ADC

Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands

August 20, 2024

Contributed by:

C C

You can deploy a pair of Citrix ADC VPX instances with multiple NICs in an active-passive high availability (HA) setup on Azure. Each NIC can contain multiple IP addresses.

An active-passive deployment requires:

An HA Independent Network Configuration (INC) configuration
The Azure Load Balancer (ALB) in Direct Server Return (DSR) mode

All traffic goes through the primary node. The secondary node remains in standby mode until the primary node fails.

Note

For a Citrix ADC VPX high availability deployment on Azure cloud to work, you need a floating public IP (PIP) that can be moved between the two high-availability nodes. The Azure Load Balancer (ALB) provides that floating PIP, which is moved to the second node automatically in the event of a failover.

Diagram: Example of an active-passive deployment architecture

localized image

In an active-passive deployment, the ALB floating public IP (PIP) addresses are added as the VIP addresses in each VPX node. In HA-INC configuration, the VIP addresses are floating and SNIP addresses are instance specific.

ALB monitors each VPX instances by sending health probe at every 5 seconds and redirects traffic to that instance only that sends health probes response on regular interval. So in an HA setup, the primary node responds to health probes and secondary does not. If the primary instances misses two consecutive health probes, ALB does not redirect traffic to that instance. On failover, the new primary starts responding to health probes and the ALB redirects traffic to it. The standard VPX high availability failover time is three seconds. The total failover time that might take for traffic switching can be maximum of 13 seconds.

You can deploy a VPX pair in active-passive HA setup in two ways by using:

Citrix ADC VPX Standard high availability template: use this option to configure an HA pair with the default option of three subnets and six NICs.
Windows PowerShell commands: use this option to configure an HA pair according to your subnet and NIC requirements.

This topic describes how to deploy a VPX pair in active-passive HA setup by using PowerShell commands. If you want to use the Citrix ADC VPX Standard HA template, see Configuring an HA Setup with Multiple IP Addresses and NICs.

Configure HA-INC nodes by using PowerShell Ccmmands

Scenario: HA-INC PowerShell deployment

In this scenario, you deploy a Citrix ADC VPX pair by using the topology given in the table. Each VPX instance contains three NICs, with each NIC is deployed in a different subnet. Each NIC is assigned an IP configuration.

ALB	VPX1	VPX2
ALB is associated with public IP 3 (pip3)	Management IP is configured with IPConfig1, which includes one public IP (pip1) and one private IP (12.5.2.24); nic1; Mgmtsubnet=12.5.2.0/24	Management IP is configured with IPConfig5, which includes one public IP (pip3) and one private IP (12.5.2.26);nic4;Mgmtsubnet=12.5.2.0/24
LB rules and port configured are HTTP (80),SSL (443), health probe (9000)	Client-side IP is configured with IPConfig3, which includes one private IP(12.5.1.27);nic2; FrontEndsubet=12.5.1.0/24	Client-side IP is configured with IPConfig7, which includes one private IP (12.5.1.28);nic5;FrontEndsubet=12.5.1.0/24
-	Server-side IP is configured with IPConfig4, which includes one private IP(12.5.3.24); nic3;BackendSubnet=12.5.3.0/24	Server-side IP is configured with IPConfig8, which includes one private IP(12.5.3.28);nic6;BackendSubnet=12.5.3.0/24
-	Rules and ports for NSG areSSH (22),HTTP (80),HTTPS (443)	-

Parameter settings

The following parameter settings are used in this scenario. $locName= “South east Asia”

$rgName = “MulitIP-MultiNIC-RG”

$nicName1= “VM1-NIC1”

$nicName2 = “VM1-NIC2”

$nicName3= “VM1-NIC3”

$nicName4 = “VM2-NIC1”

$nicName5= “VM2-NIC2”

$nicName6 = “VM2-NIC3”

$vNetName = “Azure-MultiIP-ALB-vnet”

$vNetAddressRange= “12.5.0.0/16”

$frontEndSubnetName= “frontEndSubnet”

$frontEndSubnetRange= “12.5.1.0/24”

$mgmtSubnetName= “mgmtSubnet”

$mgmtSubnetRange= “12.5.2.0/24”

$backEndSubnetName = “backEndSubnet”

$backEndSubnetRange = “12.5.3.0/24”

$prmStorageAccountName = “multiipmultinicbstorage”

$avSetName = “multiple-avSet”

$vmSize= “Standard_DS4_V2”

$publisher = “citrix”

$offer = “netscalervpx-120”

$sku = “netscalerbyol”

$version=”latest”

$pubIPName1=”VPX1MGMT”

$pubIPName2=”VPX2MGMT”

$pubIPName3=”ALBPIP”

$domName1=”vpx1dns”

$domName2=”vpx2dns”

$domName3=”vpxalbdns”

$vmNamePrefix=”VPXMultiIPALB”

$osDiskSuffix1=”osmultiipalbdiskdb1”

$osDiskSuffix2=”osmultiipalbdiskdb2”

$lbName= “MultiIPALB”

$frontEndConfigName1= “FrontEndIP”

$backendPoolName1= “BackendPoolHttp”

$lbRuleName1= “LBRuleHttp”

$healthProbeName= “HealthProbe”

$nsgName=”NSG-MultiIP-ALB”

$rule1Name=”Inbound-HTTP”

$rule2Name=”Inbound-HTTPS”

$rule3Name=”Inbound-SSH”

To complete the deployment, complete the following steps by using PowerShell commands:

Create a resource group, storage account, and availability set
Create a network security group and add rules
Create a virtual network and three subnets
Create public IP addresses
Create IP configurations for VPX1
Create IP configurations for VPX2
Create NICs for VPX1
Create NICs for VPX2
Create VPX1
Create VPX2
Create ALB

Create a resource group, storage account, and availability set.

