Deploy a VPX high-availability pair on Google Cloud Platform
You can configure two Citrix ADC VPX instances on Google Cloud Platform as a high availability (HA) active-passive pair. When you configure one instance as the primary node and the other as the secondary node, the primary node accepts connections and manages servers. The secondary node monitors the primary. If for any reason, if the primary node is unable to accept connections, the secondary node takes over. Also, the client IP of the primary node must be bound to an external static IP address, for traffic to resume after a failover.
For more information on HA, see High Availability.
The nodes must be in the same region; however, they can be either in same zone or different zones. For more information, see Regions and Zones.
Each VPX instance requires at least three IP subnets (Google VPC networks):
- A management subnet
- A client-facing subnet (VIP)
- A back-end facing subnet (SNIP, MIP, and so on)
Citrix recommends three network interfaces for a standard VPX instance.
Before you start
- Read the Limitation, Hardware requirements, Points to note mentioned in Deploy a Citrix ADC VPX instance on Google Cloud Platform. This information applies to HA deployments also.
- Ensure your GCP service account has the following IAM permissions:
REQUIRED_INSTANCE_IAM_PERMS = [
"compute.instances.addAccessConfig",
"compute.instances.deleteAccessConfig",
"compute.instances.get",
"compute.instances.list",
"compute.networks.useExternalIp",
"compute.subnetworks.useExternalIp",
"compute.zones.list",
]
<!--NeedCopy-->
How to deploy a VPX HA pair on Google Cloud Platform
Here’s a summary of the HA deployment steps:
- Create three VPC networks in the same region. For example, Asia-east.
- Create two VPX instances (primary and secondary nodes) on the same region. They can be in the same zone or different zones. For example Asia east-1a and Asia east-Ib.
- Configure HA settings on both instances by using the Citrix ADC GUI or ADC CLI commands.
Note:
Stayprimary
andStaysecondary
settings are not supported for high availability deployment on the Google Cloud Platform.
Step 1. Create three VPC networks
Create three VPC networks for associating with management NIC, client NIC, and server NIC. To create a VPC network, log on the Google console > Networking > VPC network > Create VPC Network. Complete the required fields, and click Create. For more information, see the section “Create VPC Networks” in Deploy a Citrix ADC VPX instance on Google Cloud Platform.
Step 2. Create two VPX instances
Create two VPX instances by following the steps given in Scenario: deploy a multi-NIC, multi-IP standalone VPX instance.
Important:
Assign a static external IP address to the client IP address (VIP) of the primary node. To create a static external, under Network interface > External IP, click Create IP address.
After the failover, when the old primary becomes the new secondary, the static external IP address moves from the old primary and is attached to the new primary. For more information, see the Google cloud document Reserving a Static External IP Address.
After you’ve configured the VPX instances, you can configure the required IP addresses. For more information, see Configuring Citrix ADC-owned IP addresses.
Step 3. Configure high availability
After you’ve created the instances on Google Cloud Platform, you can configure HA by using the Citrix ADC GUI for CLI.
Configure HA by using the GUI
Step 1. Set up high availability in INC mode on both the instances.
- Log on to the primary node with user name
nsroot
and instance ID as password. - From the GUI, go to Configuration > System > High Availability. Click Add.
- At the Remote Node IP address field, add the private IP address of the management NIC of the secondary node.
- Select Turn on INC (Independent Network Configuration) mode on self-node.
- Under Remote System Login Credential, add the user name and password for the secondary node and click Create.
- Repeat the steps in the secondary node.
Step 2. Add IP set and bind IP set to the VIP set on both the instances.
- From the GUI, navigate to System > Network > IPs > Add.
- Add the required values for IP Address, Netmask, IP Type (virtual IP) and click Create.
- Navigate to System > Network > IP Sets > Add. Add an IP set name and click Insert.
- From the IPV4s page, select the virtual IP and click Insert. Click Create to create the IP set.
Note:
You can bind the IP set to the primary VIP or to the secondary VIP. However, if you bind the IP set to the primary VIP, use the secondary VIP to add to the virtual server, and conversely.
Step 3. Add a virtual server in the primary instance.
- From the GUI, go to Configuration > Traffic Management > Load Balancing > Virtual Servers > Add.
Save the configuration. Now, the secondary node has the same log-on credentials as the primary node. After a forced failover, the secondary becomes the new primary. The external static IP of the old primary VIP moves to the new secondary VIP.
Configure high availability using CLI
Step 1. Set up high availability in INC mode in both the instances by using the Citrix ADC CLI.
On the primary node, type the following command.
add ha node 1 <sec_ip> -inc ENABLED in primary
<!--NeedCopy-->
On the secondary node, type the following command.
add ha node 1 <prim_ip> -inc ENABLED in secondary
<!--NeedCopy-->
sec_ip
Refers to the private IP address of the management NIC of the secondary node.
prim_ip
Refers to the private IP address of the management NIC of the primary node.
Step 2. Add IP set in both the instances.
Type the following command on both the instances:
add ipset <ipsetname>
<!--NeedCopy-->
Step 3. Bind IP set to the VIP set on both the instances.
Type the following commands on both the instances:
add ns ip <secondary vip> <subnet> -type VIP
<!--NeedCopy-->
Note:
Skip this command if the VIP is already configured.
bind ipset <ipsetname> <secondary VIP>
<!--NeedCopy-->
Note:
You can bind the IP set to the primary VIP or to the secondary VIP. However, if you bind the IP set to the primary VIP, use the secondary VIP to add to the virtual server, and conversely.
Step 4. Add a virtual server on the primary instance.
Type the following command:
add <server_type> vserver <vserver_name> <protocol> <primary_vip> <port> -ipset <ipset_name>
<!--NeedCopy-->
Note:
To save your configuration, type the command
save config
. Otherwise, the configurations are lost after you restart the instances.
GDM templates to deploy a VPX high-availability pair on GCP
You can use a Citrix ADC Google Deployment Manager (GDM) template to deploy a VPX high-availability pair on GCP. For details, see Citrix ADC GDM Templates.