ADC

Use a source port from a specified port range for backend communication

By default, for configurations with USIP option disabled or with USIP and use proxy port options enabled, the Citrix ADC appliance communicates to the servers from a random source port (greater than 1024).

The appliance supports using a source port from a specified port range for communicating to the servers. One of the use case of this feature is for servers that are configured to identify received traffic belonging to a specific set on the basis of source port for logging and monitoring purposes. For example, identifying internal and external traffic for logging purpose.

Configuring the Citrix ADC appliance to use a source port from a port range for communicating to the servers consists of the following tasks:

  • Create a net profile and set the source port range parameter. A source port range parameter specifies one or more port ranges. The appliance randomly selects one of the free ports from the specified port ranges and used it as the source port for each connection to servers.
  • Bind the net profile to load balancing virtual servers, services, or service groups: A net profile with source port range setting can be bound to a virtual server, service, or a service group of a load balancing configuration. For a connection to a virtual server, the appliance randomly selects one of the free ports from the specified port ranges of a net profile and use this port as the source port for connecting to one of the bound server.

To specify a source port range or ranges by using the CLI

At the command prompt, type:

bind netProfile <name> (-srcPortRange <int[-int]> ...)

show netprofile <name>
<!--NeedCopy-->

To specify a source port range or ranges by using the GUI

  1. Navigate to System > Network > Net Profiles.
  2. Set the Source Port Range parameter while adding or modifying NetProfiles.

Sample Configuration

In the following sample configuration, net profile PARTIAL-NAT-1 has partial NAT settings and is bound to load balancing virtual server LBVS-1, which is of type ANY. For packets received on LBVS-1 from 192.0.0.0/8, the Citrix ADC appliance translates the last octet of the packet’s source IP address to 100. For example, a packet with source IP address 192.0.2.30 received on LBVS-1, the Citrix ADC appliance translates the source IP address to 100.0.2.30 before sending it one of the bound servers.

> add netprofile CUSTOM-SRCPORT-NP-1
Done
> bind netprofile CUSTOM-SRCPRT-NP-1 –srcportrange 2000-3000

Done
> bind netprofile CUSTOM-SRCPRT-NP-1 –srcportrange 5000-6000

Done
> add lb vserver LBVS-1 ANY 203.0.113. 61 * -netprofile PARTIAL-NAT-1

Done
Use a source port from a specified port range for backend communication