netscaler 10 learn configure

NetScaler 10 – Learn to configure, and

upskill in this latest feature packed

release

Self-paced exercise guide

Citrix Virtual Classroom Table of Contents

Overview............................................................................................................................................................. 3

How to log in to your lab ................................................................................................................................. 4

Exercise 1: Upgrade your NetScaler ............................................................................................................... 6

Exercise 2: Networking – Network Profiles ................................................................................................. 8

Exercise 3: ICMP based on VServer Health ............................................................................................... 11

Exercise 4: DataStream Responder .............................................................................................................. 14

Exercise 5: DataStream Caching ................................................................................................................... 21

Exercise 6: Action Analytics .......................................................................................................................... 26

Exercise 7: DNS Response Rewriting .......................................................................................................... 30

Exercise 8: AutoScale Domain Based Service ............................................................................................. 34

Citrix Virtual Classroom Overview

Hands-on Training Module

This training module has the following details:

Objective Provide hands on experience in the configuration and use of the NetScaler 10 features, with a focus on DataStream, Action Analytics, and various DNS enhancements.

Audience Primary: NetScaler administrators

Lab Environment Details

Below you can find the lab architecture.

This is an isolated environment, so all attendees will use the same IP addresses in the Private Network

(blue). The servers you will actually need for this lab are highlighted below.

Required Lab Credentials

Here are the login credentials required to connect to the lab environment.

Machine Username Password

XenServer root (Supplied)

Win7Client Training\administrator Citrix123

NetScalerVPX nsroot nsroot

All Windows Servers Training\administrator Citrix123

MySQL Login netscalersql netscaler

Apache_MySQL root c!tr!x

Citrix Virtual Classroom How to log into the lab environment

The self-paced lab environment is hosted on a cloud-based Citrix XenServer. Connecting to your

server from the portal page is as easy as 1-2-3.

Step-by-step login instructions

Step Action

1. Once logged in at the self-paced portal, click the Start lab button to launch a connection to

published XenCenter.

2. When XenCenter loads, right-click the XenCenter node and select Add.

3. On the Add New Server screen enter the XenServer IP address provided on the portal

and in the Password field enter the password provided on the portal. The user name will

always be root.

Your lab desktop – this is important!! If you don’t follow the steps below, you may experience slow mouse movements, keystrokes, and screen updates.

When all the servers are started, you should select the “Win7Client” VM and click on the “Console”

tab. Wait for approximately 30 seconds. It should automatically switch to “Remote Desktop”. If it says

“Switch to Default Desktop” then it is already using Remote Desktop, and you can leave it as is. It

will prompt you to log in once it switches to Remote Desktop. Please use training\administrator and

Citrix123 to log in.

All of the lab exercises should be completed from within the Win7Client. You will get the best

experience if you go to console-fullscreen in XenCenter on the Win7Client VM. You can toggle this by

entering Ctrl+Alt on your keyboard when at the console. This is what it should look like:

If you see XenCenter prompting you to “Switch to Remote Desktop” – it means you are using the

default desktop access method, which we recommend against.

Lab walkthrough – Only if you encounter

issues.

Overview

If you are encountering problems in the lab, and are stuck at one particular point, you have the option of

using our cheatsheet which is located in the root of the C:\ on the Win7Client Virtual machine.

Step by step guidance

Each lab is labeled in the text file. You need only open PuTTy (the SSH client), log in, and copy and paste

the relevant lines from the textfile into the CLI.

In order to find out where you went wrong, save the configuration. In PuTTY, type the command:

clear conf full

Now you can copy and paste all the commands (excluding the upgrade) up to the lab you encountered

trouble. You should now see the correct functionality. Save the config.

In the NetScaler GUI, you can click on System Diagnostics Configuration Difference

Now choose saved config as the second file, and ns.conf.0 as the first file like below. This will show you

the configuration differences

between the two files, and you will

hopefully see where you went astray.

Exercise 1: Upgrade your NetScaler

Overview

In this exercise you will perform a manual upgrade from NetScaler 9.3 to NetScaler 10 using the CLI.


