ADC

Configuring and Managing Virtual IP (VIP) Addresses

Configuration of a virtual server IP (VIP) address is not mandatory during initial configuration of the NetScaler. When you configure load balancing, you assign VIP addresses to virtual servers.

For more information about configuring a load balancing setup, see Load Balancing.

In some situations, you need to customize VIP attributes or enable or disable a VIP address. A VIP address is usually associated with a virtual server, and some of the VIP attributes are customized to meet the requirements of the virtual server. You can host the same virtual server on multiple NetScaler appliances residing on the same broadcast domain, by using ARP and ICMP attributes. After you add a VIP (or any IP address), the appliance sends, and then responds to, ARP requests. VIPs are the only NetScaler-owned IP addresses that can be disabled. When a VIP address is disabled, the virtual server using it goes down and does not respond to ARP, ICMP, or L4 service requests. As an alternative to creating VIP addresses one at a time, you can specify a consecutive range of VIP addresses.

To create a VIP address by using the CLI:

At the command prompt, type:

  • add ns ip <IPAddress> <netmask> -type <type>
  • show ns ip <IPAddress>

Example:

> add ns ip 10.102.29.59 255.255.255.0 -type VIP Done

To create a range of VIP addresses by using the CLI:

At the command prompt, type:

  • add ns ip <IPAddress> <netmask> -type <type>
  • show ns ip <IPAddress>

Example:

> add ns ip 10.102.29.[60-64] 255.255.255.0 -type VIP ip "10.102.29.60" added ip "10.102.29.61" added ip "10.102.29.62" added ip "10.102.29.63" added ip "10.102.29.64" added Done

To enable or disable an IPv4 VIP address by using the CLI:

At the command prompt, type one of the following sets of commands to enable or disable a VIP and verify the configuration:

  • enable ns ip <IPAddress>
  • show ns ip <IPAddress>
  • disable ns ip <IPAddress>
  • show ns ip <IPAddress>

Example:

> enable ns ip 10.102.29.79 Done > show ns ip 10.102.29.79 IP: 10.102.29.79 Netmask: 255.255.255.255 Type: VIP state: Enabled arp: Enabled icmp: Enabled vserver: Enabled management access: Disabled telnet: Disabled ftp: Disabled ssh: Disabled gui: Disabled snmp: Disabled Restrict access: Disabled dynamic routing: Disabled hostroute: Disabled Done > disable ns ip 10.102.29.79 Done > show ns ip 10.102.29.79 IP: 10.102.29.79 Netmask: 255.255.255.255 Type: VIP state: Disabled arp: Enabled icmp: Enabled vserver: Enabled management access: Disabled telnet: Disabled ftp: Disabled ssh: Disabled gui: Disabled snmp: Disabled Restrict access: Disabled dynamic routing: Disabled hostroute: Disabled Done

To configure a VIP address by using the GUI:

Navigate to System > Network > IPs > IPV4s, and add a new IP address or edit an existing address.

To create a range of VIP addresses by using the GUI:

  1. Navigate to System > Network > IPs > IPV4s.
  2. In the Action list, select Add Range.

To enable or disable a VIP address by using the GUI:

  1. Navigate to System > Network > IPs > IPV4s.
  2. Do one of the following:
    • Select a VIP address.
    • Hold down the Ctrl key and select multiple server address entries.
    • Hold down the Shift key and select a range of server address entries.
    • Select all the addresses by selecting the checkbox on the left side of the header row.
  3. From the Action list, select Disable or Enable.

Detecting a NetScaler Appliance in a UDP Load Balancing Setup through TTL Updates

The following table displays how a NetScaler appliance handles the TTL value of received packets in different functionalities.

Functionality TTL value
Virtual Server TTL is set to 255 when forwarding the request to the backend servers. TTL is decremented by 1 when forwarding the response to the client.
L2 Mode TTL is not changed.
L3 Mode TTL is set to 255.
INAT TTL is set to 255 when forwarding the request to the backend server. TTL is decremented by 1 when forwarding the response to the client.

Some enterprises/scenarios running a monitoring application requires the NetScaler appliance of a load balancing setup to be detected as one of the hop in a traceroute. A NetScaler appliance of a load balancing setup is not detected in a traceroute because the appliance, by default, sets the TTL value to 255 instead of decrementing it when forwarding the request to a backend server.

To meet this requirement, Decrement TTL parameter of a VIP address can be used. This parameter applies to all UDP virtual servers using this VIP.

When you enable the Decrement TTL parameter of a VIP, the NetScaler appliance decrements the TTL value by 1 instead of setting it to 255 when forwarding requests, which are received on the UDP virtual servers that uses this VIP.

Monitoring applications using traceroute data can now detect the presence of a NetScaler appliance of a UDP load balancing setup.

Before You Begin

Before you begin configuring a NetScaler appliance to be detected in a traceroute of a load balancing setup, note the following points:

  • Decrement TTL parameter is supported only for UDP load balancing virtual servers.
  • Decrement TTL parameter is supported for IPv4 VIP as well as IPv6 VIP (VIP6) addresses.
  • Decrement TTL parameter is supported for standalone NetScaler appliances as well as for high availability (HA) and cluster setups.

Configuration Steps

Configuring a NetScaler appliance to be detected in a traceroute of a UDP load balancing setup consists of the following tasks:

  • Create a UDP load balancing configuration
  • Enable the Decrement TTL parameter for the VIP address

CLI Procedures

To enable the decrement TTL option for a VIP address by using the CLI:

  • To enable the decrement TTL option for a VIP address while adding the VIP address, at the command prompt, type:
    • add ns ip <ip> <mask> -type VIP -decrementTTL ENABLED
    • show ns ip <VIP address>
  • To enable the decrement TTL option for an existing VIP address, at the command prompt, type:
    • set ns ip <ip> <mask> -decrementTTL ENABLED
    • show ns ip <VIP address>

To enable the decrement TTL option for a VIP6 address by using the CLI:

  • To enable the decrement TTL option for a VIP6 address while adding the VIP6 address, at the command prompt, type:
    • add ns ip6 <IP6/prefix> <mask> -type VIP -decrementTTL ENABLED
    • show ns ip6 <VIP6/prefix>
  • To enable the decrement TTL option for an existing VIP6 address, at the command prompt, type:
    • set ns ip6 <ip6/prefix> <mask> -decrementTTL ENABLED
    • show ns ip6 <VIP6 address>
> add ns ip 203.0.113.30 -type VIP -decrementTTL ENABLED Done > add ns ip6 2001:DB8:5001::30 -type VIP -decrementTTL ENABLED Done

GUI Procedures

To enable the decrement TTL option for a VIP address by using the GUI:

Navigate to System > Network > IPs > IPv4s, and enable the Decrement TTL parameter while adding a new VIP address or editing an existing address.

To enable the decrement TTL option for a VIP6 address by using the GUI:

Navigate to System > Network > IPs > IPv6s, and enable the Decrement TTL parameter while adding a new VIP6 address or editing an existing address.

Configuring and Managing Virtual IP (VIP) Addresses