Jump to content
Welcome to our new Citrix community!

Configuring and Managing Virtual IP (VIP) Addresses


Onur Demir

Recommended Posts

Dear Experts,

 

There are two commands I don't understand difference between them.  These commands are originally taken from the netscaler we're using.

 

It seems that both of them are VIPs. However one of them binds to a lb vserver and make the vserver work, other one just sitting there doing nothing. 

 

What is the purpose of using the first command (ip1) if there is no vserver bind to that ip ? 

 

Thanks in advance, 

 

> sh ns ns.conf | grep [ip1]

add ns ip [ip1] 255.255.255.255 -type VIP

 

> sh ns ns.conf | grep [ip2]

add lb vserver [name] SSL [ip2] 443 -persistenceType NONE -cltTimeout 180 -appflowLog DISABLED

 

> sh ns ip [ip1]

        IP: [ip1]
        Netmask: 255.255.255.255
        Type: VIP
        Traffic Domain: 0
        state: Enabled
        arp: Enabled
        arpResponse: NONE
        icmp: Enabled
        icmpResponse: NONE
        vserver: Enabled
        management access: Disabled
          telnet: Disabled
          ftp: Disabled
          ssh: Disabled
          gui: Disabled
          snmp: Enabled
        Restrict access: Disabled
        dynamic routing: Disabled
        hostroute: Disabled
        networkroute: Disabled
        ownerNode: ALL NODES
 Warning: management access is disabled


 

> sh ns ip [ip2]

        IP: [ip2]
        Netmask: 255.255.255.255
        Type: VIP
        Traffic Domain: 0
        state: Enabled
        arp: Enabled
        arpResponse: NONE
        icmp: Enabled
        icmpResponse: NONE
        vserver: Enabled
        management access: Disabled
          telnet: Disabled
          ftp: Disabled
          ssh: Disabled
          gui: Disabled
          snmp: Disabled
        Restrict access: Disabled
        dynamic routing: Disabled
        hostroute: Disabled
        networkroute: Disabled
        ownerNode: ALL NODES
 Warning: management access is disabled


 

Link to comment
Share on other sites

1 hour ago, Onur Demir said:

> sh ns ns.conf | grep [ip1]

add ns ip [ip1] 255.255.255.255 -type VIP

 


> sh ns ns.conf | grep [ip2]

add lb vserver [name] SSL [ip2] 443 -persistenceType NONE -cltTimeout 180 -appflowLog DISABLED

 

I think what you are asking is the difference between creating a VIP vs. creating a vserver using a VIP:
add ns ip <ip> 255.255.255.255 -type VIP

add lb vserver <lb vserver> SSL <IP2> 443

 

A VIP (virtual ip) is the L3 IP address entity, in this case, specifically in the role of a VIP.  The VIP object you can set VIP behavior like ICMP response behavior, arp behavior, etc...

The VIP virtual IP is just the IP Address though. (Different IPs can have different functional roles on the ADC such as VIP, SNIP, and NSIP).

 

A virtual server (whether LB (load balancing), CS (content switching), or VPN (gateway/vpn etc), and a few others is a entity that performs a specific function on specific L3/L4 (IP/port) combination.  You can use the same VIP on multiple vservers as long as each vserver is on different ports.

When you configure the lb vserver you are assigning the IP:PORT:Protocol that that vserver is specifically listening ON and the behavior of that vserver. For LB, that would include load balancing methods, persistence, and thresholds.

 

Any IP address assigned to the vserver is a VIP.

Use the "VIP" to set L3 behavior.  Use the VSERVER to set the vserver specific functionality.

 

When it comes to VIPs you can explicitly create them before assigning them to a vserver OR you can assign an IP to a vserver and the VIP is implicitly created for you.

Example 1:

add ns ip 10.10.10.100 255.255.255.255 -type VIP  <and other vip parameters>

add lb vserver lb_vsrv_demo1_http HTTP 10.10.10.100 80   # web stuff

add lb vserver lb_vsrv_demo1_ssl SSL 10.10.10.100 443    # https stuff

add lb vserver lb_vsrv_demo1_ftp FTP 10.10.10.100 21     # ftp stuff

 

In this case, you could create the VIP first, set in IP/Layer 3 behavior and assign it to one or more vservers on separate ports so you can load balance, HTTP/SSL and FTP indepdently of each other.  The port users connect to this VIP would determine which vserver they are on.

 

Example 2:

# don't create VIP first

add lb vserver lb_vsrv_demo2_http  HTTP 10.10.10.200 80

# system will say, "oh, you assigned an IP to a vserver, this must by definition be a VIP"

# then you can edit the VIP properties.  You will still end up with:

add ns ip 10.10.10.200 255.255.255.255 -type VIP

 

Bottom line:

VIPs assign to vservers and act as user-entry points for traffic.  Unlike SNIPs or the NSIP they cannot be used for management access (to make NS config changes); the only "management" function they support is for SNMP polling.  

All vservers are basically a specific set of functions (lb/cs/vpn/etc) on a specific Layer3 (IP) and Layer4 (TCP/UDP) port combination.  

 

 

 

 

 

 

 

 

 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...