netscaler 10 learn configure
TRANSCRIPT
NetScaler 10 – Learn to configure, and
upskill in this latest feature packed
release
Self-paced exercise guide
Page 2
Citrix Virtual Classroom Table of Contents
Overview............................................................................................................................................................. 3
How to log in to your lab ................................................................................................................................. 4
Exercise 1: Upgrade your NetScaler ............................................................................................................... 6
Exercise 2: Networking – Network Profiles ................................................................................................. 8
Exercise 3: ICMP based on VServer Health ............................................................................................... 11
Exercise 4: DataStream Responder .............................................................................................................. 14
Exercise 5: DataStream Caching ................................................................................................................... 21
Exercise 6: Action Analytics .......................................................................................................................... 26
Exercise 7: DNS Response Rewriting .......................................................................................................... 30
Exercise 8: AutoScale Domain Based Service ............................................................................................. 34
Page 3
Citrix Virtual Classroom Overview
Hands-on Training Module
This training module has the following details:
Objective Provide hands on experience in the configuration and use of the NetScaler 10 features, with a focus on DataStream, Action Analytics, and various DNS enhancements.
Audience Primary: NetScaler administrators
Lab Environment Details
Below you can find the lab architecture.
This is an isolated environment, so all attendees will use the same IP addresses in the Private Network
(blue). The servers you will actually need for this lab are highlighted below.
Required Lab Credentials
Here are the login credentials required to connect to the lab environment.
Machine Username Password
XenServer root (Supplied)
Win7Client Training\administrator Citrix123
NetScalerVPX nsroot nsroot
All Windows Servers Training\administrator Citrix123
MySQL Login netscalersql netscaler
Apache_MySQL root c!tr!x
Page 4
Citrix Virtual Classroom How to log into the lab environment
The self-paced lab environment is hosted on a cloud-based Citrix XenServer. Connecting to your
server from the portal page is as easy as 1-2-3.
Step-by-step login instructions
Step Action
1. Once logged in at the self-paced portal, click the Start lab button to launch a connection to
published XenCenter.
2. When XenCenter loads, right-click the XenCenter node and select Add.
3. On the Add New Server screen enter the XenServer IP address provided on the portal
and in the Password field enter the password provided on the portal. The user name will
always be root.
Your lab desktop – this is important!! If you don’t follow the steps below, you may experience slow mouse movements, keystrokes, and screen updates.
When all the servers are started, you should select the “Win7Client” VM and click on the “Console”
tab. Wait for approximately 30 seconds. It should automatically switch to “Remote Desktop”. If it says
“Switch to Default Desktop” then it is already using Remote Desktop, and you can leave it as is. It
will prompt you to log in once it switches to Remote Desktop. Please use training\administrator and
Citrix123 to log in.
All of the lab exercises should be completed from within the Win7Client. You will get the best
experience if you go to console-fullscreen in XenCenter on the Win7Client VM. You can toggle this by
entering Ctrl+Alt on your keyboard when at the console. This is what it should look like:
If you see XenCenter prompting you to “Switch to Remote Desktop” – it means you are using the
default desktop access method, which we recommend against.
Page 6
Lab walkthrough – Only if you encounter
issues.
Overview
If you are encountering problems in the lab, and are stuck at one particular point, you have the option of
using our cheatsheet which is located in the root of the C:\ on the Win7Client Virtual machine.
Step by step guidance
Each lab is labeled in the text file. You need only open PuTTy (the SSH client), log in, and copy and paste
the relevant lines from the textfile into the CLI.
In order to find out where you went wrong, save the configuration. In PuTTY, type the command:
clear conf full
Now you can copy and paste all the commands (excluding the upgrade) up to the lab you encountered
trouble. You should now see the correct functionality. Save the config.
In the NetScaler GUI, you can click on System Diagnostics Configuration Difference
Now choose saved config as the second file, and ns.conf.0 as the first file like below. This will show you
the configuration differences
between the two files, and you will
hopefully see where you went astray.
Page 7
Exercise 1: Upgrade your NetScaler
Overview
In this exercise you will perform a manual upgrade from NetScaler 9.3 to NetScaler 10 using the CLI.
