NetScaler VPX

FAQs

The following section helps you to categorize the FAQs based on Citrix Application Delivery Controller (ADC) VPX.

Feature and functionality

What is NetScaler VPX?

NetScaler VPX is a virtual ADC appliance that can be hosted on a Hypervisor installed on industry standard servers.

Does NetScaler VPX include all the web application optimization functionality as ADC appliances?

Yes. NetScaler VPX includes all load balancing, traffic management, application acceleration, application security (including NetScaler Gateway and Citrix Application Firewall), and offload functionality. For a complete overview of the NetScaler feature and functionality, see Application delivery your way.

Are there any limitations with Citrix Application Firewall when using it on NetScaler VPX?

Citrix Application Firewall on NetScaler VPX provides the same security protections as it does on NetScaler appliances. The performance or throughput of Citrix Application Firewall varies by platform.

Are there any differences between NetScaler Gateway on NetScaler VPX and NetScaler Gateway on NetScaler appliances?

Functionally, they are the same. NetScaler Gateway on NetScaler VPX supports all the NetScaler Gateway features available in NetScaler software release 14.1. However, because NetScaler appliances provide dedicated SSL acceleration hardware, it offers greater SSL VPN scalability than a NetScaler VPX instance.

Other than the obvious difference that NetScaler VPX can run on a hypervisor, how does it differ from NetScaler physical appliances?

There are two main areas where customers see differences in behavior. The first is NetScaler VPX cannot offer the same performance as many NetScaler appliances. The second is that while NetScaler appliances incorporate its own L2 networking functionality, NetScaler VPX relies upon the Hypervisor for its L2 networking services. Generally, it does not limit how the NetScaler VPX can be deployed. There can be certain L2 functionality that is configured on a physical NetScaler appliance must be configured on the underlying Hypervisor.

How does NetScaler VPX play a role in the Application Delivery market?

NetScaler VPX changes the game in the application delivery market in the following ways:

  • By making a NetScaler appliance even more affordable, NetScaler VPX enables any IT organization to deploy a NetScaler appliance. It is not just for their most mission-critical web applications, but for all of their Web applications.

  • NetScaler VPX allows customers to further converge networking and virtualization within their data centers. NetScaler VPX cannot only be used to optimize web applications hosted on virtualized servers. It also enables web application delivery itself to become a virtualized service that can be easily and rapidly deployed anywhere. IT organizations use the standard data center processes for tasks such as provisioning, automation, and charge-back for the web application delivery infrastructure.

  • NetScaler VPX opens up new deployment architectures that are not practical if only physical appliances are used. NetScaler VPX and NetScaler MPX appliances can be used basis, tailored to the individual needs of each respective application to handle processor-intensive actions such as compression and application firewall inspection. At the data center edge, NetScaler MPX appliances handle high-volume network-wide tasks such as initial traffic distribution, SSL encryption or decryption, denial of service (DoS) attack prevention, and global load balancing. Pairing high-performance NetScaler MPX appliances with easy-to-deploy NetScaler VPX virtual appliance brings unparalleled flexibility and customization capabilities to modern, large-scale, data center environments while also reducing overall data center costs.

How does NetScaler VPX fit into our Citrix delivery center strategy?

With the availability of NetScaler VPX, the entire Citrix delivery center offering is available as a virtualized offering. The entire Citrix delivery center benefits from the powerful management, provisioning, monitoring, and reporting capabilities available in Citrix XenCenter. This can be deployed rapidly into almost any environment, and managed centrally from anywhere. With one integrated, virtualized application delivery infrastructure, organizations can deliver desktops, client-server applications, and Web applications.

Encryption

Does NetScaler VPX support SSL offload?

Yes. However, NetScaler VPX does all SSL processing in software, so NetScaler VPX does not offer the same SSL performance as NetScaler appliances. NetScaler VPX can support up to 750 new SSL transactions per second.

Does third-party SSL cards installed on the server hosting NetScaler VPX accelerate SSL encryption or decryption?

