- 
                    
                    Getting Started with NetScaler 
- 
                    
                    Solutions for Telecom Service Providers 
- 
                                    Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols 
- 
                                    Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider 
 
- 
                    
                    Authentication, authorization, and auditing application traffic 
- 
                                    Basic components of authentication, authorization, and auditing configuration 
- 
                                    Web Application Firewall protection for VPN virtual servers and authentication virtual servers 
- 
                                    On-premises NetScaler Gateway as an identity provider to Citrix Cloud™ 
- 
                                    Authentication, authorization, and auditing configuration for commonly used protocols 
- 
                                    Troubleshoot authentication and authorization related issues 
 
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                                    Use case: Deployment of domain name based autoscale™ service group 
- 
                                    Use case: Deployment of IP address based autoscale service group 
 
- 
                    
                    
                        
- 
                                    Persistence and persistent connections 
- 
                                    Advanced load balancing settings - 
                                                    Gradually stepping up the load on a new service with virtual server–level slow start 
- 
                                                    Protect applications on protected servers against traffic surges 
- 
                                                    Retrieve location details from user IP address using geolocation database 
- 
                                                    Use source IP address of the client when connecting to the server 
- 
                                                    Use client source IP address for backend communication in a v4-v6 load balancing configuration 
- 
                                                    Set a limit on number of requests per connection to the server 
- 
                                                    Configure automatic state transition based on percentage health of bound services 
 
- 
                                                    
- 
                                    Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream 
- 
                                    Use case 3: Configure load balancing in direct server return mode 
- 
                                    Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field 
- 
                                    Use case 7: Configure load balancing in DSR mode by using IP Over IP 
- 
                                    Use case 10: Load balancing of intrusion detection system servers 
- 
                                    Use case 11: Isolating network traffic using listen policies 
- 
                                    Use case 12: Configure Citrix Virtual Desktops for load balancing 
- 
                                    Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing 
- 
                                    Use case 14: ShareFile wizard for load balancing Citrix ShareFile 
- 
                                    Use case 15: Configure layer 4 load balancing on the NetScaler appliance 
 
- 
                    
                    
                        
- 
                    
                    
                        
- 
                    
                    
                        
- 
                                    Authentication and authorization for System Users 
- 
                                    
                                    
- 
                                                    Configuring a CloudBridge Connector Tunnel between two Datacenters 
- 
                                                    Configuring CloudBridge Connector between Datacenter and AWS Cloud 
- 
                                                    Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud 
- 
                                                    Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud 
- 
                                                    Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device 
- 
                                                    CloudBridge Connector Tunnel Diagnostics and Troubleshooting 
 