Step by step guidance
Estimated time to complete this lab: 5 minutes.
Step Action
1. Launch Putty.exe from the desktop and connect to the saved session „NetScaler‟ by double
clicking it.
2. Login with the username \ password of nsroot \ nsroot.
3. Type „show version‟ to see the NetScaler version
4. Type „shell‟ and press enter.
5. Type „cd /var/nsinstall/10/70.7/‟ and press enter.
6. Type „tar –xvzf build-10.0-70.7_nc.tgz‟ and press enter.
7. Type „./installns‟ and press enter
8. Press „Y‟ when it prompts you to reboot.
9. It should take approximately 3 minutes to complete the reboot.
10. Open Firefox, and login to Configuration Utility. Verify the version and build no.
Summary
Key
Takeaways
The key takeaways for this exercise are:
Upgrading a NetScaler using the command line
NOTES This upgrade required that the firmware was already loaded onto the appliance. You
can download the latest firmware from the citrix.com site providing you have a valid
support agreement. You can use SCP (or WinSCP) to load firmware onto the
appliance. Always place it in the /var/nsinstall directory.
It‟s a good practice to create a sub directory in /var/nsinstall with the version
number, and within that, a further subdirectory with the build number, as shown on
your appliance (e.g. /var/nsinstall/10/70.7/)
You may also use the Upgrade Wizard available by clicking on the „System‟ node in
the configuration utility. This can perform the upgrade from firmware located on the
appliance, or your local computer or a remote FTP server.
Page 8
Exercise 2: Networking – Network Profiles
Overview
In this exercise you will configure some network profiles and demonstrate this functionality by browsing
different VServers, connected to the same back end server, and see different SNIPs being utilised.
Usually, when using multiple SNIPs in the same subnet to talk to back end servers – the appliance will
„round robin‟ on SNIP choice so all the ports don‟t get exhausted on one SNIP when the others are not
being used. However, sometimes a more granular control is required. Please see the powerpoint for use
cases.
Step by step guidance
Estimated time to complete this lab: 10 minutes.
Step Action
1. The system will have one SNIP pre-configured. This is 192.168.10.90. We should create a
second SNIP on the appliance for
this lab exercise. Navigate to the
following node in the NetScaler
configuration utility:
“Networks” “IP” “Add”
and enter 192.168.10.21 /
255.255.255.0
2. Click “Create” “Close” to add the SubNet IP.
3. Now click on “Network” “Net Profiles” Add, and create the first Network Profile.
Give it a name of “Subnet-90”.
4. Choose the IP ending in 90 from the dropdown, and click “Create”.
Page 9
Step Action
5. The profile will be created, but the window will remain open, ready to create additional
Network Profiles. Change the name from “Subnet-90” to “Subnet-21” and choose the IP
address ending in 21 from the dropdown.
6. Click “Create”, and then click “Close”.
7. Right click on the yellow circle beside Load Balancing and right click to enable the feature.
8. Navigate to “Load Balancing” Services and click “Add”
9. Enter „Web1‟ as the service name, 192.168.10.50 as the IP, and leave the protocol and port
set to HTTP and port 80 respectively.
Click “Create” – we‟ll let the service bind a default monitor for now.
10. Navigate to “Virtual Servers” under the “Load Balancing” node and click “Add”.
11. Give the Virtual server the name “Vserver-25” and the IP address 192.168.10.25.
Activate (bind) the configured service “Web1”. Do NOT click “Create” yet.
12. Select the “Profiles” Tab, and choose “Subnet-90” from the “Net Profile” drop down list.
Now click “Create”. The VServer entity will be created, but the window will remain open.
13. Change the “Net Profile” value to “Subnet-21”
14. Change the VServer IP address to 192.168.10.26.
Page 10
Step Action
15. Change the Vserver name to “Vserver-26”.
Click “Create” and then click “Close”.
16. Open a new tab on your browser, and enter the following URL:
http://192.168.10.25/show-ip.asp
This page dynamically displays the IP address that the web server sees the request coming
from. Confirm it displays the IP ending in 90.