No. Supporting third-party SSL cards cannot associate the NetScaler VPX to specific hardware implementations. It greatly diminishes an organizations ability to flexibly host NetScaler VPX anywhere within the data center. NetScaler MPX appliances must be used when more SSL throughput than NetScaler VPX provides is required.

Does NetScaler VPX support the same encryption ciphers as physical NetScaler appliances?

VPX supports all encryption ciphers as physical NetScaler appliances, except the ECDSA.

What is the SSL transactions throughput of NetScaler VPX?

See NetScaler VPX data sheet for information on SSL transactions throughput.

Pricing and packaging

How is NetScaler VPX packaged?

NetScaler VPX selection is similar to the selection of NetScaler appliances. First, the customer selects the NetScaler edition based on its functionality requirements. Then, the customer selects the specific NetScaler VPX bandwidth tier based on their throughput requirements. NetScaler VPX is available in Standard, Advanced, and Premium Editions. NetScaler VPX offers from 10 Mbps (VPX 10) to 100 Gbps (VPX 100G). More details can be found in the NetScaler VPX data sheet.

Is NetScaler VPX priced the same for all Hypervisors?

Yes.

Are the same NetScaler SKUs used for VPX on all Hypervisors?

Yes.

Can a NetScaler VPX license be moved from one Hypervisor to another (For example from VMware to Hyper-V)?

Yes. NetScaler VPX licenses are independent of the underlying Hypervisor. If you decide to move the NetScaler VPX virtual machine from one Hypervisor to another, you do not have to get a new license. However, you might need to rehost the existing NetScaler VPX license.

Can NetScaler VPX instances be upgraded?

Yes. Both the throughput limits and NetScaler family edition can be upgraded. Upgrade SKUs for both types of upgrade are available.

If I want to deploy NetScaler VPX in a high availability pair, how many licenses do I need?

As with NetScaler physical appliances, a NetScaler high availability configuration requires two active instances. Therefore, the customer must purchase two licenses.

NetScaler VPX Express and 90 day free trial

Does NetScaler VPX Express include all NetScaler standard functionality? Does it include NetScaler Gateway and load balancing for Citrix Virtual Apps (formerly XenApp) Web Interface and XML broker?

Yes. NetScaler VPX Express includes full NetScaler Premium functionality. Starting from NetScaler release 14.1–29.65, NetScaler modified the VPX Express behavior.

Does NetScaler VPX Express require a license?

With the latest NetScaler VPX Express release (14.1–29.65 and later), VPX Express is free to use and does not require a license file for installation or usage. There is no need for any commitment. If you already have a VPX Express license, the previous licensing behavior remains in effect. However, if you remove the existing VPX Express license file and use version 14.1–29.65 or later, the updated VPX Express behavior will apply.

Does the NetScaler VPX Express license expire?

With the new VPX express, there is no license and no expiry date. If you already have a VPX express license, the license expires one year after download.

Does NetScaler VPX Express support the same encryption ciphers as NetScaler MPX appliances?

For general availability, all the same strong encryption ciphers supported on NetScaler appliances are available on NetScaler VPX and NetScaler VPX Express. It is subjected to the same import or export regulations.

Can I file technical support cases for NetScaler VPX Express?

No. NetScaler VPX Express users are free to use both the NetScaler VPX Knowledge Center, and request help from the community using the discussion forums.

Can NetScaler VPX Express be upgraded to a retail version?

Yes. Simply purchase the retail NetScaler VPX license that you need, and then apply the corresponding license to the NetScaler VPX Express instance.

Hypervisor

What VMware versions do NetScaler VPX support?

NetScaler VPX supports both VMware ESX and ESXi for versions 3.5 or later. For more information, see Support matrix and usage guidelines

For VMware, how many virtual network interfaces can you allocate to a VPX?

You can allocate up to 10 virtual network interfaces to a NetScaler VPX.

From vSphere, how can we access the NetScaler VPX command line?

