Jump to content
Welcome to our new Citrix community!

Using more than one SNIP for one Subnet of Backend Server.


Recommended Posts

Hi Everybody,

 

I have a question: When i use more than one SNIP for same Subnet Backend Server.

 

How it works? and Does the connection split the load evenly across each SNIP?

 

Example: we have two SNIP: 192.168.1.254 and 192.168.253 for subnet of four backend server 192.168.1.1 – 192.168.1.4.

 

Please advise.

Many Thanks

Link to comment
Share on other sites

Is there a reason you want multiple SNIPs in a given subnet or in use by a single vserver/app?

 

What Carl said.  Multiple snips in same subnet will be used round robin.

 

For net profiles:  Better option if you use a net profile, is to use the net profile to assign a VIP in the subnet you are using so it only fulfils the net profile functions and has no additional "SNIP" capabilities.  In this case a VIP in a backend network used as a net profile will just act as the "backend ip" for traffic assigned the net profile; but it will not respond to any other network arp lookups not associated with the net profile traffic. If the VIP isn't assigned to a vserver it just acts as an alternate backend ip.

 

 

 

Link to comment
Share on other sites

Thanks Carl and Rhonda,

When I configure the netprofile and add two IP in the setIP configuration.
Is the mechanism the same as if I use 2 SNIPs?
The reason I use a lot of IP SNIPs is that Backend Server limit a certain number of SYN+ACKs and when the threshold is reached, the Backend Server will block that SNIP.

Link to comment
Share on other sites

You will still have a snip on the subnet for other functions; but the netprofile assigned IP will be the source ip for traffic depending on whether you bind to the vserver, service/servicegroup, or monitor.  Applying to vserver will affect all traffic to all services on that vserver.

 

But just adding more IPs doesn't really fix your underlying issue just delays it.

 

But you can also avoid the issue by any of the following:

- change the tcp or tcp_default monitor to a ping monitor instead to avoid the syn/syn-ack only issue. Or other monitor type depending on the application in question.  (May also benefit from changing connection close behavior of monitor noted below.)

- change the backend server to not do that with the syn/syn-ack responses or at least increase the connection table to limit impact.

- You can assign your monitors a sepearate netprofile IP to at least separate the monitor traffic causing the syn-acks from the regular traffic. But this doesn't really fix the original problem, but gives you options to separate monitor traffic from service/vserver traffic.

 

You could also see if changing the tcp monitor behavior from fin to reset alleviates the issue. Setting can be set on service or monitor:  https://docs.citrix.com/en-us/citrix-adc/current-release/load-balancing/load-balancing-configure-monitors/close-monitor-connection.html

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...