Product Documentation
ADC
Current Release 13.1 13.0 12.1
View PDF

Use case 7: Configure load balancing in DSR mode by using IP Over IP

January 22, 2021
Contributed by:
C S

您可以配置您的Citrix ADC设备使用direct server return (DSR) mode across Layer 3 networks by using IP tunneling, also calledIP over IPconfiguration. As with standard load balancing configurations for DSR mode, this allows servers to respond to clients directly instead of using a return path through the Citrix ADC appliance, improving response times and throughput. As with standard DSR mode, the Citrix ADC appliance monitors the servers and performs health checks on the application ports.

With IP over IP configuration, the Citrix ADC appliance and the servers do not need to be on the same Layer 2 subnet. Instead, the Citrix ADC appliance encapsulates the packets before sending them to the destination server. After the destination server receives the packets, it decapsulates the packets, and then sends its responses directly to the client.

To configure IP over IP DSR mode on your Citrix ADC appliance, you must do the following:

Configure a load balancing virtual server

Configure a virtual server to handle requests to your applications. Assign a service type of ANY and set the forwarding method to IPTUNNEL. Optionally, configure the virtual server to operate in sessionless mode. You can configure any load balancing method that you want to use.

To create and configure a load balancing virtual server for IP over IP DSR by using the command line interface

At the command prompt type the following command to configure a load balancing virtual server for IP over IP DSR and verify the configuration:

add lb vserver  serviceType  IPAddress  Port  -lbMethod  -m  -sessionless  show lb vserver

Example:

In the following example, we have selected the load balancing method as sourceIPhash and configured sessionless load balancing.

add lb vserver Vserver-LB-1 ANY 10.102.29.60 * -lbMethod SourceIPHash -m IPTUNNEL -sessionless enabled

To create and configure a load balancing virtual server for IP over IP DSR by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers.
  2. Create a virtual server, and specify Redirection Mode as IP Tunnel Based.

Configure services for IP over IP DSR

After creating your load-balanced server, You must configure one service for each of your applications. The service handles traffic from the Citrix ADC appliance to those applications, and allows the Citrix ADC appliance to monitor the health of each application.

You assign a service type of ANY and configure it for USIP mode. Optionally, you can also bind a monitor of type IPTUNNEL to the service for tunnel-based monitoring.

To create and configure a service for IP over IP DSR by using the command line interface

At the command prompt, type the following commands to create a service and optionally, create a monitor and bind it to the service:

add service     -usip  add monitor   -destip  -iptunnel  bind service  -monitorName

Example:

In the following example, we are creating a monitor of type IPTUNNEL:

add monitor mon-1 PING -destip 10.102.29.60 -iptunnel yes add service Service-DSR-1 10.102.30.5 ANY * -usip yes bind service Service-DSR-1 -monitorName mon-1

To configure a monitor by using the configuration utility

  1. Navigate toTraffic Management > Load Balancing > Monitors.
  2. Create a monitor, and selectIP Tunnel.

To create and configure a service for IP over IP DSR by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Services.
  2. Create a service and, in Settings, select Use Source IP Address.

To bind a service to a load balancing virtual server by using the command line interface

At the command prompt type the following command:

bind lb vserver

Example:

bind lb vserver Vserver-LB-1 Service-DSR-1

To bind a service to a load balancing virtual server by using the configuration utility

  1. Navigate toTraffic Management > Load Balancing > Virtual Servers.
  2. Open a virtual server, and click in theServicessection to bind a service to the virtual server.

Using the Client IP address in the Outer Header of Tunnel Packets

The Citrix ADC supports using the client IP address as the source IP address in the outer header of tunnel packets related to direct server return mode using IP tunneling. This feature is supported for DSR with IPv4 and DSR with IPv6 tunneling modes. For enabling this feature, enable theuse client source IP addressparameter for IPv4 or IPv6. This setting is applied globally to all the DSR configurations that use IP tunneling.

To use client IP address as the source IP address on outer header of IPv4 tunnel packets by using the CLI

At the command prompt, type:

  • set iptunnelparam-useclientsourceip[YES NO]
  • show iptunnelparam

To use client IP address as the source IP address on outer header of IPv4 tunnel packets by using the GUI

  1. Navigate toSystem > Network.
  2. InSettingstab, clickIPv4 Tunnel Global Settings.
  3. In theConfigure IPv4 Tunnel Global Parameterspage, selectUse Client Source IPcheck box.
  4. ClickOK.

To use client source IP address as the source IP address on outer header of IPv6 tunnel packets by using the CLI

At the command prompt, type:

  • set ip6tunnelparam-useclientsourceip[YES NO]
  • show ip6tunnelparam

To use client IP address as the source IP address on outer header of IPv6 tunnel packets by using the GUI

  1. Navigate toSystem > Network.
  2. InSettingstab, clickIPv6 Tunnel Global Settings.
  3. In theConfigure IPv6 Tunnel Global Parameterspage, selectUse Client Source IPcheck box.
  4. ClickOK.

Following is a sample load balancing configuration in DSR mode using IPv4 tunneling. LBVS-IPIP-1 is the load balancing virtual server, and services SERVICE-DSR-IPIP-1 and SERVICE-DSR-IPIP-2 are bound to LBVS-IPIP-1.

> set iptunnelparam -useclientsourceip YES Done >add service SERVICE-DSR-IPIP-1 192.0.2.91 ANY * -usip yes Done > add service SERVICE-DSR-IPIP-2 192.0.2.92 ANY * -usip yes Done >add lb vserver LBVS-IPIP-1 ANY 203.0.113.9 * -m IPTUNNEL Done >bind lb vserver LBVS-IPIP-1 Service-DSR-1 Done >bind lb vserver LBVS-IPIP-1 Service-DSR-2 Done

Decapsulator configuration

  • When a Citrix ADC appliance is used as a decapsulator, an IP tunnel must be created in the Citrix ADC appliance. For details, seeConfiguring IP Tunnels.

    Example configuration:

    add lb vserver v1 any 1.1.1.1 * -m IPTUNNEL add service s1 2.2.2.2 ANY * bind lb vserver v1 s1 add iptunnel tun1  netmask * add ns ip 1.1.1.1 255.255.255.255 –type vip –arp disabled add lb vserver v1 any 1.1.1.1 * add service s1  ANY * bind lb vserver v1 s1

  • When a back-end server is used as a decapsulator, the back-end configuration varies depending on the server type. The steps involved in configuring a back-end server as a decapsulator are;

  1. Configure a loop back interface.
  2. Add a route through tunnel interface.

Note: Make sure that the tunnel modules are installed in the system.

Example configuration:

In this example, 1.1.1.1 is the Citrix ADC virtual IP (VIP) address and 2.2.2.2 is the back end server IP address.

The VIP address is configured in the loopback interface and a route is added through the tunnel interface. Themodprobe ipipcommand is used for enabling the tunnel interface.

add lb vserver v1 ANY 1.1.1.1 80 -m IPTUNNEL add service svc1 2.2.2.2 ANY 80 -usip YES -useproxyport NO bind lb vserver v1 svc1 ifconfig lo inet 1.1.1.1 netmask 255.255.255.255 modprobe ipip echo 1 > /proc/sys/net/ipv4/conf/tunl0/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/tunl0/arp_announce ifconfig tunl0 1.1.1.1 netmask 255.255.255.255 up route add -host 1.1.1.1 dev tunl0
Use case 7: Configure load balancing in DSR mode by using IP Over IP
January 22, 2021
Contributed by:
C S
January 22, 2021
Contributed by:
C S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.