Jump to content
Welcome to our new Citrix community!

Netscaler 13.0 - How to redirect connect when Virtual server and server are in different port

Recommended Posts

Good Morning,

 I have a scenario where my costumer call the URL "http://paperino.dominio.it:84/aa/" and him want to balance the conn between 2 server in difference listen port:



Virtual Server:       

LB_paperino:TCP 84 


Service Group:

SVG_paperino with member server1 listen in port80

SVG_paperino with membe server2 listen in port81


I binded the virtual server LB_paperino to Service Group SVG_paperino


How Can I redirect port from virtual server 84 to 80 for server1 and port 81 for server2?


N.B.  Proxy port in global system in flagged!



Link to comment
Share on other sites

Are both backend services reachable with http or does it need to be TCP protocol?

Usually the NetScaler does it automatically, if you bind one server to service group port 80 and the other one to port 81, the NetScaler transmits the connection towards the desired port of the bound backend services. Is it not working currently? I have tested it briefly in my lab and it seemed to work just fine

Link to comment
Share on other sites

Hi Jens,

thank you for answer.

Yes, both backend services are reacheble with tcp protocol, from tcpdump I saw the "monitor" connection to discovery status of service.


But unfortunally I don't saw any data traffic pass between netscaler to server.



Link to comment
Share on other sites

Why are you using TCP rather than HTTP?


Is there any particular reason that the Vserver is on port 84, surely port 80 would be more convenient?


The syntax "http://<fqdn>:84" is simply to tell the web browser that it needs to connect on port 84, rather than the default port 80: the "84" is never sent to the sever. The Netscaler's Vserver is on port 84, so it will accept the traffic, and it will send the traffic to the backend servers on the ports specified by their bindings to the service group 80 and 81) : you seem to have that correct. Are they the right way around? Are the IP's correct? 


So, let's look at other things: the fact that you have a working monitor indicates that you have a SNIP... what monitor are you using that is validating the back end? If it's the default-tcp one, then maybe the actual service isn't there, it's something else.... what happens if you use a local browser, and connect to "http://<ip1>" and "http://<ip2>:81"?


Ok, a silly one: have you checked the netmask of the VIP address? If you create the VIP address by adding a vserver, then the netmask will be "", which may cause you problems on the front end!


Take a look at the stats for the LB and the service group: what do they show?


Using wireshark: do you see the request packet coming in to the VIP? Do you see that traffic being passed to the backend servers?

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...