New-AzureRmResourceGroup -Name $rgName -Location $locName

$prmStorageAccount=New-AzureRMStorageAccount -Name $prmStorageAccountName -ResourceGroupName $rgName -Type Standard_LRS -Location $locName

$avSet=New-AzureRMAvailabilitySet -Name $avSetName -ResourceGroupName $rgName -Location $locName

Create a network security group and add rules.

$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name $rule1Name -Description "Allow HTTP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 101

-SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80

$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name $rule2Name -Description "Allow HTTPS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 110

-SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443

$rule3 = New-AzureRmNetworkSecurityRuleConfig -Name $rule3Name -Description "Allow SSH" -Access Allow -Protocol Tcp -Direction Inbound -Priority 120

-SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22

$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $rgName -Location $locName -Name $nsgName -SecurityRules $rule1,$rule2,$rule3

Create a virtual network and three subnets.

$frontendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $frontEndSubnetName -AddressPrefix $frontEndSubnetRange (this parameter value should be as per your requirement)

$mgmtSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $mgmtSubnetName -AddressPrefix $mgmtSubnetRange

$backendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $backEndSubnetName -AddressPrefix $backEndSubnetRange

$vnet =New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $rgName -Location $locName -AddressPrefix $vNetAddressRange -Subnet $frontendSubnet,$backendSubnet, $mgmtSubnet

$subnetName ="frontEndSubnet"

\$subnet1=\$vnet.Subnets|?{\$\_.Name -eq \$subnetName}

$subnetName="backEndSubnet"

\$subnet2=\$vnet.Subnets|?{\$\_.Name -eq \$subnetName}

$subnetName="mgmtSubnet"

\$subnet3=\$vnet.Subnets|?{\$\_.Name -eq \$subnetName}

Create public IP addresses.

$pip1=New-AzureRmPublicIpAddress -Name $pubIPName1 -ResourceGroupName $rgName -DomainNameLabel $domName1 -Location $locName -AllocationMethod Dynamic

$pip2=New-AzureRmPublicIpAddress -Name $pubIPName2 -ResourceGroupName $rgName -DomainNameLabel $domName2 -Location $locName -AllocationMethod Dynamic

$pip3=New-AzureRmPublicIpAddress -Name $pubIPName3 -ResourceGroupName $rgName -DomainNameLabel $domName3 -Location $locName -AllocationMethod Dynamic

Create IP configurations for VPX1.

$IpConfigName1 = "IPConfig1"

$IPAddress = "12.5.2.24"

$IPConfig1=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName1 -Subnet $subnet3 -PrivateIpAddress $IPAddress -PublicIpAddress $pip1 -Primary

$IPConfigName3="IPConfig-3"

$IPAddress="12.5.1.27"

$IPConfig3=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName3 -Subnet $subnet1 -PrivateIpAddress $IPAddress -Primary

$IPConfigName4 = "IPConfig-4"

$IPAddress = "12.5.3.24"

$IPConfig4 = New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName4 -Subnet $subnet2 -PrivateIpAddress $IPAddress -Primary

Create IP configurations for VPX2.

$IpConfigName5 = "IPConfig5"

$IPAddress="12.5.2.26"

$IPConfig5=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName5 -Subnet $subnet3 -PrivateIpAddress $IPAddress -PublicIpAddress $pip2 -Primary

$IPConfigName7="IPConfig-7"

$IPAddress="12.5.1.28"

$IPConfig7=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName7 -Subnet $subnet1 -PrivateIpAddress $IPAddress -Primary

$IPConfigName8="IPConfig-8"

$IPAddress="12.5.3.28"

$IPConfig8=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName8 -Subnet $subnet2 -PrivateIpAddress $IPAddress -Primary

Create NICs for VPX1.

$nic1=New-AzureRmNetworkInterface -Name $nicName1 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig1 -NetworkSecurityGroupId $nsg.Id

$nic2=New-AzureRmNetworkInterface -Name $nicName2 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig3 -NetworkSecurityGroupId $nsg.Id

$nic3=New-AzureRmNetworkInterface -Name $nicName3 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig4 -NetworkSecurityGroupId $nsg.Id

Create NICs for VPX2.