Estimated time to complete this lab: 5 minutes.

Step Action

1. Launch Putty.exe from the desktop and connect to the saved session „NetScaler‟ by double

clicking it.

2. Login with the username \ password of nsroot \ nsroot.

3. Type „show version‟ to see the NetScaler version

4. Type „shell‟ and press enter.

5. Type „cd /var/nsinstall/10/70.7/‟ and press enter.

6. Type „tar –xvzf build-10.0-70.7_nc.tgz‟ and press enter.

7. Type „./installns‟ and press enter

8. Press „Y‟ when it prompts you to reboot.

9. It should take approximately 3 minutes to complete the reboot.

10. Open Firefox, and login to Configuration Utility. Verify the version and build no.

Summary

Key

Takeaways

The key takeaways for this exercise are:

Upgrading a NetScaler using the command line

NOTES This upgrade required that the firmware was already loaded onto the appliance. You

can download the latest firmware from the citrix.com site providing you have a valid

support agreement. You can use SCP (or WinSCP) to load firmware onto the

appliance. Always place it in the /var/nsinstall directory.

It‟s a good practice to create a sub directory in /var/nsinstall with the version

number, and within that, a further subdirectory with the build number, as shown on

your appliance (e.g. /var/nsinstall/10/70.7/)

You may also use the Upgrade Wizard available by clicking on the „System‟ node in

the configuration utility. This can perform the upgrade from firmware located on the

appliance, or your local computer or a remote FTP server.

Exercise 2: Networking – Network Profiles

Overview

In this exercise you will configure some network profiles and demonstrate this functionality by browsing

different VServers, connected to the same back end server, and see different SNIPs being utilised.

Usually, when using multiple SNIPs in the same subnet to talk to back end servers – the appliance will

„round robin‟ on SNIP choice so all the ports don‟t get exhausted on one SNIP when the others are not

being used. However, sometimes a more granular control is required. Please see the powerpoint for use

cases.



Step Action

1. The system will have one SNIP pre-configured. This is 192.168.10.90. We should create a

second SNIP on the appliance for

this lab exercise. Navigate to the

following node in the NetScaler

configuration utility:

“Networks” “IP” “Add”

and enter 192.168.10.21 /

255.255.255.0

2. Click “Create” “Close” to add the SubNet IP.

3. Now click on “Network” “Net Profiles” Add, and create the first Network Profile.

Give it a name of “Subnet-90”.

4. Choose the IP ending in 90 from the dropdown, and click “Create”.

Step Action

5. The profile will be created, but the window will remain open, ready to create additional

Network Profiles. Change the name from “Subnet-90” to “Subnet-21” and choose the IP

address ending in 21 from the dropdown.

6. Click “Create”, and then click “Close”.

7. Right click on the yellow circle beside Load Balancing and right click to enable the feature.

8. Navigate to “Load Balancing” Services and click “Add”

9. Enter „Web1‟ as the service name, 192.168.10.50 as the IP, and leave the protocol and port

set to HTTP and port 80 respectively.

Click “Create” – we‟ll let the service bind a default monitor for now.

10. Navigate to “Virtual Servers” under the “Load Balancing” node and click “Add”.

11. Give the Virtual server the name “Vserver-25” and the IP address 192.168.10.25.

Activate (bind) the configured service “Web1”. Do NOT click “Create” yet.

12. Select the “Profiles” Tab, and choose “Subnet-90” from the “Net Profile” drop down list.

Now click “Create”. The VServer entity will be created, but the window will remain open.

13. Change the “Net Profile” value to “Subnet-21”

14. Change the VServer IP address to 192.168.10.26.

Step Action

15. Change the Vserver name to “Vserver-26”.

Click “Create” and then click “Close”.

16. Open a new tab on your browser, and enter the following URL:

http://192.168.10.25/show-ip.asp

This page dynamically displays the IP address that the web server sees the request coming

from. Confirm it displays the IP ending in 90.