17. Enter the following URL:
http://192.168.10.26/show-ip.asp
Confirm it displays the IP ending in 21.
18. Enter the following URL:
http://192.168.10.50/show-ip.asp
Confirm it displays the IP ending in 15.
This is because you are connecting directly to the web server from your client, and by-
passing the NetScaler. 192.168.10.15 is your client IP address.
Summary
Key
Takeaways
The key takeaways for this exercise are:
Creating Network profiles – and binding them to Vservers
They can also be bound to a service, service group, and monitor too.
NOTES The page used on the webserver is a simple page to display the incoming IP address.
There is another page in the root of the webserver called „/all-headers.asp‟.
This does a complete dump of ALL headers and available server variables – a useful
diagnostic troubleshooting page when you want to see what the web server is
receiving from the web server.
There is also a page called /all-headers.php to display the same content.
The source code of these files is located in the „files‟ folder on the Win7Client
desktop, and is yours to take away and use.
Page 11
Exercise 3: ICMP based on VServer Health
Overview
In this exercise you will allow the VServer health to decide if the NetScaler responds to ICMP for a
particular IP address.
Step by step guidance
Estimated time to complete this lab: 5 minutes.
Step Action
1. Navigate to “Network” “IPs” and double click the IP 192.168.10.25
2. Choose ALL_VSERVERS from the ICMP Response drop-down.
Click OK.
3. Open a command prompt by clicking “Start”, enter “cmd” in the searchbox and press
return.
4. Enter the command:
ping –t 192.168.10.25
and press enter.
5. Navigate to “Load Balancing” “Virtual Servers” , click ONCE on Vserver-25, and click
“Add”. (This is how we can add a new Virtual Server, using an existing entity as a template.)
Page 12
Step Action
6. Change the name to “VServer-25-8080”, change the port to 8080, and make sure to activate
the Service Web1. Click “Create” and then “Close”.
7. You now have two VServers configured on 192.168.10.25 listening for HTTP traffic.
8. Disable 1 VServer by right clicking it and selecting “Disable” and clicking “Yes”.
9. Check your command prompt – you should notice that the VServer is no longer responding
to ICMP. This is because the IP address 192.168.10.25 has a „DOWN‟ VServer associated
with it.
10. Return to the NetScaler configuration utility and expand “Networking” “IPs”
11. Double click the IP 192.168.10.25 and choose ONE_VSERVER & Click “OK”.
Page 13
Step Action
12. Return to the DOS command prompt, and you will see the appliance responding to ICMP
again. This is because ICMP will now respond if at least ONE Vserver associated with the
IP address is UP.
Summary
Key
Takeaways
The key takeaways for this exercise are:
Controlling ICMP behavior based on the health of the VServer.
Demonstrating the difference between ONE_VSERVER and
ALL_VSERVER.
NOTES When the same functionality is used for ARP – what would be the impact of setting
the ARP response to ONE_VSERVER if one of the VServers became unhealthy.
Think in terms of existing traffic, and traffic in 10, 20 or 30 minutes time.
Page 14
Exercise 4: DataStream Responder
Overview
In this exercise we will create a Responder message to respond with an error if someone attempts to send
the „drop‟ command through a NetScaler MySQL VServer. You will need to create the MySQL monitor,
MySQL Service, & LB VServer entities yourself. It is very important that you configure the MySQL ECV
monitor correctly as the MySQL engine will start rejecting requests from a client who just performs the
TCP handshake, like the TCP Monitor.
Step by step guidance
Estimated time to complete this lab: 15 minutes.
Step Action
1. Firstly, we are going to add the database user to the NetScaler configuration. Expand the
System node, and click on “Database Users”.
Create a user called: netscalersql
Use the password : netscaler
for this user.
2. Navigate to “Load Balancing” Monitors and click “Add”. Choose “MySQL-ECV” as
the type (NOT “MySQL”) and call the monitor MySQL-Custom-Monitor.
Make sure to set the Network Profile on the Monitor. (Subnet-90)
The MySQL DB server only allows connection from the netscalersql user to come from this
IP address.