 
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Manage client connections
To facilitate management of client connections, you can enable delayed cleanup of connections to the virtual server. You can then manage local DNS traffic by configuring DNS policies.
Enable delayed cleanup of virtual server connections
The state of a virtual server depends on the states of the services bound to it, and the state of each service depends on the monitors bound to it. If a server is slow or down, the monitoring probes time out and the service that represents the server is marked as DOWN. A virtual server is marked as DOWN only when all services bound to it are marked as DOWN. You can configure services and virtual servers to either terminate all connections when they go down, or allow the connections to go through. The latter setting is for situations in which a service is marked as DOWN because of a slow server.
When you configure the down state flush option, the NetScaler appliance performs a delayed cleanup of connections to a GSLB service that is down.
To enable delayed cleanup of virtual server connections by using the command line interface
At the command prompt, type the following commands to configure delayed connection cleanup and verify the configuration:
set gslb service <name> -downStateFlush (ENABLED | DISABLED)
show gslb service <name>
<!--NeedCopy-->
Example:
set gslb service Service-GSLB-1 -downStateFlush ENABLED
Done
show gslb service Service-GSLB-1
Done
<!--NeedCopy-->
To enable delayed cleanup of virtual server connections by using the configuration utility
- Navigate to Traffic Management > GSLB > Services and double-click the service.
- Click the Other Settings section and select the Down State Flush option.
Manage local DNS traffic by using DNS policies
You can use DNS policies to implement site affinity by directing traffic from the IP address of a local DNS resolver or network to a predefined target GSLB site. This is configured by creating DNS policies with DNS expressions and binding the policies globally on the NetScaler appliance.
DNS expressions
The NetScaler appliance provides certain predefined DNS expressions that can be used for configuring actions specific to a domain. Such actions can, for example, drop certain requests, select a specific view for a specific domain, or redirect certain requests to a specific location.
These DNS expressions (also called rules) are combined to create DNS policies that are then bound globally on the NetScaler appliance.
Following is the list of predefined DNS qualifiers available on the NetScaler appliance:
- CLIENT.UDP.DNS.DOMAIN.EQ(“domainname”)
- CLIENT.UDP.DNS.IS_AREC
- CLIENT.UDP.DNS.IS_AAAAREC
- CLIENT.UDP.DNS.IS_SRVREC
- CLIENT.UDP.DNS.IS_MXREC
- CLIENT.UDP.DNS.IS_SOAREC
- CLIENT.UDP.DNS.IS_PTRREC
- CLIENT.UDP.DNS.IS_CNAME
- CLIENT.UDP.DNS.IS_NSREC
- CLIENT.UDP.DNS.IS_ANYREC
The CLIENT.UDP.DNS.DOMAIN DNS expression can be used with string expressions. If you are using domain names as part of the expression, they must end with a period (.). For example, CLIENT.UDP.DNS.DOMAIN.ENDSWITH(“abc.com.”)
To create an expression by using the configuration utility
- Click the icon next to the Expression text box. Click Add. (Leave the Flow Type and Protocol drop-down list boxes empty.) Follow these steps to create a rule.
- In the Qualifier box, select a qualifier (for example, LOCATION).
- In the Operator box, select an operator (for example, ==).
- In the Value box, type a value (for example, Asia, Japan….).
- Click OK. Click Create and click Close. The rule is created.
- Click OK.
Configure DNS actions
A DNS policy includes the name of a DNS action to be performed when the policy rule evaluates to TRUE. A DNS action can do one of the following:
- Send the client an IP address for which you have configured a DNS view. For more information about DNS views, see Adding DNS Views.
- Send the client the IP address of a GSLB service after referring to a list of preferred locations that overrides static proximity behavior. For more information about preferred locations, see Overriding Static Proximity Behavior by Configuring Preferred Locations.
- Send the client a specific IP address as determined by the evaluation of the DNS query or response (DNS response rewrite).
- Forward a request to the name server without performing a lookup in the appliance’s DNS cache.
- Drop a request.
You cannot create a DNS action for dropping a DNS request or for bypassing the DNS cache on the appliance. If you want to drop a DNS request, use the built-in action, dns_default_act_Drop. If you want to bypass the DNS cache, use the built-in action, dns_default_act_Cachebypass. Both actions are available along with custom actions in the Create DNS Policy and the Configure DNS Policy dialog boxes. These built-in actions cannot be modified or removed.
To configure a DNS action by using the command line interface
At the command prompt, type the following commands to configure a DNS action and verify the configuration:
add dns action <actionName> <actionType> (-IPAddress <ip_addr | ipv6_addr> ... | -viewName <string> | -preferredLocList <string> ...) [-TTL <secs>]
show dns action [<actionName>]
<!--NeedCopy-->
Examples
Example 1: Configuring DNS Response Rewrite. The following DNS action sends the client a preconfigured IP address when the policy to which the action is bound evaluates to true:
add dns action dns_act_response_rewrite Rewrite_Response -IPAddress 192.0.2.20 192.0.2.56 198.51.100.10
 Done
show dns action dns_act_response_rewrite
1)  ActionName:  dns_act_response_rewrite ActionType:  Rewrite_Response TTL:  3600               IPAddress:  192.0.2.20 192.0.2.56 198.51.100.10
 Done
<!--NeedCopy-->
Example 2: Configuring a DNS-View Based Response. The following DNS action sends the client an IP address for which you have configured a DNS view:
add dns action send_ip_from_view_internal_ip ViewName -viewName view_internal_ip
Done
show dns action send_ip_from_view_internal_ip
1)  ActionName:  send_ip_from_view_internal_ip ActionType:  ViewName    ViewName:  view_internal_ip
 Done
<!--NeedCopy-->
Example 3: Configuring a Response Based on a Preferred Location List. The following DNS action sends the client the IP address that corresponds to the preferred location that it selects from the specified list of locations:
add dns action send_preferred_location GslbPrefLoc -preferredLocList NA.tx.ns1.*.*.* NA.tx.ns2.*.*.* NA.tx.ns3.*.*.*
Done
show dns action  send_preferred_location
1)  ActionName:  send_preferred_location ActionType:  GslbPrefLoc PreferredLocList:  "NA.tx.ns1.*.*.*" "NA.tx.ns2.*.*.*" "NA.tx.ns3.*.*.*"
 Done
<!--NeedCopy-->
To configure a DNS action by using the NetScaler configuration utility
- Navigate to Traffic Management > DNS > Actions, create or edit a DNS action.
- In the Create DNS Action or Configure DNS Action dialog box, set the following parameters:
    - Action Name (cannot be changed for an existing DNS action)
- Type (cannot be changed for an existing DNS action)
 To set the
 Type parameter, do one of the following:
        - To create a DNS action that is associated with a DNS view, select View Name. Then, from the View Name list, select the DNS view that you want to use in the action.
- To create a DNS action with a preferred location list, select Preferred Location List. In Preferred Location, enter a location, and then click Add. Add as many DNS locations as you want.
- To configure a DNS action for rewriting a DNS response on the basis of policy evaluation, select Rewrite Response. In IP Address, enter an IP address, and then click Add. Add as many IP addresses as you want.
 