The VMware vSphere client provides built-in access to the NetScaler VPX command line through a console tab. Also, you can use any SSH or Telnet client to access the command line. You can use the NSIP address of the NetScaler VPX in the SSH or Telnet client.

How can you access the NetScaler VPX GUI?

To access the NetScaler VPX GUI, type the NSIP of the NetScaler VPX, for example, http://NSIP address in the address field of any browser.

Can two NetScaler VPX instances installed on the same VMware ESX be configured in a high availability setup?

Yes, but it is not recommended. A hardware failure would affect both NetScaler VPX instances.

Can two NetScaler VPX instances running on two different VMware ESX systems be configured in a high availability setup?

Yes. It is recommended in a high availability setup.

No. Interface-related events are not supported.

For the VMware, are tagged VLANs supported on NetScaler VPX?

Yes. NetScaler tagged VLANs are supported on NetScaler VPX from release 11.0 and higher. For more information, see the NetScaler documentation.

No. Link Aggregation and LACP are not supported for NetScaler VPX. Link aggregation must be configured at the VMware level.

How do we access NetScaler VPX documentation?

The documentation is available from the NetScaler VPX GUI. After logging in, select the Documentation tab.

Capacity planning or sizing

What performance can I expect with NetScaler VPX?

NetScaler VPX offers good performance. See NetScaler VPX data sheet for a specific performance level achievable using NetScaler VPX.

Given that server CPU power varies, how can we estimate the maximum performance of a NetScaler instance?

Using a faster CPU can result in higher performance (up to the maximum allowed by the license), while using a slower CPU can certainly limit the performance.

Are NetScaler VPX bandwidth or throughput limits for inbound only traffic, or both inbound and outbound traffic?

NetScaler VPX bandwidth limits are enforced for traffic inbound to the NetScaler only, regardless of whether the request traffic or response traffic. It indicates that a NetScaler VPX-1000 (for example) can process both 1 Gbps of inbound traffic and 1 Gbps of outbound traffic simultaneously. Inbound and outbound traffic is not the same as request and response traffic. To the NetScaler, both traffic coming from endpoints (request traffic) and traffic coming from origin servers (response traffic) is “inbound” (that is, coming into the NetScaler).

Can multiple instances of NetScaler VPX be run on the same server?

Yes. However, ensure that the physical server has enough CPU and I/O capacity to support the total workload running on the host, or NetScaler VPX performance can be impacted.

If more than one instance of NetScaler VPX is running on a physical server, what is the minimum hardware requirement per NetScaler VPX instance?

Each NetScaler VPX instance must be allocated 2 GB of physical RAM, 20 GB of hard disk space, and 2 vCPUs. For critical deployments, we do not recommend 2 GB RAM for VPX because the system operates in a memory-constrained environment. This might lead to scale, performance, or stability related issues. The recommended is 4 GB RAM or 8 GB RAM.

Note:

The NetScaler VPX is a latency-sensitive, high-performance virtual appliance. To deliver its expected performance, the appliance requires vCPU reservation, memory reservation, vCPU pinning on the host. Also, hyper threading must be disabled on the host. If the host does not meet these requirements, issues such as high-availability failover, CPU spike within the VPX instance, sluggishness in accessing the VPX CLI, pit boss daemon crash, packet drops, and low throughput occur.

Make sure that every VPX instance meets the predefined conditions.

Can I host NetScaler VPX and other applications on the same server?

Yes. For example, NetScaler VPX, Citrix Virtual Apps Web Interface and Citrix Virtual Apps XML Broker can all be virtualized and can run on the same server. For best performance, ensure that the physical host has enough CPU and I/O capacity to support all the running workloads.

Will adding CPU cores to a single NetScaler VPX instance increase the performance of that instance?

