Jump to content
Welcome to our new Citrix community!

Netscaler To Detect and Automatically Forward traffic to active node Only in Service Group.

Sudhir Bhagat

Recommended Posts



Received new requirement looks unique concept. 


Two or more then Two Service group member behind Virtual Server IP,  These service group members are configured with Active-Passive High Availability (i.e. One will be processing traffic and other will be as standby / listening only). Requirement from Netscaler is to "Monitors the Password Safe HA API", This is used to determine which is active and which is the passive node.  The Netscaler should detect & automatically direct the traffic to the active node only.


Link to comment
Share on other sites

Thanks Carl.....I am sorry i think some misunderstanding in requirement. 


Lemme explain the requirement again....


1- 02 members in a service group (Eg: and

2- Both the members are active (health monitor succeeds).

3- At backend, these servers ( and are configured with High Availability  - This point has nothing to do with Netcsaler ADC. This is just included for information.

4- Traffic will be forwarded to Active instance/Server only from Netscaler ADC Virtual Server till same is UP, if Down ...then traffic will auto route towards other available member (which we are referring here as Passive/Standby).



Link to comment
Share on other sites

If your monitor cannot determine which server is active, then do the following:

  • Create a LB vServer with just the Passive server. You can mark it as non-addressable so there's no IP address.
  • Create a LB vServer with just the Active server. Make sure the Active server has a monitor on it so ADC knows if it is UP on not.
    • Add Backup vServer and select the Passive vServer.
  • Like 1
Link to comment
Share on other sites

This is the config Carl is describing...for clarification.


I would NOT put the active passive members in the same service group. Either separate services or a primary service group vs. backup and do this at the lb vserver level.

lb_vsrv_primary points to primary service only

lb_vsrv_backup points to secondary service only

Make lb_vsrv_backup the "backup vserver" for lb_vsrv_primary.  


You should not have two services in the same service group for an active/passive config (if the monitor alone can't detect the active member...as Carl stated)


add service svc_primary http 80

add service svc_backup http 80

add lb vserver lb_vsrv_primary http <VIP1> 80

     bind lb vserver lb_vsrv_primary svc_primary

add lb vserver lb_vsrv_backup http 0   #non-addresssable if no vip needed

     bind lb vserver lb_vsrv_backup svc_backup

set lb vserver lb_vsrv_primary -backupvserver lb_vsrv_backup


When svc_primary is down, lb_vsrv_primary is down and will spillover to lb_vsrv_backup/svc_backup.  Users will still use original vip/fqdn to get to lb_vsrv_primary but it will send it to service(s) on lb_vsrv_backup...

Standard active/passive config.


IF a service group has multiple members bound it is load balancing to all members in an UP state same as if it was one lb vserver with 2 services; they are both active unless the monitor can "follow the primary".  Active/Passive load balancing is usually used instead.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...