Sukhwant Singh1709160818 Posted November 11, 2020 Share Posted November 11, 2020 Hi All, We have an HA Pair MPX 8200 appliances. We are looking to change just the subnet maske on the SNIP. Can someone point me in the right direction? Any input/suggestions are appreciated! Link to comment Share on other sites More sharing options...
Daniel Weppeler1709159306 Posted November 11, 2020 Share Posted November 11, 2020 Hey, Did you try this cli command? set ns ip [SNIP] -netmask [MASK] Cheers, Daniel 1 Link to comment Share on other sites More sharing options...
Sukhwant Singh1709160818 Posted November 11, 2020 Author Share Posted November 11, 2020 1 hour ago, Daniel Weppeler1709159306 said: Hey, Did you try this cli command? set ns ip [SNIP] -netmask [MASK] Cheers, Daniel Thanks Dan for the reply. I did not try this command as wasnt sure of the exact command to use. I will try this. One other question I do have is, do we have to break our HA pair and do this on each node? Or can we simply leave everything as is and just do this command on primary node and let it sync down to secondary? Link to comment Share on other sites More sharing options...
Diego Oliveira Posted November 11, 2020 Share Posted November 11, 2020 All your answers are here.: https://discussions.citrix.com/topic/387397-cannot-delete-netscaler-snip/ Link to comment Share on other sites More sharing options...
Sukhwant Singh1709160818 Posted November 11, 2020 Author Share Posted November 11, 2020 I'm not looking to delete the SNIP. I just need to know what the best way to change the subnet mask on the existing SNIP in a HA pair environment. Link to comment Share on other sites More sharing options...
CarlStalhood Posted November 11, 2020 Share Posted November 11, 2020 Primary node only. If you have to delete the SNIP, then I usually prepare all command lines and run them at the same time. First the "rm" command. Then the "add" command. Outage will be minimal. You might have additional commands that reference the NSIP (e.g. ADNS service) so you'd have to "rm" each of those commands, then "add" the SNIP with the correct subnet mask, and then re-run the other "add" commands that reference the SNIP. 1 Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted November 11, 2020 Share Posted November 11, 2020 Changing a SNIP does not break the HA pair as the ADC's communicate NSIP to NSIP. SNIP (subnet IPs) are a shared configuration and can be changed by changing value on primary and it will propagate to secondary. However, you may not be able to change the netmask on an existing SNIP without deleting and creating a new one. In that case, you may have to go through extra steps to avoid issues (routes and last remaining snip etc) But it is still a shared IP and can be adjusted from the primary only. If you can clarify your scenario then we can adjust the steps. Also: do the following to see if you other dependencies on this snip before changing and backup your config first before attempting changes. show ns runningconfig | grep <snip> Now, if you actually meant changing the NSIP's subnet mask...then that is a different conversation. 1 Link to comment Share on other sites More sharing options...
Sukhwant Singh1709160818 Posted November 11, 2020 Author Share Posted November 11, 2020 27 minutes ago, Rhonda Rowland1709152125 said: Changing a SNIP does not break the HA pair as the ADC's communicate NSIP to NSIP. SNIP (subnet IPs) are a shared configuration and can be changed by changing value on primary and it will propagate to secondary. However, you may not be able to change the netmask on an existing SNIP without deleting and creating a new one. In that case, you may have to go through extra steps to avoid issues (routes and last remaining snip etc) But it is still a shared IP and can be adjusted from the primary only. If you can clarify your scenario then we can adjust the steps. Also: do the following to see if you other dependencies on this snip before changing and backup your config first before attempting changes. show ns runningconfig | grep <snip> Now, if you actually meant changing the NSIP's subnet mask...then that is a different conversation. Thanks for the reply and suggestions! See below: We have 8200 MPX appliances in HA mode. We are looking to shrink our IP scheme from a /16 to /22. The SNIP mask is currently set to 255.255.0.0. We are looking to make this 255.255.252.0 mask. No changes to NSIP. That is all we are looking to do in this exercise. If you can provide some steps on the right way to go about this, that will be extremely helpful. Link to comment Share on other sites More sharing options...
