, asdescribed in the Load Balancing chapter in the Citrix

NetScaler Traffic Management Guide.

NetScaler Push (scaling of Web 2.0 applications that usereverse Ajax or Comet-style communication), as describedin the NetScaler Web 2.0 Push chapter in the Citrix

NetScaler Traffic Management Guide.

Diverting excess traffic to a backup vserver using theSpillover parameter, as described in the Load Balancingand Content Switching chapters in the Citrix NetScalerTraffic Management Guide.

Maximum bandwidth settings for a service, as described inthe Load Balancing chapter in the Citrix NetScalerTraffic Management Guide.

Masking vserver IP addresses, as described in the LoadBalancing chapter in the Citrix NetScaler Traffic

Management Guide.

Support for load balancing using Server/Application StateProtocol (SASP), as described in the Load Balancingchapter in the Citrix NetScaler Traffic Management Guide.

SSL SSL-FIPS acceleration, as described in the Secure SocketsLayer (SSL) Acceleration chapter in the Citrix NetScalerTraffic Management Guide.

Networking Link Aggregation Control Protocol (LACP), as describedin the Interfaces chapter in the Citrix NetScaler Traffic

Management Guide.


13/20

Limitations 9

Supported Features with Unchanged or ModeratelyImproved Performance in NetScaler 9.1 nCore

The following table shows features that are fully functional but whose

performance is not substantially improved in this release.

System SureConnect, as described in the SureConnect chapter inthe Citrix NetScaler Application Optimization Guide.

Priority Queueing, as described in the ProtectionFeatures chapter in the Citrix NetScaler ApplicationSecurity Guide.

Denial of Service Protection, as described in theProtection Features chapter in the Citrix NetScaler

Application Security Guide.

Application Firewall No supported features.

Infrastructure AAA for Traffic Management, as described in theAuthentication Authorization Auditing (AAA) forApplication Traffic chapter in the Citrix NetScalerSecurity Guide.

NetScaler Features That Are Not Supported in the 9.1 nCore NetScaler

Category Feature

NetScaler Features that Are Unchanged or Somewhat Improved in NetScaler 9.1 nCore

Category Feature

Networking Support for IPv6, as described in the IP Version 6chapter in the Citrix NetScaler Networking Guide.

Support for Link Aggregation, as described in theConfiguring Link Aggregation chapter in the Citrix

NetScaler Networking Guide.

Infrastructure Authentication, Authorization, and Auditing (AAA), asdescribed in the Citrix Access Gateway Enterprise Edition

Administrators Guide.

Access Gateway Access Gateway Enterprise Edition, as described in theCitrix Access Gateway Enterprise Edition AdministratorsGuide.

Caching Integrated Caching, as described in the Integrated

Caching chapter in the Citrix NetScaler ApplicationOptimization Guide.

Load Balancing, ContentSwitching, Link LoadBalancing

Maximum Client parameter


14/20


Other features that are notthroughput intensive

Web logs, historical charting, application templates,auditing, role-based access control, and the Xen Desktopwizards.

NetScaler Features that Are Unchanged or Somewhat Improved in NetScaler 9.1 nCore

Category Feature


15/20

CHAPTER 4

Known Issues and Workarounds

The following are known issues in this beta release. Where applicable,

workarounds are provided.

In This Chapter

Issues and Workarounds in NetScaler 9.1 nCore

Issues and Workarounds Common to NetScaler 9.1 Classic and 9.1 nCore

Issues and Workarounds Common to NetScaler 9.1 Classic and 9.1 VPX

Issues and Workarounds in NetScaler 9.1 VPX

Issues and Workarounds in NetScaler 9.1 nCoreThis section discusses issues related to installation, traffic management,

configuration, and general issues and workarounds.

Installation and Upgrade Issues and WorkaroundsIssue 58483. The installation script prompts you to delete the /var directory if

additional swap space is required.

During installation, you are prompted to delete the /var directory if the swap

partition is smaller than 32 GB. If you receive this prompt, do the following:

1. Type N.

2. Save important files in /var to a backup location.

3. Reconfigure the swap partition (and /var).

4. Re-run the installation script.

Important: Do not typeY in response to this prompt before backing upimportant core and log files in /var. TypingY deletes the /var directory.

Issue 51295. The upgrade script issues error messages regarding invalid variable

names.


16/20


You can configure an HTML Injection variable with an invalid name. If you do

this, no error message is generated at variable creation time. You will see an error

after upgrading if, for example, a filter action uses the variable with the invalid

name.

General Issues and WorkaroundsBug 61306. The NetScaler may crash if Selective Acknowledgement (SACK) is

enabled and the NetScaler experiences an out-of-memory condition.

Issue 61016. Chelsio 1Gb NICs do not advertise link parameters if the link speed

is set to 10 or 100 Mbps and duplex is FULL.