17. Enter the following URL:


Confirm it displays the IP ending in 21.

18. Enter the following URL:


Confirm it displays the IP ending in 15.

This is because you are connecting directly to the web server from your client, and by-

passing the NetScaler. 192.168.10.15 is your client IP address.

Summary

Key

Takeaways


Creating Network profiles – and binding them to Vservers

They can also be bound to a service, service group, and monitor too.

NOTES The page used on the webserver is a simple page to display the incoming IP address.

There is another page in the root of the webserver called „/all-headers.asp‟.

This does a complete dump of ALL headers and available server variables – a useful

diagnostic troubleshooting page when you want to see what the web server is

receiving from the web server.

There is also a page called /all-headers.php to display the same content.

The source code of these files is located in the „files‟ folder on the Win7Client

desktop, and is yours to take away and use.




Exercise 3: ICMP based on VServer Health

Overview

In this exercise you will allow the VServer health to decide if the NetScaler responds to ICMP for a

particular IP address.



Step Action

1. Navigate to “Network” “IPs” and double click the IP 192.168.10.25

2. Choose ALL_VSERVERS from the ICMP Response drop-down.

Click OK.

3. Open a command prompt by clicking “Start”, enter “cmd” in the searchbox and press

return.

4. Enter the command:

ping –t 192.168.10.25

and press enter.

5. Navigate to “Load Balancing” “Virtual Servers” , click ONCE on Vserver-25, and click

“Add”. (This is how we can add a new Virtual Server, using an existing entity as a template.)

Step Action

6. Change the name to “VServer-25-8080”, change the port to 8080, and make sure to activate

the Service Web1. Click “Create” and then “Close”.

7. You now have two VServers configured on 192.168.10.25 listening for HTTP traffic.

8. Disable 1 VServer by right clicking it and selecting “Disable” and clicking “Yes”.

9. Check your command prompt – you should notice that the VServer is no longer responding

to ICMP. This is because the IP address 192.168.10.25 has a „DOWN‟ VServer associated

with it.

10. Return to the NetScaler configuration utility and expand “Networking” “IPs”

11. Double click the IP 192.168.10.25 and choose ONE_VSERVER & Click “OK”.

Step Action

12. Return to the DOS command prompt, and you will see the appliance responding to ICMP

again. This is because ICMP will now respond if at least ONE Vserver associated with the

IP address is UP.

Summary

Key

Takeaways


Controlling ICMP behavior based on the health of the VServer.

Demonstrating the difference between ONE_VSERVER and

ALL_VSERVER.

NOTES When the same functionality is used for ARP – what would be the impact of setting

the ARP response to ONE_VSERVER if one of the VServers became unhealthy.

Think in terms of existing traffic, and traffic in 10, 20 or 30 minutes time.

Exercise 4: DataStream Responder

Overview

In this exercise we will create a Responder message to respond with an error if someone attempts to send

the „drop‟ command through a NetScaler MySQL VServer. You will need to create the MySQL monitor,

MySQL Service, & LB VServer entities yourself. It is very important that you configure the MySQL ECV

monitor correctly as the MySQL engine will start rejecting requests from a client who just performs the

TCP handshake, like the TCP Monitor.



Step Action

1. Firstly, we are going to add the database user to the NetScaler configuration. Expand the

System node, and click on “Database Users”.

Create a user called: netscalersql

Use the password : netscaler

for this user.

2. Navigate to “Load Balancing” Monitors and click “Add”. Choose “MySQL-ECV” as

the type (NOT “MySQL”) and call the monitor MySQL-Custom-Monitor.

Make sure to set the Network Profile on the Monitor. (Subnet-90)

The MySQL DB server only allows connection from the netscalersql user to come from this

IP address.

Step Action

3. Click on “Special Parameters” and enter the following information:

Database: imdb

Query: select * from actors where actors.last_name = "Pacino";

Username: netscalersql

Rule: MYSQL.RES.ATLEAST_ROWS_COUNT(1)

Click “Create”.

