Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow

In this deployment, the NetScaler CPX instance acts as a proxy to enable communication between application containers residing on multiple hosts. The NetScaler CPX instance is provisioned along with the applications in multiple hosts and provides the shortest path for communication.

The following image illustrates traffic flow between two applications through the NetScaler CPX instances.

localized image

This image shows traffic flow between application C and application B and between application A and application B. When app C (in any of the hosts) sends a request to B, the request is first received on the NetScaler CPX container on the same host as app C. Then, the NetScaler CPX container passes the traffic to the NetScaler CPX container hosted on the same host as app B, and then the traffic is forwarded to app B. A similar traffic path is followed when app A sends request to app B.

In this example, a NetScaler MPX is also deployed to allow traffic to the applications from the Internet through a global VIP.  The traffic from the NetScaler MPX is received on the NetScaler CPX containers, which then distributes the traffic across the application containers.

The following diagram illustrates this topology with the configurations that need to be set for communication to happen.

localized image

The following table lists the IP addresses and ports that are configured on the NetScaler CPX instances in this example configuration.

localized image

To configure this example scenario, run the following command at the Linux shell prompt while creating the NetScaler CPX container on all three Docker hosts:

docker run -dt -p 22 -p 80 -p 161/udp -p 30000-30002: 30000-30002 --ulimit core=-1 --privileged=truecpx:6.2
<!--NeedCopy-->

Run the following commands either by using the Jobs feature in NetScaler MAS or by using NITRO APIs.

On NetScaler CPX instance on Docker Host 1:

    add lb vserver VIP-A1 HTTP 172.17.0.2 30000
    add service svc-A1 10.102.29.100 HTTP 80
    bind lb vserver VIP-A1 svc-A1
    add lb vserver VIP-B1 HTTP 172.17.0.2 30001
    add service svc-B1 10.102.29.100 HTTP 90
    bind lb vserver VIP-B1 svc-B1
    add lb vserver VIP-C1 HTTP 172.17.0.2 30002
    add service svc-VIP-C2 10.102.29.105 HTTP 30002
    add service svc-VIP-C3 10.102.29.110 HTTP 30002
    bind lb vserver VIP-C1 svc-VIP-C2
    bind lb vserver VIP-C1 svc-VIP-C3
<!--NeedCopy-->

On the NetScaler CPX instance on Docker host 2:

    add lb vserver VIP-A2 HTTP 172.17.0.3 30000
    add service svc-A2 10.102.29.105 HTTP 80
    bind lb vserver VIP-A2 svc-A2
    add lb vserver VIP-B2 HTTP 172.17.0.3 30001
    add service svc-VIP-B1 10.102.29.100 HTTP 30001
    bind lb vserver VIP-B2 svc-VIP-B1
    add lb vserver VIP-C2 HTTP 172.17.0.3 30002
    add service svc-C2 10.102.29.105 HTTP 70
    bind lb vserver VIP-C2 svc-C2
<!--NeedCopy-->

On the NetScaler CPX instance on Docker host 3:

    add lb vserver VIP-A3 HTTP 172.17.0.4 30000
    add service svc-VIP-A1 10.102.29.100 HTTP 30000
    add service svc-VIP-A2 10.102.29.105 HTTP 30000
    bind lb vserver VIP-A3 svc-VIP-A1
    bind lb vserver VIP-A3 svc-VIP-A2
    add lb vserver VIP-B3 HTTP 172.17.0.4 30001
    add service svc-VIP-B1 10.102.29.100 HTTP 30001
    bind lb vserver VIP-B3 svc-VIP-B1
    add lb vserver VIP-C3 HTTP 172.17.0.4 30002
    add service svc-C3 10.102.29.110 HTTP 70
    bind lb vserver VIP-C3 svc-C3
<!--NeedCopy-->
Deploy NetScaler CPX as a Proxy to Enable East-West Traffic Flow