Yes, adding CPU cores can improve NetScaler VPX performance, provided the NetScaler VPX instance is licensed for the extra vCPUs. NetScaler VPX can support up to 20 vCPUs (for 41 Gbps - 100 Gbps performance), depending on the configuration and performance tier. More vCPUs can help increase throughput, especially in high-performance scenarios. However, the impact on performance also depends on factors like the network drivers (for example, PCI passthrough or SR-IOV) and the specific workload. For information on number of vCPUs supported for different VPX performance tiers, see NetScaler VPX data sheet.

Why NetScaler VPX looks like consuming more than 90% of the CPU even though it is idle?

It is normal behavior and NetScaler appliances exhibit the same behavior. To see the true extent of NetScaler VPX CPU utilization, use the stat CPU command in the NetScaler CLI, or view NetScaler VPX CPU utilization from the NetScaler GUI. The NetScaler packet processing engine is always “looking for work,” even when there is no work to be done. Therefore, it does everything to take control of the CPU and not release it. On a server installed with NetScaler VPX and nothing else, results in looking like (from the Hypervisor perspective) that NetScaler VPX is consuming the entire CPU. Looking at the CPU utilization from “inside NetScaler” (by using the CLI or the GUI) provides a picture of NetScaler VPX CPU capacity being used.

System requirements

What are the minimum hardware requirements for NetScaler VPX?

The following table explains the minimum hardware requirements for NetScaler VPX.

Type Requirements
Processor Dual core server with Intel Xeon or AMD EPYC.
Memory Minimum 2 GB. However, 4 GB is recommended.
Disk Minimum 20 GB hard drive.
Hypervisor Citrix Hypervisor 5.6 or later, VMware ESX/ESXi 3.5 or later, or Windows Server 2008 R2 with Hyper-V
Network Connectivity 100 Mbps minimum, but 1 Gbps is recommended.
NIC A NIC compatible with the Hypervisor you are using.

Note:

For critical deployments, 4 GB memory is preferred for NetScaler VPX. With 2 GB memory, NetScaler VPX operates in a memory-constrained environment. This might lead to scale, performance, or stability related issues.

For more information on system requirements, see NetScaler VPX data sheet.

Note:

From NetScaler 13.1 release onwards, the NetScaler VPX instance on VMware ESXi hypervisor supports AMD EPYC processors.

What is the Intel VT-x?

These features, sometimes referred to as “hardware assist” or “virtualization assist”, trap sensitive or privileged CPU instructions run by the guest OS out to the Hypervisor. This simplifies hosting guest OSs (BSD for a NetScaler VPX) on the Hypervisor.

How common are VT-x?

Many servers have virtualization assistance features (such as VT-x or AMD-V) disabled by default in the BIOS settings. Before concluding that you cannot run NetScaler VPX, check the BIOS configuration. If virtualization support is disabled, you may need to enable it in the BIOS to ensure your server can properly run virtualized applications like NetScaler VPX.

Is there a hardware compatibility list (HCL) for NetScaler VPX?

As long as the server supports Intel VT-x, NetScaler VPX must run on any server compatible with the underlying Hypervisor. See the Hypervisor HCL for a comprehensive list of supported platforms.

What version of NetScaler OS is NetScaler VPX based on?

NetScaler VPX is based on NetScaler 9.1 or later releases.

Since NetScaler VPX runs on BSD, can it be run natively on a server with BSD Unix installed?

No. NetScaler VPX requires the Hypervisor to run. Detailed Hypervisor supports can be found in NetScaler VPX data sheet.

Other technical FAQs

LACP is not supported. For the Citrix Hypervisor, Static link aggregation is supported and has limits of four channels and seven virtual interfaces. For VMware, static link aggregation is not supported within NetScaler VPX, but can be configured at the VMware level.

Is MAC based forwarding (MBF) supported on VPX? Is there any change from the NetScaler appliance implementation?

MBF is supported and it behaves the same way as with the NetScaler appliance. The Hypervisor basically switches all the packets received from NetScaler VPX to the outside and conversely.

How is the NetScaler VPX upgrade process carried out?

Upgrades are performed the same way as for NetScaler appliances: download a kernel file and use install ns or the upgrade utility in the GUI.