Page 15
Step Action
3. Click on “Special Parameters” and enter the following information:
Database: imdb
Query: select * from actors where actors.last_name = "Pacino";
Username: netscalersql
Rule: MYSQL.RES.ATLEAST_ROWS_COUNT(1)
Click “Create”.
How does this monitor decide on the health of the service?
4. Navigate to “Load Balancing” “Virtual Servers”. Ensure that you have not clicked on
any of the existing Virtual Servers. Click on “Add”. Choose MySQL as the protocol, enter
192.168.10.30 as the Virtual Server IP, 3306 for the port, and use the name “MySQL-
Vserver” for the Vservername.
5. It is important that the MySQL database server receives requests over a specific IP address,
as this is how security grants are administered. Click on the “Profiles” tab and choose the
profile associated with the subnet IP address ending in 90.
Page 16
Step Action
6. Click the “Services” tab.
Click on “Add” at the bottom of this window to create a MySQL Service „on the fly‟.
Choose MySQL as the protocol, enter 192.168.10.13 as the Server, 3306 as the port, and call
it MySQL-Svc.
Bind the monitor MySQL-Custom-Monitor to the service, and click Create.
7. The Service should now be visible and active in the “Create VServer” window, and the
service should be „up‟. If not, then move to step 9.
Click “Create” and Close.
8. Navigate to the “Services” node beneath “Load Balancing”.
Open the Service and click on the monitor to verify that it has a „Success‟ status.
If there is an error, you may need to wait a minute for the service to re-check the health and
report the correct message as indicated above.
Close the Service Window.
Page 17
Step Action
9. Enable the Responder Feature. (Right Click the yellow circle and choose „Enable‟).
Navigate to the “Responder” Feature Actions. Click on “Add”.
Give it a name of “No-Drop” and choose “Respond with SQL Error” from the drop down.
Enter some text into the “Target” window – along the lines of:
The Drop command is not allowed to be executed through the Load Balanced VServer e.g.
(No quotation marks required)
Click “Create” and “Close”.
10. Click on “Policies” under the “Responder” feature, and click “add”.
11. Enter “MySQL-Pol-No-Drop” as the Responder name.
Choose “No-Drop” from the Action drop down list.
12. Click once in the expression field, hold down CTRL and press the space bar. Choose
MySQL and double click.
Now press the full stop (period) and use the expression builder to create the following
expression:
MYSQL.REQ.QUERY.COMMAND.EQ("drop")
13. Click “Create” and “Close”.
14. Click on the Policy Manager button at the bottom of the window.
15. Choose MySQL from the drop down in the top left hand corner of the Policy Manager
window.
Page 18
Step Action
16. Click on LB Virtual Server, and double click on “MySQL-VServer” so that the “Insert
Policy is activated, like below.
17. Click “Insert Policy” and choose the Responder policy you just created, MySQL-Pol-No-
Drop. There should only be ONE entry in the bind responder policy window. If you added
a second policy by mistake, ensure you remove it before clicking “Apply Changes”
18. Click “Apply Changes” and click “Close”. Choose “Yes” if prompted to save your changes.
19. The VServer is now ready to receive requests from any MySQL Client.
20. We‟re going to use a graphical client to connect to the LB VServer.
Click on “Start” “Programs” and scroll up to click on “HeidiSQL”
Page 19
Step Action
21. The Connection settings should be pre-populated. Click on “Open”
22. You should see a list of available tables. Click on the “Query” tab:
If Heidi does not connect, then you can check the troubleshooting section at the end of this
exercise.
23. Enter the following text into the text field, and click the blue “Play” symbol to the upper
right: drop database test;
24. This sends the command to the database. The responder policy should pick this up, and you
should see the response:
25. Click “Ok” and minimise the HeidiSQL Client, and return to the NetScaler configuration
Utility.
Page 20
Summary
Key Takeaways The key takeaways for this exercise are:
Using Responder, you can choose to send a response to any MySQL or MS-
SQL request. You simply need to choose what commands\ strings\
arguments trigger the Responder in the Responder policy
You can choose to respond with an Error or an OK message.
