Jump to content
Welcome to our new Citrix community!

Loadbalance multiple ports using same port range on vserver and servicegroup


I C

Recommended Posts

I am fairly new to the netscaler world.

I have already checked these 3 posts:

https://discussions.citrix.com/topic/388131-best-way-to-balance-multiple-ports/?csrfKey=0e10238c814aeec0d0303d25322fb1d6

https://support.citrix.com/article/CTX129192

https://discussions.citrix.com/topic/294401-loadbalancing-port-ranges/

 

My question is, do I need to bind the vserver after configuring to listen to all ports to the service groups on the ports I am interested. This will still create a lot of admin work, I am still confused, as you can see from my screenshot I do not have anything bound to my vserver "DYNAMIC_PORTS" therefore I think it doesn't work at the moment.

 

Ports I am interested:

https://docs.microsoft.com/en-us/previous-versions/mim/ee534892(v=ws.10)

 

TCP/UDP 135 (RPC EPMapper)
TCP/UDP 389 (LDAP, LDAP Ping)
TCP 636 (LDAP over SSL)
TCP 3268 (GC)
TCP 3269 (GC SSL)
TCP/UDP 53 (DNS)
TCP/UDP 88 (Kerberos)
TCP Dynamic (RPC)
TCP/UDP 464 (Kerberos Change/Set Password)
TCP 445 – (CIFS/ MICROSOFT-DS)


To facilitate WMI communication, you will also need to make sure the following ports are open between the server running the FIM Service and the server running the FIM Synchronization Service:

TCP/UDP 135 (RPC EPMapper)
TCP 135 (RPC EPMapper)
TCP 5725
TCP 5726
TCP 5000-5001 Dynamic RPC ports (PCNS)
TCP 57500-57520 Dynamic RPC ports (AD MA)

 

If it's easier to loadbalance all the ports from front end to back end what is the best and easiest solution. Thank you for looking at my question.image.thumb.png.b185636cf52fb28f69a57f4e947c1b85.png

Link to comment
Share on other sites

10 hours ago, Paul Blitz said:

Create a vserver using "any" for the port, then use a LISTEN POLICY to define the multiple ports : https://support.citrix.com/article/CTX129192

 

Thank you Paul, I think I have done this already, please see below,  but the service owner said it doesn't work for the specified ports , 57500-57520.

 

As discussed and as Mihai said, thank you Mihai,  I think even we have the listening policy on we need to bind the vserver *any to something to the back end servers , service or service groups(doesn't have option *any port) to make it work as the vserver will not know where to send the requests after receiving them, this is my believe anyway, I might be wrong. 

 

screenshot.png

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...