- TTL (applicable only to the Rewrite Response action type)
 
Configure DNS policies
DNS policies operate on a location database that uses static and custom IP addresses. The attributes of the incoming local DNS request are defined as part of an expression, and the target site is defined as part of a DNS policy. While defining actions and expressions, you can use a pair of single quotation marks (‘’) as a wildcard qualifier to specify more than one location. When a DNS policy is configured and a GSLB request is received, the custom IP address database is first queried for an entry that defines the location attributes for the source:
- When a DNS query comes from an LDNS, the characteristics of the LDNS are evaluated against the configured policies. If they match, an appropriate action (site affinity) is executed. If the LDNS characteristics match more than one site, the request is load balanced between the sites that match the LDNS characteristics.
- If the entry is not found in the custom database, the static IP address database is queried for an entry, and if there is a match, the above policy evaluation is repeated.
- If the entry is not found in either the custom or static databases, the best site is selected and sent in the DNS response on the basis of the configured load balancing method.
The following restrictions apply to DNS policies created on the NetScaler appliance.
- 
    A maximum of 64 policies are supported. 
- 
    DNS policies are global to the NetScaler appliance and cannot be applied to a specific virtual server or domain. 
- 
    Domain or virtual server specific binding of policy is not supported. 
You can use DNS policies to direct clients that match a certain IP address range to a specific site. For example, if you have a GSLB setup with multiple GSLB sites that are separated geographically, you can direct all clients whose IP address is within a specific range to a particular data center.
Both TCP-based and UDP-based DNS traffic can be evaluated. Policy expressions are available for UDP-based DNS traffic on the server and for both UDP-based DNS traffic and TCP-based DNS traffic on the client side. Additionally, you can configure expressions to evaluate queries and responses that involve only the following DNS question types (or QTYPE values):
- A
- AAAA
- NS
- SRV
- PTR
- CNAME
- SOA
- MX
- ANY
The following response codes (RCODE values) are also supported:
- NOERROR - No error
- FORMERR - Format error
- SERVFAIL - Server failure
- NXDOMAIN - Non-existent domain
- NOTIMP - Query type not implemented
- REFUSED - Query refused
You can configure expressions to evaluate DNS traffic. A DNS expression begins with the DNS.REQ or DNS.RES prefixes. Functions are available for evaluating the queried domain, the query type, and the carrier protocol. For more information about DNS expressions, see “Expressions for Evaluating a DNS Message and Identifying Its Carrier Protocol” in “Policy Configuration and Reference”.
To add a DNS policy by using the command line interface
At the command prompt, type the following commands to create a DNS policy and verify the configuration:
add dns policy <name> <rule> <actionName>
show dns policy <name>
<!--NeedCopy-->
Example:
> add dns policy-GSLB-1 'CLIENT.UDP.DNS.DOMAIN.EQ("domainname")' my_dns_action
 Done
> show dns policy-GSLB-1
    Name: policy-GSLB-1
    Rule: CLIENT.UDP.DNS.DOMAIN.EQ("domainname")
    Action Name: my_dns_action
    Hits: 0
    Undef Hits: 0
 Done
<!--NeedCopy-->
To remove a configured DNS policy by using the command line interface
At the command prompt, type:
rm dns policy <name>
<!--NeedCopy-->
To configure a DNS policy by using the NetScaler configuration utility
- Navigate to Traffic Management > DNS > Policies and create a DNS policy.
- In the Create DNS Policy or Configure DNS Policy dialog box, set the following parameters:
    - Policy Name (cannot be changed for an existing policy)
- Action
- Expression
 To specify an expression, do the following:
        - Click Add, and then, in the drop-down box that appears, select the expression element with which you want to begin the expression. A second list appears. The list contains a set of expression elements that you can use immediately after the firs expression element.
- In the second list, select the expression element that you want, and then enter a period.
- After each selection, if you enter a period, the next set of valid expression elements appear in a list. Select expression elements and fill in arguments to functions until you have the expression you want.
 