Workaround: Do one of the following:

Disable auto-negotiation of the link partner and set its link parameters to

10/100, Full Duplex.

Set the Netscaler port parameters to speed 10/100 duplex AUTO.

Set the Netscaler port parameters to speed AUTO duplex FULL.

Set the Netscaler port parameters to speed AUTO duplex AUTO.

Issue 61010. In the Monitoring application in the NetScaler GUI, the number of

SSL cards is incorrect in the System Overview page. Similarly, the stat ns command will show you incorrect number of SSL cards.

Workaround: View the number of SSL cards using the SSL monitoring page or

the stat ssl command.

Issue 57261. The st at cpu command may not display all CPUs.

On a multi-core NetScaler, this command typically displays information for eight

different cores. In this release, the information on CPU 0 (the management core)

does not appear, and the other CPUs may not be listed in numeric order.

Issue 54366.None of the nsapimgr- B commands is supported.

These commands are not supported. The following are examples of nsapimgr

commands:

nsapi mgr - B"cal l ns_pi _err or _show( 0x2) "

nsapi mgr - B"w l dns_use_RR 2"

Issue 54112. The same pages can be selected multiple times during memory

recovery, leading to failure of the memory recovery.

This issue typically occurs after a surge if there were long-lived connections or

object scattered across pages in the connection pool before the surge.

Issue 48907. NetScaler online help does not work in a Safari browser running on

Windows.


17/20

Known Issues and Workarounds 13

If you access a help topic from a configuration utility pane or dialog box, you

may receive a 404 (file not found) error. You may also be unable to access the

help Table of Contents. The work-around is to use another Windows-based

browser.

Traffic Management Issues and WorkaroundsThe following are issues in load balancing, link load balancing, content

switching, and service monitoring.

Issue 59391. For any configured load balancing method, if a load monitor is

bound to a service and if the monitor probes fail or the monitor threshold is

reached, the service is excluded from load balancing. If the probes fail for all the

services bound to the vserver, the vserver sends a 500 error response despite the

state of the services.

Issue 57309. When you add a service having an IPv6 address, the service remains

in the UP state even if you do not enable the USNIP mode. This is because the

concept of MIP IPv6 addresses does not exist in the NetScaler operating system,

and therefore, the NetScaler looks for SNIP IPv6 addresses irrespective of the

state of the USNIP mode.

Issue 56915: Link load balancing persistency is not working.

You cannot configure link load balancing persistency in this release.

Other Configuration Issues and WorkaroundsIssue 61331. If the certificate-key pair of a transparent service is updated, the

service is displayed as DOWN. To display the service as UP, unbind and re-bind

the monitor to the service.

Issue 61063. When using the configuration utility to create an SSL key or

certificate, a high availability master may cause a failover.

Workaround: Create the DH key by using the command-line interface.

Issue 60980. The default value for the useproxyport parameter is YES, which

enables the NetScaler to use the proxy port to connect to the server when use

source IP address (USIP) is enabled. To use the client port to connect to the server

when USIP is enabled, set the useproxyport parameter to NO.

Issue 60838. If a cipher or certificate-key pair on a vserver or a service of type

SSL is modified when the SSL traffic is flowing through the vserver or service,the NetScaler Packet Engine may fail because of memory corruption.

Issue 60173. The Open Shortest Path First (OSPF) Version 3 dynamic routing

protocol is not supported on the NetScaler nCore platform.

Issue 59735. The show cache obj ect l ocat or locator_idcommand does not display the object properties.


18/20


Issue 56952. If multiple instances of a dynamic service exist on different packet

engines, and the sh service -a command is run at the NetScaler command prompt,

every instance of the dynamic service is displayed.

Issue 57309. IPv6 service remains in an UP state.

When you add a service of type IPv6, the service remains in an UP state even if

you do not enable USNIP mode. This is because the concept of MIP IPv6

addresses does not exist in NetScaler and therefore, the NetScaler looks for SNIP

IPv6 addresses irrespective of the state of the USNIP mode.

Issue 55682. Advertising full duplex from the Netscaler results in incorrect

duplex setting on the peer.

In a NetScaler topology, you can set a speed and a duplex mode, as in the

following example:

set i nt er f ace 1/ 4 - speed 10 - dupl ex f ul l - f l owcont r ol RXTX

However, if you configure the NetScaler to advertise a 10Mbps full-duplex mode

interface, a peer device that advertises 10Mbps auto-duplex mode may not

recognize and implement the correct duplex setting. The same problem can occur

when the Netscaler advertises 100Mbps. This issue has been seen on the

following platforms, which use Chelsio 1G cards:

NetScaler 15000: eight 1G interfaces

NetScaler 17000 (28G): eight 1G interfaces

Issue 55119. The CPU, Memory, Throughput, HTTP Requests, and System

Events statistics on the Monitoring tab are not present in this Beta release.