How are flash and disk space allocated? Can we change it?

/flash = 965M /var = 14G A minimum of 2 GB memory must be allocated to each NetScaler VPX instance. The NetScaler VPX disk image was sized at 20 GB for serviceability purposes such as, room for taking and storing up to 4 GB core dumps, and log and trace files. While it would be possible to generate a smaller disk image, there are no plans to do this currently. /flash and /var are both in the same disk image. They’re kept as separate file systems for compatibility purposes. For detailed memory allocation recommendation, refer to NetScaler VPX data sheet.

Can we add a new hard drive to increase space on NetScaler VPX instance?

Yes. From NetScaler release 13.1 build 21.x onwards, you have the option to increase disk space on the NetScaler VPX instance by adding a second disk. When you attach the second disk, the “/var/crash” directory is automatically mounted on to this disk. The second disk is used for storing core files and logging. Existing directories that are used to store core files and log files continue to work as earlier.

Note:

Take external backup on downgrade of the NetScaler appliance to avoid loss of data.

For information on how to attach a new hard disk drive (HDD) to a NetScaler VPX instance on a cloud, see the following:

Warning:

After you add a new HDD to NetScaler VPX, some of the scripts that work on files, which are moved to the new HDD might fail under the following conditions:

If you use the “link” shell command to create hard links to the files, which were moved to a new HDD.

Replace all such commands with “ln -s” to use a symbolic link. Also, modify the failing scripts accordingly.

Can I increase the primary disk size on NetScaler VPX?

Starting from NetScaler release 14.1 build 21.x, admins can dynamically increase the primary disk size on NetScaler VPX from 20 GB up to 1 TB at once. And the subsequent time, you can again increase up to 1 TB. To increase the disk space, extend the primary disk size to a minimum of 1 GB in the respective cloud or hypervisor UI.

Note:

You can only increase the size of the disks. Once the new size is allocated, you cannot decrease it later. Therefore, increase the disk size only if it is essential.

How do I manually increase the primary disk size on NetScaler VPX?

Follow these steps to manually increase the VPX primary disk size from a hypervisor or cloud:

  1. Shutdown the VM.
  2. Extend the default disk size of 20 GB to a higher value. For example, 20 GB to 30 GB or 40 GB. For Azure, extend the default disk size of 32 GB to 64 GB.
  3. Power on the VM and enter the boot prompt.
  4. Log into single user mode using the “boot -s” command.
  5. Verify the disk space. You can check the newly allocated disk space using “gpart show” command.
  6. Note the partition name. For example, the VM partition is da0.
  7. Resize the disk partition using the “gpart resize” command.

    Example: Let’s resize the da0 MBR partition to include 10 GB free space by running the following command.

    gpart resize -i 1 da0

  8. Merge the free space to the last partition.

    Example:

    gpart resize -i 5 da0s1

  9. Extend the filesystem to include newly allocated free space using the “growfs” command.

    Example:

    growfs /dev/ada0s1e

  10. Reboot the VM and verify the increased disk space using the “df -h” command on shell prompt.

What can we expect to regard the NetScaler VPX build numbering and interoperability with other builds?

NetScaler VPX has similar build numbering as the 9.1. Cl (classic) and 9.1. Nc (nCore) releases, for instance 9.1_97.3.vpx, 9.1_97.3.nc, and 9.1_97.3.cl.

Can the NetScaler VPX be a part of a high availability setup with a NetScaler appliance?

Not a supported configuration.

No. You can add up to seven interfaces (10 for VMware) through the NetScaler VPX configuration utility with only one physical NIC on the Hypervisor.

Can Citrix Hypervisor XenMotion or VMware vMotion or Hyper-V live migration be used to move active instances of NetScaler VPX?

NetScaler VPX does not support Hyper-V live migration. vMotion is supported starting from the NetScaler release 13.0. Live Migration (formerly XenMotion) is supported starting from the NetScaler release 14.1 build 17.38.

FAQs