Troubleshooting
NOTES
If you bind a TCP monitor to a MySQL service, there is a good chance that the
MySQL server will blacklist that IP address. MySQL does not like receiving a TCP
handshake, and then no data. So – if the monitor on the service is not coming up,
and you DID bind a TCP monitor by mistake, then you will need to reboot the
MySQL server once the correct monitor is bound. There is a way to do this using
the MySQL command prompt, but rebooting the MySQL1 server from XenCenter
is by far the fastest way to reset it. (It should only take about 30-40 seconds).
We have noticed that many people experienced issues with this lab because they
chose MSSQL as the protocol in either the VServer, Service or Monitor. You must
use MySQL. MSSQL is a totally different protocol, and they are not interchangeable.
If you need to change a service or VServer protocol, you will have to remove the
entity and add it again.
Page 21
Exercise 5: DataStream Caching
Overview
In this exercise you will configure a Cache Selector (mandatory for DataStream caching),a Cache Content
Group, and a Cache Policy. There is a contrived query that we will run on the database which can take up
to 1 minute to complete. Once we cache this response on the appliance, the time taken drops to less than
1 second. There is a web application designed to run this query against the database and display the results,
along with the response time and the query used. You may use the HeidiSQL client as well if you want to
by-pass the web application.
Step by step guidance
Estimated time to complete this lab: 10 minutes.
Step Action
1. Firstly, open a new tab in the web browser and go to http://192.168.10.26/.
Click on the MySQL lab link at the bottom of the page:
2. You will see a page where you can submit an IP address. This is set to the MySQL VServer
IP configured earlier by default. You can change the IP by entering a new one and clicking
Submit‟ – but there is no need to do so if you‟ve used the suggested IP addresses in
previous labs. This IP address will be used as the Database Server IP address that the web
application will send a MySQL query to.
3. Once you are satisfied that your NetScaler MySQL VServer is up and listening for requests,
click the link to execute the long query. If the page displays the message “MySQL Server has
gone away” – please hold down Shift and press F5. If it continues to display the error
message, check the status of the monitor bound to the service and call over one of the
facilitators.
4. Look at the bottom of the browser to check if the page is loading. If you see:
and then you know that the page is
loading, please have patience! It will take approximately 1-2 minutes to run. You can
continue with the lab while you are waiting (step 6), but check back after a minute to make
sure there are no errors.
5. Once the page has full loaded you will see the table, along with the query used, and the
execution time. This value is taken using PHP which starts a counter before the query, and
after the last byte of response is received from the MySQL VServer.
Page 22
Step Action
6. Now we will set up the caching configuration. This is one of the few features we choose to
leave DISabled while we configure it. (See why in the notes at the end of this lab.)
7. Unlike HTTP – a cache selector is mandatory for Database Response caching. In the
NetScaler configuration, browse to “Integrated Caching” and drill down to “Cache
Selectors”. Click Add.
8. Give it a name of DB-Query, and choose the following expression:
MYSQL.REQ.QUERY.TEXT
Click “Add” and then click “Create”, and then click “Close”.
9. Next we will create our Content Group. Expand "Content Groups” and click “Add”.
10. Choose MySQL as the type, and give it a name like “MySQL-Cache”.
11. Choose “Expire Content After” - 500 seconds.
12. Click on the “Paramaterization” tab and choose the Hit Selector you just created from the
drop down.
Page 23
Step Action
13. Click on the Memory tab and enter 2000 for the “Do Not Cache if size Exceeds” value.
Click “Create” and click “Close”.
14. Click on Policies, and click on “Add”.
15. Give it a name like : Cache-MySQL-Reqs, choose your newly created content group from
the drop down, and enter the following expression:
MYSQL.REQ.QUERY.COMMAND.CONTAINS("SELECT")
Click “Create” and then click “Close”.
16. Click once on the “Integrated Cache” feature on the left hand side. In the right hand pane,
you should see the global settings for this feature.
Click “Change Cache Settings” and set the “Memory Usage Limit” to 100.
Click OK.
17. Right click the yellow circle beside Integrated Cache and choose “Enable Feature”.
Page 24
Step Action
18. Expand “Load Balancing” Virtual Servers and open the MySQL Virtual server by double
clicking it. Click on the “Policies” tab, and choose “Cache (Request)”. Click “Insert Policy,
and choose the MySQL Cache policy that you just created.