How does this monitor decide on the health of the service?

4. Navigate to “Load Balancing” “Virtual Servers”. Ensure that you have not clicked on

any of the existing Virtual Servers. Click on “Add”. Choose MySQL as the protocol, enter

192.168.10.30 as the Virtual Server IP, 3306 for the port, and use the name “MySQL-

Vserver” for the Vservername.

5. It is important that the MySQL database server receives requests over a specific IP address,

as this is how security grants are administered. Click on the “Profiles” tab and choose the

profile associated with the subnet IP address ending in 90.

Step Action

6. Click the “Services” tab.

Click on “Add” at the bottom of this window to create a MySQL Service „on the fly‟.

Choose MySQL as the protocol, enter 192.168.10.13 as the Server, 3306 as the port, and call

it MySQL-Svc.

Bind the monitor MySQL-Custom-Monitor to the service, and click Create.

7. The Service should now be visible and active in the “Create VServer” window, and the

service should be „up‟. If not, then move to step 9.

Click “Create” and Close.

8. Navigate to the “Services” node beneath “Load Balancing”.

Open the Service and click on the monitor to verify that it has a „Success‟ status.

If there is an error, you may need to wait a minute for the service to re-check the health and

report the correct message as indicated above.

Close the Service Window.

Step Action

9. Enable the Responder Feature. (Right Click the yellow circle and choose „Enable‟).

Navigate to the “Responder” Feature Actions. Click on “Add”.

Give it a name of “No-Drop” and choose “Respond with SQL Error” from the drop down.

Enter some text into the “Target” window – along the lines of:

The Drop command is not allowed to be executed through the Load Balanced VServer e.g.

(No quotation marks required)

Click “Create” and “Close”.

10. Click on “Policies” under the “Responder” feature, and click “add”.

11. Enter “MySQL-Pol-No-Drop” as the Responder name.

Choose “No-Drop” from the Action drop down list.

12. Click once in the expression field, hold down CTRL and press the space bar. Choose

MySQL and double click.

Now press the full stop (period) and use the expression builder to create the following

expression:

MYSQL.REQ.QUERY.COMMAND.EQ("drop")

13. Click “Create” and “Close”.

14. Click on the Policy Manager button at the bottom of the window.

15. Choose MySQL from the drop down in the top left hand corner of the Policy Manager

window.

Step Action

16. Click on LB Virtual Server, and double click on “MySQL-VServer” so that the “Insert

Policy is activated, like below.

17. Click “Insert Policy” and choose the Responder policy you just created, MySQL-Pol-No-

Drop. There should only be ONE entry in the bind responder policy window. If you added

a second policy by mistake, ensure you remove it before clicking “Apply Changes”

18. Click “Apply Changes” and click “Close”. Choose “Yes” if prompted to save your changes.

19. The VServer is now ready to receive requests from any MySQL Client.

20. We‟re going to use a graphical client to connect to the LB VServer.

Click on “Start” “Programs” and scroll up to click on “HeidiSQL”

Step Action

21. The Connection settings should be pre-populated. Click on “Open”

22. You should see a list of available tables. Click on the “Query” tab:

If Heidi does not connect, then you can check the troubleshooting section at the end of this

exercise.

23. Enter the following text into the text field, and click the blue “Play” symbol to the upper

right: drop database test;

24. This sends the command to the database. The responder policy should pick this up, and you

should see the response:

25. Click “Ok” and minimise the HeidiSQL Client, and return to the NetScaler configuration

Utility.

Summary

Key Takeaways The key takeaways for this exercise are:

Using Responder, you can choose to send a response to any MySQL or MS-

SQL request. You simply need to choose what commands\ strings\

arguments trigger the Responder in the Responder policy

You can choose to respond with an Error or an OK message.

