Jump to content
  • NetScaler ADC Admin Partitions Validated Reference Design Part 2


    Guest
    • Validation Status: Validated
      Summary: NetScaler ADC Admin Partitions Validated Reference Design Part 2
      Has Video?: No

    NetScaler ADC Admin Partitions Validated Reference Design Part 2

    September 12, 2022

     

    Continued from Part 1

    Author:  Luis Ugarte, Beth Pollack

    Service provider admin partitions use case

    The Service Provider hosts Microsoft applications and provides the IIS, SharePoint, and MSSQL applications as a service. Their customers typically have these requirements:

    Customer requirements

    • Customer 1: Accesses database server and their read/write split is 90:10 and end customer wants to configure custom SQL-related filters

       

    • Customer 2: Accesses web app through SSL and end customer wants control over their SSL certificates

       

    • Customer 3: Accesses hosted SharePoint from Service Provider

       

    The Service Provider hosts a portal for their customer to:

    1. Select the application it wants to host
    2. Bandwidth requirements

    The Service Provider hosts a portal for their customer to:

    1. Select the application it wants to host
    2. Bandwidth requirements
    3. Connections

    Based on the selection, the Service Provider can configure the appropriate partitions with configurations related to specific applications in the back-end using NITRO APIs.

    Based on the application selected by the customer, choose the appropriate option.

    1. Web app using SSL
      1. SSL certificate option to be bound to VIP
      2. HTTP to HTTPS redirect
      3. SSL Profile related parameters
    2. SQL
      1. SQL related filters that customer wants to configure
    3. SharePoint
      1. Caching memory limit and rules
      2. Compression policies

    The Service Provider follows one of the two options to implement the exact requirements after the creation of Admin Partitions.

    Configuration option 1:

    The Service Provider gathers the requests from the customer and executes them on the respective partition.

    Configuration option 2:

    Automate Admin Partitions using NITRO APIs. Inputs can be gathered from front-end portal and in the back-end NITRO APIs can be executed to configure the partitions.

    Feature considerations

    Feature Support: Admin Partition is supported for most of the features and only not supported for a few features. For the exact list, refer to Citrix Docs and check in the particular software release. It will contain a table which lists the supportability matrix.

    Configuration limitations. Administration Partitions is not supported in:

    1. Clustering

       

    2. MPX-FIPS appliance

       

    Conclusion

    The key benefit of Admin Partitions is to enable the separation of the ADC at the software level and provide a secure, isolated user experience to each partition owner.

     


    Additional resources

    Troubleshooting tools

    Common Issues in Admin Partition:

    Admin partition on VPX on ESX:

    • Non-default partition not reachable when custom MAC address is configured.

       

    • Solution: promiscuous mode needs to be enabled on ESX for the non-default partition to work.

       

    Configuration failure:

    • Configuration might fail to throw the error Input files not present.

       

    • Relative path needs to be used and not the absolute path.

       

    VLAN configuration:

    • Admin Partition VLAN supports tagged VLAN, so when the VLAN is tagged, the switch to which the Citrix ADC Interface is connected should be configured with appropriate VLAN. For untagged VLAN, use the shared VLAN configuration

    Integrated cache memory allocation

    To configure integrated caching (IC) on a partitioned Citrix ADC, after defining the IC memory on the default partition, the super user can configure the IC memory on each admin partition such that the total IC memory allocated to all admin partitions does not exceed the IC memory defined on the default partition. The memory that is not configured for the admin partitions remains available for the default partition.

    For example, if a Citrix ADC appliance with two admin partitions has 10 GB of IC memory allocated to the default partition, and IC memory allocation for the two admin partitions is as follows:

    • Partition1: 4 GB

       

    • Partition2: 3 GB

       

    Then, the default partition has 10 - (4 + 3) = 3 GB of IC memory available for use.

    Note:

    If all IC memory is used by the admin partitions, no IC memory is available for the default partition.

    Commands for checking memory usage

    • Stat system memory within partition will show aggregated system level memory allocation for the partition and stat partition name will show the percentage of memory used within partition.
    >add partition p1Done>switch partition p1Donep1> stat system memorydone

     

    Citrix ADC Memory Information:

    Maximum Memory Available (MB): 50

    Memory Currently Available (MB): 50

    Memory Allocated (MB) 7

    Memory Allocated (%) 14.95

    InUse Memory  (MB) 7

    InUse Memory (%) 14.95

    Free Memory (MB) 42

     

    >stat partition p1

     

    Partition(s) Summary

       MinBW MaxBW MaxConn MaxMem

     

    p1 10240 10240  1024  10

     

    Partition Stats:

     

                           Rates (/s)   Total

    Current Bandwidth         --          0

    Current Connections       --          0

    Memory Usage (%)          --          14

    Total Packet Drops        0           7

    Total Drops (KB)          0           0

    Total Connection Drops    0           0

     
    • Configuration memory: Since each configuration is replicated in every Packet Engine accordingly memory gets allocated inside every Packet Engine. For example, if “add lb vserver” command takes around 10KB in peach Packet Engine and we created 10MB partition in a 5 – Packet Engine system, then in total it consumes 50KB of partition memory.
    • Precise value of memory requirement for a specic configuration can be measured by applying the configuration and running following command on Citrix ADC shell:
    root@ns# nsconmsg -s nspartid=1 -g mem_cur_used -d currentDisplaying performance informationCitrix ADC V20 Performance DataCitrix ADC NS11.0: Build 65.572.nc, Date: Apr 7 2016, 10:32:51reltime:mili second between two records Thu Feb 23 13:44:27 2017Index rtime totalcount-val delta rate/sec symbol-name&device-no 0   7000    7881865       6403    5333    mem_cur_usedsize partition_ctx(p1) (PART-1)

     

    In this experiment, around 9KB of memory is used in PPE-0 for Partition ID 1. Every Partition configured on Citrix ADC has a unique ID.

    The following command allows to measure memory estimation for complete system (including all Packet Engines) for a given Partition.

    root@ns# nsconmsg -s nspartid=1 -g mem_cur_used -d currentDisplaying performance informationCitrix ADC V20 Performance DataCitrix ADC NS11.0: Build 65.572.nc, Date: Apr 7 2016, 10:32:51 reltime:mili second between two records Thu Feb 23 13:44:27 2017Index rtime totalcount-val delta rate/sec symbol-name&device-no 0   7000    7881865       6403    5333    mem_cur_usedsize partition_ctx(p1) (PART-1)

     

    List of SNMP traps introduced in Citrix ADC 12.0

    Trap Name

    Description

    partitionCONNLimitExceeded

    Partition’s connection limit is exhausted and new connections are getting dropped

    partitionCONNLimitNormal

    Partition can now accept new connections

    partitionBWLimitExceeded

    Partition’s BW limit is exhausted and packets are getting dropped

    paritionBWThresholdReached

    Current BW Usage >= 80%

    partitionCONNThresholdReached

    Current active connection count >= 80%

    paritionCONNThresholdNormal

    Current active connection count <= 60%

    partitionMEMThresholdReached

    Current memory usage of PE >= 80%

    partitionMEMThresholdNormal

    Current memory usage of PE <= 60%

    partitionMEMLimitExceeded

    Current memory usage of PE >= 95%

    Additional references

    Exchange Client Network Bandwidth Calculator Beta

    How Much Bandwidth do I Need to run Microsoft Online Services

     

    Continued from Part 1

     

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...