Click “Ok”
19. Now, return to your Web Application and
refresh the page once. It should take
approximately 1 minute again to retrieve
the data. Now click Refresh once more,
and the load time should reduce
dramatically.
Page 25
Summary
Key
Takeaways
The key takeaways for this exercise are:
Configuring Integrated Cache to cache database responses requires 4 main
configuration points:
1. Cache Selector
2. Content Group
3. Policy
4. Policy Binding
Global Cache settings (Cache Memory Allocation) must be set to a value
otherwise the object will never enter then cache, but the cache policy will
register a hit.
NOTES Caching is configured with the feature disabled because objects may go into the
cache while you are configuring the feature. You might add configuration to not
cache those objects, and it will not retrospectively view objects in the cache. Results
of this are not predictable – the worst case scenario being that objects you don‟t
want to cache DO get cached. When changing a cache configuration, it is
recommended to disable the feature, make the change, flush all cache objects, and
re-enable the feature again.
Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If
this happens, please switch to Chrome, where the issue should not occur.
Page 26
Exercise 6: Action Analytics
Overview
In this exercise we will use real time streaming stats to impact the configuration on the appliance, allowing
it to dynamically choose the most efficient configuration. We will use the Integrated Cache feature to
demonstrate this. NetScaler 10 comes bundled with some sample analytics which we will use for this lab.
Step by step guidance
Estimated time to complete this lab: 10 minutes.
Step Action
1. Click on “App Expert” “Action Analytics” “Selectors”
We will use the Selector called “Top_URL”.
2. Click on “Stream Identifiers” below. We will use the Identifier “Top_URL”.
3. Navigate to “Responder” “Policies” and note the “Top_URL” policy. It has an action of
: No Operation.
4. Browse to “Integrated Cache” and disable the feature. Click on “Content Groups” and click
on “Add”.
5. Call it “ActionAnalytics” and set the “Expire Content After” value to 60 seconds. Click
“Create”. (This is a HTTP Content Group.)
6. Click on “Policies” under Integrated Cache. Click on “Add”. Give it a name like “Analytics-
Cache-Pol. Choose the group you just created from the drop down.
7. In the Expression window, enter the following expression:
ANALYTICS.STREAM("Top_URL").IS_TOP(5)
8. Click “Create” and then “Close”.
9. Right click Integrated Cache and Enable the feature once more.
Page 27
Step Action
10. Navigate to Load Balancing Virtual Servers. Open the HTTP LB Server that is UP and
open it. Click on the policies tab:
11. Click on “Cache (Request)”, choose “Insert Policy” and add the “Analytics-Cache-Pol”
12. Click on “Responder”, choose “Insert Policy”, and add the “Top_URL” policy.
13. Open a new tab on FireFox and enter the IP of the Vserver to which you bound the last
two policies. E.g. http://192.168.10.26/
14. Click on “Tools” “HttpFox” “Toggle HttpFox”
Click on “Start” in this tool.
15. Click on the following link at the bottom of the page:
16. Click on the “NetScaler 10” word until you reach Page 5, and stop.
Page 28
Step Action
17. Now click on one of the rows in HttpFox, and look at the response headers:
18. Note the Via Header inserted by the NetScaler as it serves the object from the cache.
19. Click “Stop” in HttpFox and close the plugin by clicking the red X in the top right hand
corner of the HttpFox window.
20. Return to the NetScaler administration window, and Navigate to “App Expert” Action
Analytics Stream Identifiers.
21. Click on Top_URL and click on the button “Stream Sessions” at the bottom of the window
to view the objects in graphical format.
22. Navigate to “Integrated Caching” and click on “Cache Objects”. (It takes a second to load
as this information is still accessed via java.) If the browser fails to display the content, you
could try loading the NetScaler configuration utility in Chrome, and viewing it from there.
Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If this
happens, please switch to Chrome, where the issue should not occur.
Alternatively, see Step 27 for the CLI command to view the exact same data.
