NetScaler ADC Admin Partitions Validated Reference Design Part 2
September 12, 2022
Author: Luis Ugarte, Beth Pollack
Service provider admin partitions use case
The Service Provider hosts Microsoft applications and provides the IIS, SharePoint, and MSSQL applications as a service. Their customers typically have these requirements:
Customer requirements
- Customer 1: Accesses database server and their read/write split is 90:10 and end customer wants to configure custom SQL-related filters
- Customer 2: Accesses web app through SSL and end customer wants control over their SSL certificates
- Customer 3: Accesses hosted SharePoint from Service Provider
The Service Provider hosts a portal for their customer to:
- Select the application it wants to host
- Bandwidth requirements
The Service Provider hosts a portal for their customer to:
- Select the application it wants to host
- Bandwidth requirements
- Connections
Based on the selection, the Service Provider can configure the appropriate partitions with configurations related to specific applications in the back-end using NITRO APIs.
Based on the application selected by the customer, choose the appropriate option.
- Web app using SSL
- SSL certificate option to be bound to VIP
- HTTP to HTTPS redirect
- SSL Profile related parameters
- SQL
- SQL related filters that customer wants to configure
- SharePoint
- Caching memory limit and rules
- Compression policies
The Service Provider follows one of the two options to implement the exact requirements after the creation of Admin Partitions.
Configuration option 1:
The Service Provider gathers the requests from the customer and executes them on the respective partition.
Configuration option 2:
Automate Admin Partitions using NITRO APIs. Inputs can be gathered from front-end portal and in the back-end NITRO APIs can be executed to configure the partitions.
Feature considerations
Feature Support: Admin Partition is supported for most of the features and only not supported for a few features. For the exact list, refer to Citrix Docs and check in the particular software release. It will contain a table which lists the supportability matrix.
Configuration limitations. Administration Partitions is not supported in:
- Clustering
- MPX-FIPS appliance
Conclusion
The key benefit of Admin Partitions is to enable the separation of the ADC at the software level and provide a secure, isolated user experience to each partition owner.
Additional resources
Troubleshooting tools
Common Issues in Admin Partition:
Admin partition on VPX on ESX:
- Non-default partition not reachable when custom MAC address is configured.
- Solution: promiscuous mode needs to be enabled on ESX for the non-default partition to work.
Configuration failure:
- Configuration might fail to throw the error Input files not present.
- Relative path needs to be used and not the absolute path.
VLAN configuration:
- Admin Partition VLAN supports tagged VLAN, so when the VLAN is tagged, the switch to which the Citrix ADC Interface is connected should be configured with appropriate VLAN. For untagged VLAN, use the shared VLAN configuration
Integrated cache memory allocation
To configure integrated caching (IC) on a partitioned Citrix ADC, after defining the IC memory on the default partition, the super user can configure the IC memory on each admin partition such that the total IC memory allocated to all admin partitions does not exceed the IC memory defined on the default partition. The memory that is not configured for the admin partitions remains available for the default partition.
For example, if a Citrix ADC appliance with two admin partitions has 10 GB of IC memory allocated to the default partition, and IC memory allocation for the two admin partitions is as follows:
- Partition1: 4 GB
- Partition2: 3 GB
Then, the default partition has 10 - (4 + 3) = 3 GB of IC memory available for use.
Note:
If all IC memory is used by the admin partitions, no IC memory is available for the default partition.
Commands for checking memory usage
- Stat system memory within partition will show aggregated system level memory allocation for the partition and stat partition name will show the percentage of memory used within partition.
>add partition p1Done>switch partition p1Donep1> stat system memorydone
Citrix ADC Memory Information:
Maximum Memory Available (MB): 50
Memory Currently Available (MB): 50
Memory Allocated (MB) 7
Memory Allocated (%) 14.95
InUse Memory (MB) 7
InUse Memory (%) 14.95
Free Memory (MB) 42
>stat partition p1
Partition(s) Summary
MinBW MaxBW MaxConn MaxMem
p1 10240 10240 1024 10
Partition Stats:
Rates (/s) Total
Current Bandwidth -- 0
Current Connections -- 0
Memory Usage (%) -- 14
Total Packet Drops 0 7
Total Drops (KB) 0 0
Total Connection Drops 0 0
- Configuration memory: Since each configuration is replicated in every Packet Engine accordingly memory gets allocated inside every Packet Engine. For example, if “add lb vserver” command takes around 10KB in peach Packet Engine and we created 10MB partition in a 5 – Packet Engine system, then in total it consumes 50KB of partition memory.
- Precise value of memory requirement for a specic configuration can be measured by applying the configuration and running following command on Citrix ADC shell:
root@ns# nsconmsg -s nspartid=1 -g mem_cur_used -d currentDisplaying performance informationCitrix ADC V20 Performance DataCitrix ADC NS11.0: Build 65.572.nc, Date: Apr 7 2016, 10:32:51reltime:mili second between two records Thu Feb 23 13:44:27 2017Index rtime totalcount-val delta rate/sec symbol-name&device-no 0 7000 7881865 6403 5333 mem_cur_usedsize partition_ctx(p1) (PART-1)
In this experiment, around 9KB of memory is used in PPE-0 for Partition ID 1. Every Partition configured on Citrix ADC has a unique ID.
The following command allows to measure memory estimation for complete system (including all Packet Engines) for a given Partition.
root@ns# nsconmsg -s nspartid=1 -g mem_cur_used -d currentDisplaying performance informationCitrix ADC V20 Performance DataCitrix ADC NS11.0: Build 65.572.nc, Date: Apr 7 2016, 10:32:51 reltime:mili second between two records Thu Feb 23 13:44:27 2017Index rtime totalcount-val delta rate/sec symbol-name&device-no 0 7000 7881865 6403 5333 mem_cur_usedsize partition_ctx(p1) (PART-1)
List of SNMP traps introduced in Citrix ADC 12.0
Trap Name | Description |
partitionCONNLimitExceeded | Partition’s connection limit is exhausted and new connections are getting dropped |
partitionCONNLimitNormal | Partition can now accept new connections |
partitionBWLimitExceeded | Partition’s BW limit is exhausted and packets are getting dropped |
paritionBWThresholdReached | Current BW Usage >= 80% |
partitionCONNThresholdReached | Current active connection count >= 80% |
paritionCONNThresholdNormal | Current active connection count <= 60% |
partitionMEMThresholdReached | Current memory usage of PE >= 80% |
partitionMEMThresholdNormal | Current memory usage of PE <= 60% |
partitionMEMLimitExceeded | Current memory usage of PE >= 95% |
Additional references
Exchange Client Network Bandwidth Calculator Beta
How Much Bandwidth do I Need to run Microsoft Online Services
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now