ADC

Configuring and Managing Virtual IP (VIP) Addresses

Configuration of a virtual server IP (VIP) address is not mandatory during initial configuration of the Citrix ADC. When you configure load balancing, you assign VIP addresses to virtual servers.

For more information about configuring a load balancing setup, see Load Balancing.

In some situations, you need to customize VIP attributes or enable or disable a VIP address. A VIP address is usually associated with a virtual server, and some of the VIP attributes are customized to meet the requirements of the virtual server. You can host the same virtual server on multiple Citrix ADC appliances residing on the same broadcast domain, by using ARP and ICMP attributes. After you add a VIP (or any IP address), the appliance sends, and then responds to, ARP requests. VIPs are the only Citrix ADC-owned IP addresses that can be disabled. When a VIP address is disabled, the virtual server using it goes down and does not respond to ARP, ICMP, or L4 service requests. As an alternative to creating VIP addresses one at a time, you can specify a consecutive range of VIP addresses.

To create a VIP address by using the CLI:

At the command prompt, type:

  • add ns ip <IPAddress> <netmask> -type <type>
  • show ns ip <IPAddress>

Example:


> add ns ip 10.102.29.59 255.255.255.0 -type VIP
 Done
<!--NeedCopy-->

To create a range of VIP addresses by using the CLI:

At the command prompt, type:

  • add ns ip <IPAddress> <netmask> -type <type>
  • show ns ip <IPAddress>

Example:


> add ns ip 10.102.29.[60-64] 255.255.255.0 -type VIP
ip "10.102.29.60" added
ip "10.102.29.61" added
ip "10.102.29.62" added
ip "10.102.29.63" added
ip "10.102.29.64" added
 Done
<!--NeedCopy-->

To enable or disable an IPv4 VIP address by using the CLI:

At the command prompt, type one of the following sets of commands to enable or disable a VIP and verify the configuration:

  • enable ns ip <IPAddress>
  • show ns ip <IPAddress>
  • disable ns ip <IPAddress>
  • show ns ip <IPAddress>

Example:


> enable ns ip 10.102.29.79
 Done
> show ns ip 10.102.29.79

        IP: 10.102.29.79
        Netmask: 255.255.255.255
        Type: VIP
        state: Enabled
        arp: Enabled
        icmp: Enabled
        vserver: Enabled
        management access: Disabled
          telnet: Disabled
          ftp: Disabled
          ssh: Disabled
          gui: Disabled
          snmp: Disabled
        Restrict access: Disabled
        dynamic routing: Disabled
        hostroute: Disabled
 Done
> disable ns ip 10.102.29.79
 Done
> show ns ip 10.102.29.79

        IP: 10.102.29.79
        Netmask: 255.255.255.255
        Type: VIP
        state: Disabled
        arp: Enabled
        icmp: Enabled
        vserver: Enabled
        management access: Disabled
          telnet: Disabled
          ftp: Disabled
          ssh: Disabled
          gui: Disabled
          snmp: Disabled
        Restrict access: Disabled
        dynamic routing: Disabled
        hostroute: Disabled

 Done
<!--NeedCopy-->

To configure a VIP address by using the GUI:

Navigate to System > Network > IPs > IPV4s, and add a new IP address or edit an existing address.

To create a range of VIP addresses by using the GUI:

  1. Navigate to System > Network > IPs > IPV4s.
  2. In the Action list, select Add Range.

To enable or disable a VIP address by using the GUI:

  1. Navigate to System > Network > IPs > IPV4s.
  2. Do one of the following:
    • Select a VIP address.
    • Hold down the Ctrl key and select multiple server address entries.
    • Hold down the Shift key and select a range of server address entries.
    • Select all the addresses by selecting the checkbox on the left side of the header row.
  3. From the Action list, select Disable or Enable.

Detecting a Citrix ADC Appliance in a UDP Load Balancing Setup through TTL Updates

The following table displays how a Citrix ADC appliance handles the TTL value of received packets in different functionalities.

Functionality TTL value
Virtual Server TTL is set to 255 when forwarding the request to the backend servers. TTL is decremented by 1 when forwarding the response to the client.
L2 Mode TTL is not changed.
L3 Mode TTL is set to 255.
INAT TTL is set to 255 when forwarding the request to the backend server. TTL is decremented by 1 when forwarding the response to the client.

Some enterprises/scenarios running a monitoring application requires the Citrix ADC appliance of a load balancing setup to be detected as one of the hop in a traceroute. A Citrix ADC appliance of a load balancing setup is not detected in a traceroute because the appliance, by default, sets the TTL value to 255 instead of decrementing it when forwarding the request to a backend server.

To meet this requirement, Decrement TTL parameter of a VIP address can be used. This parameter applies to all UDP virtual servers using this VIP.

When you enable the Decrement TTL parameter of a VIP, the Citrix ADC appliance decrements the TTL value by 1 instead of setting it to 255 when forwarding requests, which are received on the UDP virtual servers that uses this VIP.

Monitoring applications using traceroute data can now detect the presence of a Citrix ADC appliance of a UDP load balancing setup.

Before You Begin

Before you begin configuring a Citrix ADC appliance to be detected in a traceroute of a load balancing setup, note the following points:

  • Decrement TTL parameter is supported only for UDP load balancing virtual servers.
  • Decrement TTL parameter is supported for IPv4 VIP as well as IPv6 VIP (VIP6) addresses.
  • Decrement TTL parameter is supported for standalone Citrix ADC appliances as well as for high availability (HA) and cluster setups.

Configuration Steps

Configuring a Citrix ADC appliance to be detected in a traceroute of a UDP load balancing setup consists of the following tasks:

  • Create a UDP load balancing configuration
  • Enable the Decrement TTL parameter for the VIP address

CLI Procedures

To enable the decrement TTL option for a VIP address by using the CLI:

  • To enable the decrement TTL option for a VIP address while adding the VIP address, at the command prompt, type:
    • add ns ip <ip> <mask> -type VIP -decrementTTL ENABLED
    • show ns ip <VIP address>
  • To enable the decrement TTL option for an existing VIP address, at the command prompt, type:
    • set ns ip <ip> <mask> -decrementTTL ENABLED
    • show ns ip <VIP address>

To enable the decrement TTL option for a VIP6 address by using the CLI:

  • To enable the decrement TTL option for a VIP6 address while adding the VIP6 address, at the command prompt, type:
    • add ns ip6 <IP6/prefix> <mask> -type VIP -decrementTTL ENABLED
    • show ns ip6 <VIP6/prefix>
  • To enable the decrement TTL option for an existing VIP6 address, at the command prompt, type:
    • set ns ip6 <ip6/prefix> <mask> -decrementTTL ENABLED
    • show ns ip6 <VIP6 address>
> add ns ip 203.0.113.30 -type VIP -decrementTTL ENABLED
 Done

> add ns ip6  2001:DB8:5001::30 -type VIP -decrementTTL ENABLED
 Done

GUI Procedures

To enable the decrement TTL option for a VIP address by using the GUI:

Navigate to System > Network > IPs > IPv4s, and enable the Decrement TTL parameter while adding a new VIP address or editing an existing address.

To enable the decrement TTL option for a VIP6 address by using the GUI:

Navigate to System > Network > IPs > IPv6s, and enable the Decrement TTL parameter while adding a new VIP6 address or editing an existing address.

Configuring and Managing Virtual IP (VIP) Addresses