23. From the NetScaler CLI, enter the following command:
stat stream identifier Top_URL
24. Now enter the command:
clear stream session Top_URL
25. Return to the page in your browser “Citrix NetScaler 10 Page 5” – and click the next 5 links.
26. From the NetScaler CLI, enter the following command:
stat stream identifier Top_URL
27. Confirm that the new requests are in the cache by executing the following CLI command:
show cache objects
28. View the indepth details of the cache object by executing the following command:
show cache show cache object –locator xxxxxxxxxxxxxxxx
Replace the xxxxxxxx‟s with the locator string shown in the output of „show cache object‟.
Pay special attention to the „Expiry‟ field.
An example of the above command would be:
show cache object -locator 0x0000000e4d2900000043
Page 29
Summary
Key
Takeaways
The key takeaways for this exercise are:
How to invoke the built in Stream Selectors and Identifiers using a
Responder policy with No-Op Action
How to use Analytics in a NetScaler feature, e.g. Integrated Cache, and view
the analytic results graphically in the NetScaler Configuration Utility.
NOTES There are several CLI examples in this lab to demonstrate how to view additional
information. It is sometimes easier to go to the CLI to view this information as we
can grep the results.
Page 30
Exercise 7: DNS Response Rewriting
Overview
In this exercise we will examine how to load balance DNS servers, how to view the cached responses, and
how to rewrite Non-Existent Domain responses. We will also learn how to demonstrate DNS
functionality through a NetScaler appliance.
Step by step guidance
Estimated time to complete this lab: 10 minutes.
Step Action
1. The first thing we need to do is configure the NetScaler so it can resolve DNS requests.
This can be done in two ways – quick and with a single point of failure, or redundant with
health checks and logging. We will configure the latter.
2. Navigate to “DNS” and click on “Name Servers”. Click Add. Choose “DNS Virtual Server”
and click the “New…” button.
3. This opens a “Create Virtual Server” dialog box. Give it a name of “DNS-LB-Vserver”
4. Use the IP address 192.168.10.30. The default port is pre-selected as 53.
5. The Services tab is displayed by default, click “Add”.
6. Enter “DNS-SVC” as the service name, and enter 192.168.10.11 into the server field.
Do not choose the default DNS monitor type.
7. Choose DNS from the protocol dropdown box, and click “Create”.
8. The “Add Service” window should close and the DNS-SVC service should be activated in
your “Create Vserver” dialog box. Click “Create”. This will close the window.
9. You have now returned to the “Create Name Server” box, and your DNS LB VServer is in
the drop down box. Click “Create” and click “Close”.
10. Verify that your DNS LB Vserver is enabled and has an Effective State of “Up”.
Page 31
Step Action
11. You can test your DNS LB Vserver by following these steps:
a. Open a DOS Command prompt box. (Start Type “cmd” in the search box, and
click the link “cmd.exe”.)
b. Type “nslookup” and press enter
c. Type “server 192.168.10.30” and press enter
d. Type “www.citrix.com” and press enter.
12. Return to the NetScaler configuration, and browse to “DNS” “Records” Click on
“Address Records” and scroll down. You should see the www.gslb.citrix.com record cached
on the appliance (this is different to Integrated Cache) with a TTL of 60 seconds.
13. Now type “www.netscaler10rocks.com” into nslookup - you should receive a response
saying:
*** [192.168.10.30] can't find www.netscaler10rocks.com: Non-existent domain
14. In the NetScaler configuration, navigate to: “DNS” “Actions” Click “Add”.
15. Give the action a name, e.g. “DNS-Replace-Response”
16. Choose “Rewrite Response” as the action type.
17. Enter “40.30.20.10” in the “IP Address” field, and click “Add”
18. Now click “Create”, and click “Close”.
19. Click on “DNS” “Policies” and click “Add”. Ensure that your newly created action is
selected.