Troubleshooting

NOTES

If you bind a TCP monitor to a MySQL service, there is a good chance that the

MySQL server will blacklist that IP address. MySQL does not like receiving a TCP

handshake, and then no data. So – if the monitor on the service is not coming up,

and you DID bind a TCP monitor by mistake, then you will need to reboot the

MySQL server once the correct monitor is bound. There is a way to do this using

the MySQL command prompt, but rebooting the MySQL1 server from XenCenter

is by far the fastest way to reset it. (It should only take about 30-40 seconds).

We have noticed that many people experienced issues with this lab because they

chose MSSQL as the protocol in either the VServer, Service or Monitor. You must

use MySQL. MSSQL is a totally different protocol, and they are not interchangeable.

If you need to change a service or VServer protocol, you will have to remove the

entity and add it again.

Exercise 5: DataStream Caching

Overview

In this exercise you will configure a Cache Selector (mandatory for DataStream caching),a Cache Content

Group, and a Cache Policy. There is a contrived query that we will run on the database which can take up

to 1 minute to complete. Once we cache this response on the appliance, the time taken drops to less than

1 second. There is a web application designed to run this query against the database and display the results,

along with the response time and the query used. You may use the HeidiSQL client as well if you want to

by-pass the web application.



Step Action

1. Firstly, open a new tab in the web browser and go to http://192.168.10.26/.

Click on the MySQL lab link at the bottom of the page:

2. You will see a page where you can submit an IP address. This is set to the MySQL VServer

IP configured earlier by default. You can change the IP by entering a new one and clicking

Submit‟ – but there is no need to do so if you‟ve used the suggested IP addresses in

previous labs. This IP address will be used as the Database Server IP address that the web

application will send a MySQL query to.

3. Once you are satisfied that your NetScaler MySQL VServer is up and listening for requests,

click the link to execute the long query. If the page displays the message “MySQL Server has

gone away” – please hold down Shift and press F5. If it continues to display the error

message, check the status of the monitor bound to the service and call over one of the

facilitators.

4. Look at the bottom of the browser to check if the page is loading. If you see:

and then you know that the page is

loading, please have patience! It will take approximately 1-2 minutes to run. You can

continue with the lab while you are waiting (step 6), but check back after a minute to make

sure there are no errors.

5. Once the page has full loaded you will see the table, along with the query used, and the

execution time. This value is taken using PHP which starts a counter before the query, and

after the last byte of response is received from the MySQL VServer.

http://192.168.10.26/

Step Action

6. Now we will set up the caching configuration. This is one of the few features we choose to

leave DISabled while we configure it. (See why in the notes at the end of this lab.)

7. Unlike HTTP – a cache selector is mandatory for Database Response caching. In the

NetScaler configuration, browse to “Integrated Caching” and drill down to “Cache

Selectors”. Click Add.

8. Give it a name of DB-Query, and choose the following expression:

MYSQL.REQ.QUERY.TEXT

Click “Add” and then click “Create”, and then click “Close”.

9. Next we will create our Content Group. Expand "Content Groups” and click “Add”.

10. Choose MySQL as the type, and give it a name like “MySQL-Cache”.

11. Choose “Expire Content After” - 500 seconds.

12. Click on the “Paramaterization” tab and choose the Hit Selector you just created from the

drop down.

Step Action

13. Click on the Memory tab and enter 2000 for the “Do Not Cache if size Exceeds” value.

Click “Create” and click “Close”.

14. Click on Policies, and click on “Add”.

15. Give it a name like : Cache-MySQL-Reqs, choose your newly created content group from

the drop down, and enter the following expression:

MYSQL.REQ.QUERY.COMMAND.CONTAINS("SELECT")

Click “Create” and then click “Close”.

16. Click once on the “Integrated Cache” feature on the left hand side. In the right hand pane,

you should see the global settings for this feature.

Click “Change Cache Settings” and set the “Memory Usage Limit” to 100.

Click OK.

17. Right click the yellow circle beside Integrated Cache and choose “Enable Feature”.

Step Action

18. Expand “Load Balancing” Virtual Servers and open the MySQL Virtual server by double

clicking it. Click on the “Policies” tab, and choose “Cache (Request)”. Click “Insert Policy,

and choose the MySQL Cache policy that you just created.

