Product Documentation
NetScaler VPX
14.1-Current Release 13.1 13.0 12.1
View PDF

Deploy a NetScaler VPX HA pair in Azure using the secondary IP configurations

November 21, 2024
Contributed by: 
C C

You can deploy a NetScaler VPX high availability pair in Azure with both NetScaler VPX instances on the same virtual network (VNET), using the secondary IP configurations of the network interfaces (NICs). This HA deployment eliminates the need for the Azure Load Balancer (ALB). During failover, the secondary private IP addresses assigned to the client-side and server-side NICs of the primary node are migrated to the secondary node. All the public IP addresses associated with these secondary private IP addresses are also moved accordingly.

Important:

Before starting the deployment, ensure that your Azure environment meets the necessary prerequisites to avoid any issues during the setup.

The following are some of the benefits of using secondary IP configurations:

  • Simplified failover: Secondary IP addresses enable automatic migration of virtual IP addresses (VIPs) and subnet IP addresses (SNIPs) between HA nodes, ensuring seamless failover without the need for external load balancing.
  • Scalability: Multiple IP addresses can be assigned to a single NIC, allowing flexible traffic routing and scaling of services within the same VM.
  • Resilience: The ability to reassign secondary private IP addresses between nodes enhances network availability and provides quick recovery during node failure.
  • Cost efficiency: By eliminating the need for an ALB, you reduce infrastructure costs while maintaining high availability and traffic management within the same subnet.

The following illustration depicts an HA failover scenario by migrating secondary private IP addresses.

Azure HA pip migration

Prerequisites to deploy a NetScaler VPX HA pair using Azure secondary IP configurations

Ensure that your subscription has the new Azure control plane enabled.

Note:

If the new Azure control plane is not enabled for your subscription, high-availability deployments may experience extended failover times. In such cases, contact Azure support for assistance in enabling the new control plane.

How to deploy a NetScaler VPX HA pair using Azure secondary IP configurations

To deploy a NetScaler VPX HA pair using the secondary IP configurations in Azure, follow these steps:

  1. Deploy two NetScaler VPX instances in Azure, each with three network interfaces.
  2. Assign a managed identity to both the NetScaler VPX instances.
  3. Assign Azure secondary IP configurations to the client and server network interfaces of the primary node.
  4. Configure the VIP and SNIP on the primary node using the Azure private IP address from the secondary IP configuration.
  5. Set the primary IP address of the server interface’s private IP configuration as the SNIP on both the primary and secondary nodes.
  6. Configure HA on both nodes.

Step 1. Deploy two NetScaler VPX instances (primary and secondary nodes) on the same VNet. Ensure that each NetScaler VPX instance has three NICs (Ethernet 0, Ethernet 1, Ethernet 2).

For detailed steps, see Deploy two VPX instances on Azure.

Step 2. Assign a managed identity to both the NetScaler VPX instances.

Note:

The Azure service principal is not supported for this feature.

For details, see Managed identities for Azure resources.

Step 3. On the primary node, assign private IP addresses to Ethernet 1 (client IP or VIP) and Ethernet 2 (back-end server IP or SNIP).

The Azure portal automatically assigns primary private IP addresses to the configured NICs. To assign more private IP addresses for the VIP and SNIP network interfaces, use secondary IP configurations.

To assign a secondary IP configuration to a network interface in Azure, follow these steps:

  1. Log in to the Azure Portal and navigate to Virtual Machines.
  2. Select the virtual machine associated with the network interface.
  3. In the virtual machine settings, go to Network settings and select the NIC to which you want to add a secondary private IP address.
  4. In the Network Interface settings, click the IP configurations tab.
  5. Click Add to assign a secondary private IP address.
  6. Enter a specific IPv4 or IPv6 address within the subnet range for the instance, or leave the field blank to allow Azure to automatically assign an IP address.
  7. (Optional) Select Allow reassignment to enable the secondary private IP address to be reassigned if already in use by another network interface.
  8. Click Add or Save to apply the changes.

Step 4. Configure VIP and SNIP on the primary node using the private IP addresses from the secondary IP configuration.

  1. Access the primary node using SSH. Open an SSH client and run the following command:

    ssh -i <location of your private key> nsroot@<public DNS of the instance>
<!--NeedCopy-->

  2. Configure the VIP and SNIP addresses.

    For configuring the VIP address, run the following command:

    add ns ip <IPAddress> <netmask> -type VIP
<!--NeedCopy-->

    Example:

    add ns ip 192.0.2.11 255.255.255.0 -type VIP
<!--NeedCopy-->

    For configuring the SNIP address, run the following command:

    add ns ip <IPAddress> <netmask> -type SNIP
<!--NeedCopy-->

    Example:

    add ns ip 192.0.3.11 255.255.255.0 -type SNIP
<!--NeedCopy-->

  3. Save the configuration by running the save config command.

  4. Verify the configured IP addresses using the following command:

    show ns ip
<!--NeedCopy-->

Step 5: Configure the primary private IP address of the server interface as a SNIP on both the nodes.

  1. Access the primary node using SSH. Open an SSH client and run the following command:

    ssh -i <location of your private key> nsroot@<public DNS of the instance>
<!--NeedCopy-->

    Example:

    ssh -i ~/.ssh/mykey.pem nsroot@primary-instance.eastus.cloudapp.azure.com
<!--NeedCopy-->

  2. Configure the primary private IP address of Ethernet 2 (back-end server NIC) on the primary node as SNIP:

    add ns ip <private IPaddress of node 1> <netmask> -type SNIP
<!--NeedCopy-->

    Example:

    add ns ip 192.0.3.10 255.255.255.0 -type SNIP
<!--NeedCopy-->

  3. Configure primary private IP address of Ethernet 2 (back-end server NIC) on the secondary node as SNIP:

    add ns ip <private IPaddress of node 2> <netmask> -type SNIP
<!--NeedCopy-->

    Example:

    add ns ip 192.0.3.20 255.255.255.0 -type SNIP
<!--NeedCopy-->

Step 6: Configure HA on both nodes.

  1. On the primary node, open a Shell client and run the following command:

    add ha node <peer node id> <private IP address of the management NIC of the secondary node>
<!--NeedCopy-->

    Example:

    add ha node 1 192.0.1.20
<!--NeedCopy-->

  2. On the secondary node, run the following command:

    add ha node <peer node id> <private IP address of the management NIC of the primary node>
<!--NeedCopy-->

    Example:

    add ha node 1 192.0.1.10
<!--NeedCopy-->

  3. Save the configuration by running the save config command.

  4. Verify the configured HA nodes by running the show ha node command.

    During failover, the secondary IP configurations for the VIP and SNIP network interfaces are moved from the previous primary node to the new primary node.

Deploy a NetScaler VPX HA pair in Azure using the secondary IP configurations
November 21, 2024
Contributed by: 
C C
November 21, 2024
Contributed by: 
C C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.