20. Call the Policy “Always-respond-to-NetScaler-host”
Page 32
Step Action
21. In the Expression field, enter the following expression:
DNS.RES.QUESTION.DOMAIN.CONTAINS("training.lab").NOT &&
DNS.RES.HEADER.RCODE.EQ(NXDOMAIN) &&
DNS.RES.QUESTION.DOMAIN.CONTAINS("netscaler")
22. Click “Create” and click “Close”.
23. In the “DNS” “Policies” window, click “Global Bindings”.
24. Click “Insert Policy”, choose your newly created DNS Policy, and click “OK”.
25. Return to the DOS Prompt and NSLOOKUP again. Send the same DNS request
“www.netscaler10rocks.com” and verify that you now get a positive response with an IP
address.
Page 33
Summary
Key
Takeaways
The key takeaways for this exercise are:
Creating a load balancing VServer for NetScaler based name resolution (i.e.
so the NetScaler itself can resolve host records)
Testing this configuration using nslookup and pointing it at the NetScaler
LB Vserver, and viewing cached records on the appliance.
Creating a granular (i.e. based on the hostname of the request) DNS rewrite
action to replace negative responses with positive responses and an IP
address.
NOTES Q. Why do we have to include the expression “DNS.RES.QUESTION.DOMAIN.
CONTAINS("training.lab").NOT” in the policy expression?
A. Sometimes, depending on the client, it can include the local host prefix to DNS
requests – e.g. www.netscaler10rocks.com.training.lab. Only local client traces will
reveal this client DNS behavior. This would not be an issue for requests coming
from the internet, as the local DNS (LDNS) would respond to these accordingly,
before going to the internet name servers to resolve www.netscaler10rocks.com.
Now try typing www.netscaler.com . . . what is the result?
Page 34
Exercise 8: AutoScale Domain Based Service
Overview
In this exercise you will create a service group using a single hostname, which will auto-populate the
servicegroup with members, based on the response to the hostname IP resolution.
Step by step guidance
Estimated time to complete this lab: 10 minutes.
Step Action
1. Open a DOS command prompt box and type “NSLOOKUP”.
2. Enter the hostname “dnsgroup” and press enter. This list of IP addresses will be used by
the NetScaler appliance to autoscale a service group.
3. In the NetScaler configuration utility, navigate to “Load Balancing” “Servers” (note: not
services).
4. Click “Add”. Enter “dbs” in the “Server Name” field, and enter “dnsgroup.training.lab” in
the “Domain Name” field. Click “Create” and click “Close”.
5. Click on “Load Balancing “Service Groups” and click on “Add”.
6. Enter “DBS-autoscale” for the service group name.
7. Select the “Server Based” radio button in the “Specify Members” section.
8. Click on “dbs” from the list, enter 80 in the port field, and leave the protocol on HTTP.
Page 35
Step Action
9. Click on the „Advanced‟ tab, and in the bottom right, set the „Auto Scale Mode‟ to DNS.
Click „Create‟ and then „Close‟.
10. The GUI will not display the service IPs immediately, as they are being resolved. The
results, IP addresses, and state will be available in the CLI if you execute the command:
sho servicegroup DBS-Autoscale
where the service group name is “DBS-Autoscale”. Future builds should resolve this issue.
Summary
Key
Takeaways
The key takeaways for this exercise are:
How to validate that the host record will result in an AutoScaled
servicegroup.
Configuring an AutoScaled Service group – the AutoScale option is not
available (greyed out) until you select a host based server object.
NOTES
Page 36
Revision History
Revision Change Description Updated By Date
1.0 Original Version Rónán O‟Brien October 2012
About Citrix
Citrix Systems, Inc. designs, develops and markets technology solutions that enable information technology (IT)
services. The Enterprise division and the Online Services division constitute its two segments. Its revenues are
derived from sales of Enterprise division products, which include its Desktop Solutions, Datacenter and Cloud
Solutions, Cloud-based Data Solutions and related technical services and from its Online Services division's Web
collaboration, remote access and support services. It markets and licenses its products directly to enterprise
customers, over the Web, and through systems integrators (Sis) in addition to indirectly through value-added
resellers (VARs), value-added distributors (VADs) and original equipment manufacturers (OEMs). In July 2012, the
Company acquired Bytemobile, provider of data and video optimization solutions for mobile network operators.
http://www.citrix.com
© 2012 Citrix Systems, Inc. All rights reserved.