Sukhwant Singh1709160818 Posted November 12, 2020 Author Share Posted November 12, 2020 Is the below correct CLI syntax to use: add nsip <New_IP_address> <subnet_mask> -type SNIP Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted November 13, 2020 Share Posted November 13, 2020 Yes: add ns ip <IP> <mask> -type snip If this is the only SNIP in your subnet, before removing and creating a new one, you may want to search the config for any routes/vlans that will be impacted. show ns runningconfig | grep <snip> -i Should show any dependencies referencing this. Typically, you can't remove the last remaining SNIP from a system, but you also don't remove a SNIP that is the only SNIP a route or vlan depends on. So like Carl said, under stand all the dependencies and the replacement commands you need (and backup config first for easy restoration). Or try to a new snip in the network, and then swap dependencies to new one before removing old... You can use a test vpx to try out the commands before you impact a production system. 1 Link to comment Share on other sites More sharing options...
Sukhwant Singh1709160818 Posted November 13, 2020 Author Share Posted November 13, 2020 1 hour ago, Rhonda Rowland1709152125 said: Yes: add ns ip <IP> <mask> -type snip If this is the only SNIP in your subnet, before removing and creating a new one, you may want to search the config for any routes/vlans that will be impacted. show ns runningconfig | grep <snip> -i Should show any dependencies referencing this. Typically, you can't remove the last remaining SNIP from a system, but you also don't remove a SNIP that is the only SNIP a route or vlan depends on. So like Carl said, under stand all the dependencies and the replacement commands you need (and backup config first for easy restoration). Or try to a new snip in the network, and then swap dependencies to new one before removing old... You can use a test vpx to try out the commands before you impact a production system. We have a total of 3 SNIPs but the one we are changing the netmask on is the one that communicates on the backend to our server vlan. The goal is here to not remove the current SNIP but just change the netmask on it. Now if I get a gist of what you are saying, it seems as if I will need to remove this SNIP and then add it back. I guess my question does the changing of the netmask on the SNIP require me to remove it first. Both you and Carl have mentioned so I'm just trying to clarify so I know what to plan for. If removing/deleting SNIP following above steps as you and Carl have highlighted. If just changing netmask on SNIP then "add ns ip <IP> <mask> -type snip" on Primary node would work just fine, correct? Thanks for all your help! :) Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted November 13, 2020 Share Posted November 13, 2020 I believe you have to remove to change it as I can't get it to run a change netmask only on my system BUT in my case the netmask I'm trying to change isn't valid...so its hard to verify for sure. If you have any dependencies on this ONE Snip (routes/vlans) prior to removal you could lose those dependent settings. So, adding the new snip first with the new netmask may allow you to change routes or vlan/ip netmaks bindings to new entity before removing old. If you can't add due to a conflict you would want to prep all the commands like carl says so that you can remove and re-add new settings in one simple copy/paste to minimize outage/impacts. 1 Link to comment Share on other sites More sharing options...
Sukhwant Singh1709160818 Posted November 13, 2020 Author Share Posted November 13, 2020 35 minutes ago, Rhonda Rowland1709152125 said: I believe you have to remove to change it as I can't get it to run a change netmask only on my system BUT in my case the netmask I'm trying to change isn't valid...so its hard to verify for sure. If you have any dependencies on this ONE Snip (routes/vlans) prior to removal you could lose those dependent settings. So, adding the new snip first with the new netmask may allow you to change routes or vlan/ip netmaks bindings to new entity before removing old. If you can't add due to a conflict you would want to prep all the commands like carl says so that you can remove and re-add new settings in one simple copy/paste to minimize outage/impacts. Got it makes sense now! Thanks for your suggestions! Really appreciate it. I'll follow what you and Carl have mentioned. I'll provide an update as to what we do to complete this just so everyone knows for future use. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now