Deploy NetScaler BLX on AWS
You can deploy NetScaler BLX on a Linux instance available on AWS. BLX deployed on AWS enables you to use AWS cloud computing capabilities and NetScaler features for your business needs.
AWS terminology
This section describes the list of commonly used AWS terms and phrases. For more information, see the AWS Glossary.
Term | Definition |
---|---|
Amazon Machine Image (AMI) | A machine image, which provides the information required to launch an instance, which is a virtual server in the cloud. |
Elastic Block Store | Provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. |
Simple Storage Service (S3) | Storage for the Internet. It is designed to make web-scale computing easier for developers. |
Elastic Compute Cloud (EC2) | A web service that provides secure, resizable computing capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. |
Elastic Load Balancing (ELB) | Distributes incoming application traffic across multiple EC2 instances in multiple Availability Zones. This increases the fault tolerance of your applications. |
Elastic network interface (ENI) | A virtual network interface that you can attach to an instance in a Virtual Private Cloud (VPC). |
Elastic IP (EIP) address | A static, public IPv4 address that you have allocated in Amazon EC2 or Amazon VPC and then attached to an instance. Elastic IP addresses are associated with your account, not a specific instance. They are elastic because you can easily allocate, attach, detach, and free them as your needs change. |
Instance type | Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. |
Identity and Access Management (IAM) | An AWS identity with permission policies that determine what the identity can and cannot do in AWS. You can use an IAM role to enable applications running on an EC2 instance to securely access your AWS resources. |
Internet Gateway | Connects a network to the Internet. You can route traffic for IP addresses outside your VPC to the Internet gateway. |
Key pair | A set of security credentials that you use to prove your identity electronically. A key pair consists of a private key and a public key. |
Route tables | A set of routing rules that controls the traffic leaving any subnet that is associated with the route table. You can associate multiple subnets with a single route table, but a subnet can be associated with only one route table at a time. |
Security groups | A named set of allowed inbound network connections for an instance. |
Subnets | A segment of the IP address range of a VPC that EC2 instances can be attached to. You can create subnets to group instances according to security and operational needs. |
Virtual Private Cloud (VPC) | A web service for provisioning a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. |
Auto Scaling | A web service to launch or terminate Amazon EC2 instances automatically based on user-defined policies, schedules, and health checks. |
CloudFormation | A service for writing or changing templates that create and delete related AWS resources together as a unit. |
How NetScaler BLX works on AWS
NetScaler BLX is a lightweight software package that runs natively on Linux systems. You can install BLX on any Linux AMI that is supported by BLX and available on the AWS marketplace. For more information about the supported Linux distributions, see Supported Linux distributions.
BLX runs as a Linux process on an EC2 Linux instance within an AWS VPC. The Linux AMI instance requires a minimum of 2 virtual CPUs and 2 GB of memory. An EC2 instance launched within an AWS VPC can have multiple interfaces or multiple IP addresses per interface. Each BLX instance requires at least three IP subnets:
- A management subnet (NSIP)
- A client-facing subnet (VIP)
- A back-end facing subnet (SNIP)
Note:
We recommend three network interfaces for a standard BLX deployment on AWS.
AWS currently supports multi-IP functionality only to instances running within an AWS VPC. A BLX instance in a VPC can be used to load balance servers running in EC2 instances. An Amazon VPC allows you to create and control a virtual networking environment, including your own IP address range, subnets, route tables, and network gateways.
Note:
By default, you can create up to 5 VPC instances per AWS region for each AWS account. You can request higher VPC limits by submitting Amazon’s request form.
The following figure shows a simple topology of an AWS VPC with a BLX deployed on Linux AMI.
The AWS VPC has:
- A single Internet gateway to route traffic in and out of the VPC
- Network connectivity between the Internet gateway and the Internet
- Three subnets, one each for management, client, and server
- Network connectivity between the Internet gateway and the two subnets (management and client)
- A standalone BLX instance installed on a Linux instance that has three ENIs attached to each subnet
Prerequisites
Before attempting to create an instance in AWS, review the following points:
- Ensure that the EC2 instance meets the BLX system requirements.
- We recommend creating an instance type of m5.xlarge or higher for better performance.
- You need three IP addresses to configure NSIP, VIP, and SNIP.
Note:
The IP addresses configured as VIP and SNIP must have a public IP address associated with them.
- You need an AWS account to launch a Linux AMI in an AWS Virtual Private Cloud (VPC). You can create an AWS account for free at aws.amazon.com.
- You need an AWS Identity and Access Management (IAM) user account to securely control access to AWS services and resources for your users. For more information about how to create an IAM user account, see Creating IAM Users (Console).
- You can use all the functionality provided by the AWS Management Console from your terminal program. For more information, see the AWS CLI user guide. You also need the AWS CLI to change the network interface type to SR-IOV.
- For Elastic Network Adapter (ENA) driver-enabled instance types (for example, M5, C5 instances) the firmware version must be 13.0 and later.
Limitations and usage guidelines
The following limitations and usage guidelines apply when deploying a NetScaler BLX instance on AWS:
- Data and management traffic ENIs must be in different subnets.
- Only the NSIP address must be present on the management ENI.
- If a NAT instance is used for security instead of assigning an EIP to the NSIP, appropriate VPC-level routing changes are required. For instructions on making VPC-level routing changes, see Scenario 2: VPC with Public and Private Subnets.
- You can assign multiple IP addresses to an ENI. The maximum number of IP addresses per ENI is determined by the EC2 instance type, see the section “IP Addresses Per Network Interface Per Instance Type” in Elastic Network Interfaces.
Note:
You must allocate the IP addresses in AWS before you assign them to ENIs. For more information, see Elastic Network Interfaces.
- Due to AWS limitations, the following features are not supported:
- Gratuitous ARP (GARP)
- L2 mode
- Tagged VLAN
- Dynamic routing
- virtual MAC
- For RNAT to work, ensure Source/Destination Check is disabled. For more information, see “Changing the Source/Destination Checking” in Elastic Network Interfaces.