Click “Ok”

19. Now, return to your Web Application and

refresh the page once. It should take

approximately 1 minute again to retrieve

the data. Now click Refresh once more,

and the load time should reduce

dramatically.

Summary

Key

Takeaways


Configuring Integrated Cache to cache database responses requires 4 main

configuration points:

1. Cache Selector

2. Content Group

3. Policy

4. Policy Binding

Global Cache settings (Cache Memory Allocation) must be set to a value

otherwise the object will never enter then cache, but the cache policy will

register a hit.

NOTES Caching is configured with the feature disabled because objects may go into the

cache while you are configuring the feature. You might add configuration to not

cache those objects, and it will not retrospectively view objects in the cache. Results

of this are not predictable – the worst case scenario being that objects you don‟t

want to cache DO get cached. When changing a cache configuration, it is

recommended to disable the feature, make the change, flush all cache objects, and

re-enable the feature again.

Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If

this happens, please switch to Chrome, where the issue should not occur.

Exercise 6: Action Analytics

Overview

In this exercise we will use real time streaming stats to impact the configuration on the appliance, allowing

it to dynamically choose the most efficient configuration. We will use the Integrated Cache feature to

demonstrate this. NetScaler 10 comes bundled with some sample analytics which we will use for this lab.



Step Action

1. Click on “App Expert” “Action Analytics” “Selectors”

We will use the Selector called “Top_URL”.

2. Click on “Stream Identifiers” below. We will use the Identifier “Top_URL”.

3. Navigate to “Responder” “Policies” and note the “Top_URL” policy. It has an action of

: No Operation.

4. Browse to “Integrated Cache” and disable the feature. Click on “Content Groups” and click

on “Add”.

5. Call it “ActionAnalytics” and set the “Expire Content After” value to 60 seconds. Click

“Create”. (This is a HTTP Content Group.)

6. Click on “Policies” under Integrated Cache. Click on “Add”. Give it a name like “Analytics-

Cache-Pol. Choose the group you just created from the drop down.

7. In the Expression window, enter the following expression:

ANALYTICS.STREAM("Top_URL").IS_TOP(5)

8. Click “Create” and then “Close”.

9. Right click Integrated Cache and Enable the feature once more.

Step Action

10. Navigate to Load Balancing Virtual Servers. Open the HTTP LB Server that is UP and

open it. Click on the policies tab:

11. Click on “Cache (Request)”, choose “Insert Policy” and add the “Analytics-Cache-Pol”

12. Click on “Responder”, choose “Insert Policy”, and add the “Top_URL” policy.

13. Open a new tab on FireFox and enter the IP of the Vserver to which you bound the last

two policies. E.g. http://192.168.10.26/

14. Click on “Tools” “HttpFox” “Toggle HttpFox”

Click on “Start” in this tool.

15. Click on the following link at the bottom of the page:

16. Click on the “NetScaler 10” word until you reach Page 5, and stop.

http://192.168.10.26/

Step Action

17. Now click on one of the rows in HttpFox, and look at the response headers:

18. Note the Via Header inserted by the NetScaler as it serves the object from the cache.

19. Click “Stop” in HttpFox and close the plugin by clicking the red X in the top right hand

corner of the HttpFox window.

20. Return to the NetScaler administration window, and Navigate to “App Expert” Action

Analytics Stream Identifiers.

21. Click on Top_URL and click on the button “Stream Sessions” at the bottom of the window

to view the objects in graphical format.

22. Navigate to “Integrated Caching” and click on “Cache Objects”. (It takes a second to load

as this information is still accessed via java.) If the browser fails to display the content, you

could try loading the NetScaler configuration utility in Chrome, and viewing it from there.

Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If this

happens, please switch to Chrome, where the issue should not occur.

Alternatively, see Step 27 for the CLI command to view the exact same data.