These options have been temporarily removed.

Issue 54839. Chelsio drivers do not automatically negotiate flow control

parameters.

Ordinarily, when there is congestion on the Ethernet between the NetScaler and a

peer device, flow control functionality stops packet transmission from the

NetScaler. However, with the interface cards used in the following NetScaler

models, you must manually activate flow control on the NetScaler and its peer

device:

NetScaler 12000: two 10G interfaces

NetScaler 15000: two 10G interfaces and eight 1G interface

NetScaler 17000 (28G): two 10G interfaces and eight 1G interfaces

NetScaler 17000 (40G): four 1G interfaces

The following command establishes flow control:

set i nt erf ace interface_name - f l owcont r ol OFF| RX| TX| RXTX


19/20

Known Issues and Workarounds 15

Issues and Workarounds Common to NetScaler 9.1

Classic and 9.1 nCoreIssue 60249. Binding a responder policy to a content switching vserver produces

a different result in NetScaler versions 9.0.x and later than in 8.x versions. In

NetScaler 9.0 and later versions, evaluation occurs as follows:

Content switching policies are evaluated before other policies. If a content

switching policy evaluates to TRUE, the target load balancing vserver is

selected and any responder policies that are bound to the target vserver are

evaluated.

If all content switching policies evaluate to FALSE, the default load

balancing vserver under the content switching VIP is selected, and

responder policies that are bound to the default load balancing vserver are

evaluated.

After a target load balancing vserver is selected by the content switching process,

responder policies are evaluated in the following order:

1. Responder policies that are bound to the global override bind point.

2. Responder policies that are bound to the default load balancing vserver.

3. Responder policies that are bound to the target content switching vserver.

4. Responder policies that are bound to the global default bind point.

To be sure that the policies are evaluated in the intended order, follow these

guidelines:

Make sure that the default load balancing vserver is not directly reachable

from the outside; for example, the vserver IP address can be 0.0.0.0.

To prevent exposing internal data on the load balancing default vserver,

configure a responder policy to respond with a 503 Service Unavailable

status and bind it to the default load balancing vserver.

The following is an example of a default load balancing vserver that is bound to a

content switching VIP named cs-vserver.

add l b vser ver " def aul t - l b- vser ver " HTTP 0. 0. 0. 0 0 - persi st enceTypeNONE - cl t Ti meout 180

bi nd l b vser ver " def aul t - l b- vser ver " svc1

bi nd cs vser ver " cs- vser ver " "def aul t - l b- vser ver "

The following is a responder policy that returns a 503 Service Unavailable

status message when there are no matching responder policies. This policy is

bound to the default load balancing vserver.


20/20


add r esponder acti on "ser vi ce- unavai l abl e-act i on" r espondwi t hq{"HTTP/ 1. 1 503 Ser vi ce Unavai l abl e\ r \ nCont ent -

Lengt h: 62\ r \ nConnect i on: cl ose\ r \ n\ r \ nHt t p/ 1. 1Ser vi ce Unavai l abl e "}

add r esponder pol i cy "servi ce- unavai l abl e- pol i cy" " t r ue" " ser vi ce-unavai l abl e- act i on"

bi nd l b vser ver "def aul t - l b- vser ver " - pol i cyName "ser vi ce-unavai l abl e- pol i cy" - pri or i t y 1 - got oPri ori t yExpressi on END

Issues and Workarounds Common to NetScaler 9.1Classic and 9.1 VPX

Issue 61269. If the state of an HTTP monitor is UNKNOWN, the service is

displayed as DOWN.

Issue 61268. On a TCP content switching vserver, if you configure advanced

Content Switching policies, a st at cs vser ver vip command alwaysreturns 0 requests per second. HTTP-based content switching vservers are not

affected.

Issue 61337. In a load balancing setup for FTP traffic, if the use source IP address

(USIP) and the -useproxyport parameter are configured on a service with a port

range from 1025 through 1030, the NetScaler sends a Service Unavailable error

when the active FTP session is established.

Issue 61020. An SNMP multi varbind GET-NEXT REQUEST yields incomplete

response from the NetScaler.

Issue 60972. The NetScaler may fail when a large number of entities are

configured on a NetScaler 7000 platform.

Issue 60172. If a secure parameter value is configured as YES for the remote

procedure call (RPC) nodes of the GSLB sites, and GSLB synchronization is

initiated on the GSLB sites involved in the configuration, the synchronization

fails with an error.

Issues and Workarounds in NetScaler 9.1 VPXIssue(no number). The Documentation tab in the configuration utility lists

several Quick Start guides that describe the hardware version of the NetScaler.These guides are not applicable to the NetScaler VPX.

Documents

Ns Release Notes