Citrix NetScaler GSLB Configuration – Active/Passive Internal

Citrix NetScaler GSLB Configuration (Active/Passive Internal)

This article tackles the full process (from end to end) needed to properly and successfully implement Citrix NetScaler GSLB configuration services into your environment. This process can be rather confusing, detailed, and frustrating to fully grasp and understand. I feel the biggest problem for most people (and what I went through and experienced myself back when I initially started to learn the product) is that it is always explained from either a holistic approach (forcing all of the information down your through at once), or in sectioning out the different sub-components of the process as a whole and not properly following through to best explain how all of these components tie together and the needed process flow of events for successful implementation and in seeing the whole picture through the learning process. With that, here is my attempt to finally provide the ideal learning experience and article. (Please bear with me as this will be a living document over time, with the end goal of excellence, though the process may be a little rocky to start).

Citrix NetScaler GSLB - Other Related Posts:

Citrix NetScaler GSLB Configuration Tasks List (in order of occurrence):

(Section 1) Virtual IP Configuration:

  • Use existing SNIP, adding new SNIP, adding new "GSLB Site IP"
  • The use of a single SNIP or GSLB Site IP for ADNS/GSLB purposes at each site location is probably the most common configuration approach. Combining ADNS/ GSLB Site IP/ MEP all on a single virtual IP address.
    • In addition, I like to keep at least one dedicated/separate SNIP for all connectivity from NetScaler to back-end servers.

post-gslb-internal-active-passive-create-ip-img-001

  • Available options when creating a new NetScaler appliance IP Address under firmware 11.x and later.
  • The main two (and really only two) options of choice are "Subnet IP" (SNIP) and "GSLB Site IP"
ADNS Configuration 1

ADNS Configuration 1

  • The first thing you will need configured is an current SNIP available for use (open or shared). This SNIP will be used later on in this article for assigning MEP, GSLB Site, and DNS/ADNS services to. To check if one is available, view existing SNIP assigned IP Address, or create a SNIP, complete the following...
    • NS web management, logon, Configuration tab
    • System, Network, IPs
    • View "Type" category entry defined as "SNIP"
    • If editing an existing SNIP or adding a new one, you will see a screen similar to the one shown directly above.
  • Note: - In addition to using a "SNIP", you also have the option to use a "GSLB Site IP" for a more direct service focused and purpose based approach. My personal preference is to use a "GSLB Site IP" for better segmentation of similar purpose driven network traffic. Combining with an existing SNIP can cause headaches when troubleshooting connections, and network traces in seeing too much data from spanning multiple connection types and purposes.
  • If/when wanting to secure your GSLB cross site connection, make sure to "Enable Management Access" for the IP and only allow "SSH" as shown above. Making sure to completed this process at both site locations and correlating NetScaler appliances.
    • This approach is highly recommended when your GSLB Site connection traverses the Public Internet. Personally, I like to always secure this link and network traffic crossing no matter if the link is internal or external.

(Section 2) ADNS Install and Configuration:

Citrix NetScaler GSLB Configuration Image 002

ADNS Install and Configuration Image 002

  • Creating the ADNS services and assigning it with the same IP address as the SNIP (or "GSLB Site" IP) you wish to have it bound to.
    • Navigate to Traffic Management, Load Balancing, Services.
Citrix NetScaler GSLB Configuration Image 003

ADNS Install and Configuration Image 003

  • Click on the "Add" button
ADNS Configuration 4

ADNS Configuration 4

  • Configure the new ADNS service with a Name such as "ADNS", "svc_adns" (or something similar).
  • Bind this new service to a “New Server” and provide it with an IP Address that is the exact same as the SNIP it will be bound to.
  • Under the “Protocol” field select “ADNS” from the pull down menu and configure a Port number of 53.
  • ADNS service listening on network port UDP/53.
  • Click on "OK"
Citrix NetScaler GSLB Configuration Image 005

ADNS Install and Configuration Image 005

  • This will take you to the "all and advanced" configuration screen. No additional settings need to be configured so scroll to the bottom of the page and select "Done".
Citrix NetScaler GSLB Configuration Image 006

ADNS Install and Configuration Image 006

  • Now we will check the status of the SNIP that we just bound the ADNS service to for validation purposes.
    • System, Network, IP
ADNS Configuration 7

ADNS Configuration 7

  • Find the appropriate SNIP and make sure its "Type" field now also reads "ADNS svc IP".