23. From the NetScaler CLI, enter the following command:

stat stream identifier Top_URL

24. Now enter the command:

clear stream session Top_URL

25. Return to the page in your browser “Citrix NetScaler 10 Page 5” – and click the next 5 links.

26. From the NetScaler CLI, enter the following command:

stat stream identifier Top_URL

27. Confirm that the new requests are in the cache by executing the following CLI command:

show cache objects

28. View the indepth details of the cache object by executing the following command:

show cache show cache object –locator xxxxxxxxxxxxxxxx

Replace the xxxxxxxx‟s with the locator string shown in the output of „show cache object‟.

Pay special attention to the „Expiry‟ field.

An example of the above command would be:

show cache object -locator 0x0000000e4d2900000043

Summary

Key

Takeaways


How to invoke the built in Stream Selectors and Identifiers using a

Responder policy with No-Op Action

How to use Analytics in a NetScaler feature, e.g. Integrated Cache, and view

the analytic results graphically in the NetScaler Configuration Utility.

NOTES There are several CLI examples in this lab to demonstrate how to view additional

information. It is sometimes easier to go to the CLI to view this information as we

can grep the results.

Exercise 7: DNS Response Rewriting

Overview

In this exercise we will examine how to load balance DNS servers, how to view the cached responses, and

how to rewrite Non-Existent Domain responses. We will also learn how to demonstrate DNS

functionality through a NetScaler appliance.



Step Action

1. The first thing we need to do is configure the NetScaler so it can resolve DNS requests.

This can be done in two ways – quick and with a single point of failure, or redundant with

health checks and logging. We will configure the latter.

2. Navigate to “DNS” and click on “Name Servers”. Click Add. Choose “DNS Virtual Server”

and click the “New…” button.

3. This opens a “Create Virtual Server” dialog box. Give it a name of “DNS-LB-Vserver”

4. Use the IP address 192.168.10.30. The default port is pre-selected as 53.

5. The Services tab is displayed by default, click “Add”.

6. Enter “DNS-SVC” as the service name, and enter 192.168.10.11 into the server field.

Do not choose the default DNS monitor type.

7. Choose DNS from the protocol dropdown box, and click “Create”.

8. The “Add Service” window should close and the DNS-SVC service should be activated in

your “Create Vserver” dialog box. Click “Create”. This will close the window.

9. You have now returned to the “Create Name Server” box, and your DNS LB VServer is in

the drop down box. Click “Create” and click “Close”.

10. Verify that your DNS LB Vserver is enabled and has an Effective State of “Up”.

Step Action

11. You can test your DNS LB Vserver by following these steps:

a. Open a DOS Command prompt box. (Start Type “cmd” in the search box, and

click the link “cmd.exe”.)

b. Type “nslookup” and press enter

c. Type “server 192.168.10.30” and press enter

d. Type “www.citrix.com” and press enter.

12. Return to the NetScaler configuration, and browse to “DNS” “Records” Click on

“Address Records” and scroll down. You should see the www.gslb.citrix.com record cached

on the appliance (this is different to Integrated Cache) with a TTL of 60 seconds.

13. Now type “www.netscaler10rocks.com” into nslookup - you should receive a response

saying:

*** [192.168.10.30] can't find www.netscaler10rocks.com: Non-existent domain

14. In the NetScaler configuration, navigate to: “DNS” “Actions” Click “Add”.

15. Give the action a name, e.g. “DNS-Replace-Response”

16. Choose “Rewrite Response” as the action type.

17. Enter “40.30.20.10” in the “IP Address” field, and click “Add”

18. Now click “Create”, and click “Close”.

19. Click on “DNS” “Policies” and click “Add”. Ensure that your newly created action is

selected.

20. Call the Policy “Always-respond-to-NetScaler-host”

Step Action

21. In the Expression field, enter the following expression:

DNS.RES.QUESTION.DOMAIN.CONTAINS("training.lab").NOT &&

DNS.RES.HEADER.RCODE.EQ(NXDOMAIN) &&

DNS.RES.QUESTION.DOMAIN.CONTAINS("netscaler")

22. Click “Create” and click “Close”.

23. In the “DNS” “Policies” window, click “Global Bindings”.

24. Click “Insert Policy”, choose your newly created DNS Policy, and click “OK”.

25. Return to the DOS Prompt and NSLOOKUP again. Send the same DNS request

“www.netscaler10rocks.com” and verify that you now get a positive response with an IP

address.