$nic4=New-AzureRmNetworkInterface -Name $nicName4 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig5 -NetworkSecurityGroupId $nsg.Id

$nic5=New-AzureRmNetworkInterface -Name $nicName5 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig7 -NetworkSecurityGroupId $nsg.Id

$nic6=New-AzureRmNetworkInterface -Name $nicName6 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig8 -NetworkSecurityGroupId $nsg.Id

Create VPX1.

This step includes the following substeps:

Create VM config object
Set credentials, OS, and image
Add NICs
Specify OS disk and create VM

$suffixNumber = 1

$vmName=$vmNamePrefix + $suffixNumber

$vmConfig=New-AzureRMVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avSet.Id

$cred=Get-Credential -Message "Type the name and password for VPX login."

$vmConfig=Set-AzureRMVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred

$vmConfig=Set-AzureRMVMSourceImage -VM $vmConfig -PublisherName $publisher -Offer $offer -Skus $sku -Version $version

$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic1.Id -Primary

$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic2.Id

$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic3.Id

$osDiskName=$vmName + "-" + $osDiskSuffix1

$osVhdUri=$prmStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $osDiskName + ".vhd"

$vmConfig=Set-AzureRMVMOSDisk -VM $vmConfig -Name $osDiskName -VhdUri $osVhdUri -CreateOption fromImage

Set-AzureRmVMPlan -VM $vmConfig -Publisher $publisher -Product $offer -Name $sku

New-AzureRMVM -VM $vmConfig -ResourceGroupName $rgName -Location $locName

Create VPX2.

$suffixNumber=2

$vmName=$vmNamePrefix + $suffixNumber

$vmConfig=New-AzureRMVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avSet.Id

$cred=Get-Credential -Message "Type the name and password for VPX login."

$vmConfig=Set-AzureRMVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred

$vmConfig=Set-AzureRMVMSourceImage -VM $vmConfig -PublisherName $publisher -Offer $offer -Skus $sku -Version $version

$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic4.Id -Primary

$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic5.Id

$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic6.Id

$osDiskName=$vmName + "-" + $osDiskSuffix2

$osVhdUri=$prmStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $osDiskName + ".vhd"

$vmConfig=Set-AzureRMVMOSDisk -VM $vmConfig -Name $osDiskName -VhdUri $osVhdUri -CreateOption fromImage

Set-AzureRmVMPlan -VM $vmConfig -Publisher $publisher -Product $offer -Name $sku

New-AzureRMVM -VM $vmConfig -ResourceGroupName $rgName -Location $locName

To view private and public IP addresses assigned to the NICs, type the following commands:

$nic1.IPConfig

$nic2.IPConfig

$nic3.IPConfig

$nic4.IPConfig

$nic5.IPConfig

$nic6.IPConfig

Create Azure load balance (ALB).

This step includes the following substeps:

Create frontend IP config
Create health probe
Create backend address pool
Create load-balancing rules (HTTP and SSL)
Create ALB with frontend IP config, backend address pool, and LB rule
Associate IP config with backend pools

$frontEndIP1=New-AzureRmLoadBalancerFrontendIpConfig -Name $frontEndConfigName1 -PublicIpAddress $pip3

$healthProbe=New-AzureRmLoadBalancerProbeConfig -Name $healthProbeName -Protocol Tcp -Port 9000 –IntervalInSeconds 5 -ProbeCount 2

$beAddressPool1=New-AzureRmLoadBalancerBackendAddressPoolConfig -Name $backendPoolName1

$lbRule1=New-AzureRmLoadBalancerRuleConfig -Name $lbRuleName1 -FrontendIpConfiguration $frontEndIP1 -BackendAddressPool $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 80 -EnableFloatingIP

$lb=New-AzureRmLoadBalancer -ResourceGroupName $rgName -Name $lbName -Location $locName -FrontendIpConfiguration $frontEndIP1 -LoadBalancingRule $lbRule1 -BackendAddressPool $beAddressPool1 -Probe $healthProbe

$nic2.IpConfigurations[0].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[0])

$nic5.IpConfigurations[0].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[0])

\$lb=\$lb |Set-AzureRmLoadBalancer

\$nic2=\$nic2 | Set-AzureRmNetworkInterface

\$nic5=\$nic5 | Set-AzureRmNetworkInterface

After you’ve successfully deployed the Citrix ADC VPX pair, log on to each VPX instance to configure HA-INC, and SNIP and VIP addresses.

Type the following command to add HA nodes.

add ha node 1 PeerNodeNSIP -inc Enabled

2. Add private IP addresses of client-side NICs as SNIPs for VPX1 (NIC2) and VPX2 (NIC5)

add nsip privateIPofNIC2 255.255.255.0 -type SNIP

add nsip privateIPofNIC5 255.255.255.0 -type SNIP

3. Add load-balancing vserver on the primary node with front-end IP address (public IP) of ALB.

add lb vserver v1 HTTP FrontEndIPofALB 80

Related resources:

Configuring GSLB on Active-Standby HA Deployment on Azure

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands

August 20, 2024

Contributed by:

C C

August 20, 2024

Contributed by:

C C

Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands

Configure HA-INC nodes by using PowerShell Ccmmands

Scenario: HA-INC PowerShell deployment

Parameter settings

In this article