 
- Click Create or OK, and then click Close.
Bind DNS policies
DNS policies are bound globally on the NetScaler appliance and are available for all configured GSLB virtual servers. Even though DNS policies are globally bound, policy execution can be limited to a specific GSLB virtual server by specifying the domain in the expression.
Note: Even though the bind dns global command accepts REQ_OVERRIDE and RES_OVERRIDE as valid bind points, those bind points are redundant, because DNS policies can be bound only globally. Bind your DNS policies only to the REQ_DEFAULT and RES_DEFAULT bind points.
To bind a DNS policy globally by using the command line interface
At the command prompt, type the following commands to bind a DNS policy globally and verify the configuration:
bind dns global <policyName> <priority> [-gotoPriorityExpression <string>] [-type <type>]
show dns global -type <type>
<!--NeedCopy-->
Example:
bind dns global policy-GSLB-1 10 -gotoPriorityExpression END
 Done
show dns global -type REQ_DEFAULT
1)  Policy Name: policy-GSLB-1
    Priority: 10
    GotoPriorityExpression: END
 Done
<!--NeedCopy-->
To bind a DNS policy globally by using the configuration utility
- Navigate to Traffic Management > DNS > Policies.
- In the details pane, click Global Bindings.
- In the Bind/Unbind DNS Policy(s) to Global dialog box, click Insert Policy.
- In the Policy Name column, select, from the list, the policy that you want to bind. Alternatively, in the list, click New Policy, and then create a DNS policy by setting parameters in the Create DNS Policy dialog box.
- To modify a policy that is already bound globally, click the name of the policy, and then click Modify Policy. Then, in the Configure DNS Policy dialog box, modify the policy, and then click OK.
- To unbind a policy, click the name of the policy, and then click Unbind Policy.
- To modify the priority assigned to a policy, double-click the priority value, and then enter a new value.
- To regenerate assigned priorities, click Regenerate Priorities. The priority values are modified to begin at 100, with increments of 10, without affecting the order of evaluation.
- Click OK.
To view the global bindings of a DNS policy by using the command line interface
At the command prompt, type:
show dns global
To view the global bindings of a DNS policy by using the configuration utility
- Navigate to Traffic Management > DNS > Policies.
- In the details pane, click Global Bindings. The global bindings of all DNS policies appear in this dialog box.
Adding DNS Views
You can configure DNS views to identify various types of clients and provide an appropriate IP address to a group of clients who query for the same GSLB domain. DNS views are configured by using DNS policies that select the IP addresses sent back to the client.
For example, if you have configured GSLB for your company’s domain and have the server hosted in your company’s network, clients querying for the domain from within your company’s internal network can be provided with the server’s internal IP address instead of the public IP address. Clients that query DNS for the domain from the Internet, on the other hand, can be provided the domain’s public IP address.
To add a DNS view, you assign it a name of up to 31 characters. The leading character must be a number or letter. The following characters are also allowed: @ _ - . (period) : (colon) # and space ( ). After adding the view, you configure a policy to associate it with clients and a part of the network, and you bind the policy globally. To configure and bind a DNS policy, see Managing Local DNS Traffic by Using DNS Policies.
To add a DNS view by using the command line interface
At the command prompt, type the following commands to create a DNS view and verify the configuration:
add dns view <viewName>
show dns view <viewName>
<!--NeedCopy-->
Example:
add dns view PrivateSubnet
show dns view PrivateSubnet
<!--NeedCopy-->
To remove a DNS view by using the command line interface
At the command prompt, type:
rm dns view <viewName>
<!--NeedCopy-->
To add a DNS view by using the configuration utility
Navigate to Traffic Management > DNS > Views and add a DNS view.
For details on how to create a DNS policy and how to bind DNS policies globally, see Managing Local DNS Traffic by Using DNS Policies.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.