Summary

Key

Takeaways


Creating a load balancing VServer for NetScaler based name resolution (i.e.

so the NetScaler itself can resolve host records)

Testing this configuration using nslookup and pointing it at the NetScaler

LB Vserver, and viewing cached records on the appliance.

Creating a granular (i.e. based on the hostname of the request) DNS rewrite

action to replace negative responses with positive responses and an IP

address.

NOTES Q. Why do we have to include the expression “DNS.RES.QUESTION.DOMAIN.

CONTAINS("training.lab").NOT” in the policy expression?

A. Sometimes, depending on the client, it can include the local host prefix to DNS

requests – e.g. www.netscaler10rocks.com.training.lab. Only local client traces will

reveal this client DNS behavior. This would not be an issue for requests coming

from the internet, as the local DNS (LDNS) would respond to these accordingly,

before going to the internet name servers to resolve www.netscaler10rocks.com.

Now try typing www.netscaler.com . . . what is the result?

Exercise 8: AutoScale Domain Based Service

Overview

In this exercise you will create a service group using a single hostname, which will auto-populate the

servicegroup with members, based on the response to the hostname IP resolution.



Step Action

1. Open a DOS command prompt box and type “NSLOOKUP”.

2. Enter the hostname “dnsgroup” and press enter. This list of IP addresses will be used by

the NetScaler appliance to autoscale a service group.

3. In the NetScaler configuration utility, navigate to “Load Balancing” “Servers” (note: not

services).

4. Click “Add”. Enter “dbs” in the “Server Name” field, and enter “dnsgroup.training.lab” in

the “Domain Name” field. Click “Create” and click “Close”.

5. Click on “Load Balancing “Service Groups” and click on “Add”.

6. Enter “DBS-autoscale” for the service group name.

7. Select the “Server Based” radio button in the “Specify Members” section.

8. Click on “dbs” from the list, enter 80 in the port field, and leave the protocol on HTTP.

Step Action

9. Click on the „Advanced‟ tab, and in the bottom right, set the „Auto Scale Mode‟ to DNS.

Click „Create‟ and then „Close‟.

10. The GUI will not display the service IPs immediately, as they are being resolved. The

results, IP addresses, and state will be available in the CLI if you execute the command:

sho servicegroup DBS-Autoscale

where the service group name is “DBS-Autoscale”. Future builds should resolve this issue.

Summary

Key

Takeaways


How to validate that the host record will result in an AutoScaled

servicegroup.

Configuring an AutoScaled Service group – the AutoScale option is not

available (greyed out) until you select a host based server object.

NOTES

Revision History

Revision Change Description Updated By Date

1.0 Original Version Rónán O‟Brien October 2012

About Citrix

Citrix Systems, Inc. designs, develops and markets technology solutions that enable information technology (IT)

services. The Enterprise division and the Online Services division constitute its two segments. Its revenues are

derived from sales of Enterprise division products, which include its Desktop Solutions, Datacenter and Cloud

Solutions, Cloud-based Data Solutions and related technical services and from its Online Services division's Web

collaboration, remote access and support services. It markets and licenses its products directly to enterprise

customers, over the Web, and through systems integrators (Sis) in addition to indirectly through value-added

resellers (VARs), value-added distributors (VADs) and original equipment manufacturers (OEMs). In July 2012, the

Company acquired Bytemobile, provider of data and video optimization solutions for mobile network operators.

http://www.citrix.com

© 2012 Citrix Systems, Inc. All rights reserved.

http://www.citrix.com/

netscaler 10 learn configure

Documents

lab credentials

selfpaced lab environment

lab button

lab architecture

portal page

selfpaced portal

isolated environment

cloudbased citrix xenserver