Product Documentation
ADC
Current Release 13.1 13.0 12.1
View PDF

Configure to source Citrix ADC FreeBSD data traffic from a SNIP address

September 14, 2021
Contributed by:
S

Some Citrix ADC data features run on the underlying FreeBSD OS instead of on the Citrix ADC OS. Because of this reason, these features send traffic sourced from the Citrix ADC IP (NSIP) address instead of sourced from a SNIP address. Sourcing the data traffic from the NSIP address is not desirable if your setup has configurations to separate all management and data traffic.

The following Citrix ADC data features run on the underlying FreeBSD OS and send traffic sourced from the Citrix ADC IP (NSIP) address:

  • Load balancing scriptable monitors
  • GSLB autosync

To resolve this issue, you can use the global Layer-2 parameter:useNetprofileBSDtraffic. When you enable this parameter, the Citrix ADC features send traffic sourced from one of the SNIP addresses in a net profile associated with the feature.

Before you begin

Before configuring the Citrix ADC appliance to source Citrix ADC features related traffic from a SNIP address, note the following points:

  • Currently, the global Layer-2 parameteruseNetprofileBSDtrafficis supported only for load balancing scriptable monitors.

    For configuring the Citrix ADC appliance to source GSLB autosync traffic from a SNIP address, you can use extended ACL rules and RNAT rules as a workaround.

  • TheuseNetprofileBSDtrafficsupport for load balancing scriptable monitors is applicable only for net profiles bound to the related services. TheuseNetprofileBSDtrafficsupport is not applicable for net profiles bound to the related service groups.

    In other words, the Citrix ADC appliance does not use any SNIP address from the net profiles bound to the service groups for sourcing load balancing scriptable monitors traffic.

  • TheuseNetprofileBSDtrafficsupport is not applicable for SSL services.

    In other words, the Citrix ADC appliance does not use any SNIP address from the net profiles bound to the SSL services for sourcing load balancing scriptable monitors traffic.

Configure the Citrix ADC appliance to source scriptable monitors traffic from a SNIP address

Configuring the Citrix ADC appliance to source scriptable monitors traffic from a SNIP address consists of the following tasks:

  • Enable the global Layer-2 parameteruseNetprofileBSDtraffic.
  • Create a net profile and bind at least one SNIP address to it.
  • 网络配置文件绑定到负载平衡服务s that are using scriptable monitors.

To enable the Layer-2 parameter useNetprofileBSDtraffic by using the CLI:

At the command prompt, type:

  • set l2param-useNetprofileBSDtraffic(ENABLED/DISABLED)
  • show l2param

To Create a net profile and bind SNIP addresses to it by using the CLI:

At the command prompt, type:

  • add netProfile -srcIP
  • show netProfile

To bind a net profile to a load balancing service by using the CLI:

At the command prompt, type:

  • set service -netProfile
  • show service

Sample configuration

The following sample configuration enables a Citrix ADC appliance to source scriptable monitors traffic from a SNIP address. A net profile NETPROFILE-1 is configured with SNIP address 198.51.100.20 bound to it. A user/scriptable monitor USER-MONITOR-1 is created and is bound to a load balancing service SERVICE-1. NETPROFILE-1 is bound to SERVICE-1. The Citrix ADC appliance sources all scriptable monitors packets of USER-MONITOR-1 from SNIP address 198.51.100.20.

set l2param -useNetprofileBSDtraffic ENABLED set netprofile NETPROFILE-1 -srcip 198.51.100.20 add lb monitor USER-MONITOR-1 USER -scriptName nsftp.pl -scriptArgs "file=Index.gif;user=nsroot;password=nsroot" -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -destIP 203.0.113.90 -destPort 21 bind service SERVICE-1 -monitorName USER-MONITOR-1 set service SERVICE-1 -netProfile NETPROFILE-1

Configure the Citrix ADC appliance to source GSLB autosync traffic from a SNIP address

Configuring the Citrix ADC appliance to source GSLB autosync traffic from a SNIP address consists of the following workaround tasks:

  • Create an extended ACL rule. An extended ACL rule identifies the GSLB autosync packets. This identification is based on the source IP and destination IP addresses.
  • Apply ACLs. Applying ACLs activates the newly created ACL rule.
  • Create an ACL based RNAT rule. An RNAT rule changes the source IP address of these packets from the NSIP address to a SNIP address.

Note:

In a high availability or cluster setup, you must add ACL and RNAT rules for all the NSIP addresses of the setup.

To create an extended ACL by using the CLI:

At the command prompt, type:

  • add aclALLOW-srcIP= -destIP=
  • show acl

To apply extended ACLs by using the CLI:

At the command prompt, type:

  • apply acls

To create an ACL based RNAT rule by using the CLI:

At the command prompt, type:

  • add rnat
  • bind rnat -natIP
  • show rnat

Sample configuration

The following sample configuration enables a Citrix ADC appliance to source GSLB autosync traffic from a SNIP address. ACL-2 identifies GSLB autosync packets, which are sourced from NSIP address 192.0.1.20 and destined to GSLB site IP address 203.0.113.20. RNAT-2 changes the source IP address to SNIP address 198.51.100.20 for these identified packets.

add acl ACL-2 ALLOW -srcIP = 192.0.1.20 -destIP = 203.0.113.20 apply acls add rnat RNAT-2 ACL-2 bind rnat RNAT-2 -natIP 198.51.100.20
Configure to source Citrix ADC FreeBSD data traffic from a SNIP address
September 14, 2021
Contributed by:
S
September 14, 2021
Contributed by:
S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999-Cloud Software Group, Inc. All rights reserved.