(Section 3) GSLB Site and MEP Configuration:

MEP-GSLB Image 01

MEP-GSLB Image 01

  • Enable GSLB feature/service on your NS appliance.
    • Note - an appropriate level of needed license edition is required for use of this specific feature.
MEP-GSLB Image 02

MEP-GSLB Image 02

  • Configuring GSLB Sites (Local and then Remote configured in that order)
    • Allowing NS appliance communication, MEP protocol data exchange, and state information.
MEP-GSLB Image 03

MEP-GSLB Image 03

 

MEP GSLB Image 04

MEP GSLB Image 04

 

MEP GSLB Image 05

MEP GSLB Image 05

 

MEP GSLB Image 06

MEP GSLB Image 06

 

MEP-GSLB Image 07

MEP-GSLB Image 07

  • Configuring secure RPC communication between NS appliances at separate GSLB Site locations. Completing this process secures communication using/forcing TCP/3009.
  • If issues occur getting the two GSLB sites to talk with one another and to enter the "UP/Active" state, you may want to try resetting the RPC communication password on both ends in addition to checking and resetting the password at both GSLB Sites.
MEP GSLB Image 08

MEP GSLB Image 08

 

MEP GSLB Image 09

MEP GSLB Image 09

 

MEP GSLB Image 10

MEP GSLB Image 10

(Section 4) Global Server Load Balancing Services:

GSLB Services Image 1

GSLB Services Image 1

 

GSLB Services Image 2

GSLB Services Image 2

 

GSLB Services Image 3

GSLB Services Image 3

 

GSLB Services Image 4

GSLB Services Image 4

 

GSLB Services Image 5

GSLB Services Image 5

 

GSLB Services Image 6

GSLB Services Image 6

 

GSLB Services Image 7

GSLB Services Image 7

 

GSLB Services Image 8

GSLB Services Image 8

 

GSLB Services Image 9

GSLB Services Image 9

 

GSLB Services Image 10

GSLB Services Image 10

 

GSLB Services Image 11

GSLB Services Image 11

 

GSLB Services Image 12

GSLB Services Image 12

(Section 5) GSLB Virtual Server Configuration:

GSLB VServer Configuration 1

GSLB VServer Configuration 1

 

GSLB VServer Configuration 2

GSLB VServer Configuration 2

 

GSLB VServer Configuration 3

GSLB VServer Configuration 3

 

GSLB VServer Configuration 4

GSLB VServer Configuration 4

 

GSLB VServer Configuration 5

GSLB VServer Configuration 5

 

GSLB VServer Configuration 6

GSLB VServer Configuration 6

 

GSLB VServer Configuration 7

GSLB VServer Configuration 7

 

GSLB VServer Configuration 8

GSLB VServer Configuration 8

 

GSLB VServer Configuration 9

GSLB VServer Configuration 9

 

GSLB VServer Configuration 10

GSLB VServer Configuration 10

 

GSLB VServer Configuration 11

GSLB VServer Configuration 11

 

GSLB VServer Configuration 12

GSLB VServer Configuration 12

 

GSLB VServer Configuration 13

GSLB VServer Configuration 13

 

GSLB VServer Configuration 14

GSLB VServer Configuration 14

 

GSLB VServer Configuration 15

GSLB VServer Configuration 15

 

GSLB VServer Configuration 16

GSLB VServer Configuration 16

 

GSLB VServer Configuration 17

GSLB VServer Configuration 17

 

GSLB VServer Configuration 18

GSLB VServer Configuration 18

 

GSLB VServer Configuration 19

GSLB VServer Configuration 19

 

GSLB VServer Configuration 20

GSLB VServer Configuration 20

 

GSLB VServer Configuration 21

GSLB VServer Configuration 21

 

GSLB VServer Configuration 22

GSLB VServer Configuration 22

 

GSLB VServer Configuration 23

GSLB VServer Configuration 23

 

GSLB VServer Configuration 24

GSLB VServer Configuration 24

 

GSLB VServer Configuration 25

GSLB VServer Configuration 25

  • Under this configuration using "Backup Virtual Server" under the Active site GSLB virtual server you are in essence configuring an Active/Passive environment and connectivity model.

(Section 6) GSLB Configuration Synchronization:

GSLB Config Sync 1

GSLB Config Sync 1

  • Configuring and using GSLB configuration synchronization is NOT a mandatory setting and method of configuration, but does save on configuration time between NS appliances at both GSLB Sites.
    • This feature helps to automate the configuration process across NS appliances by configuring settings under the Active GSLB Site and then simply propagating/syncing those settings to the connected NS appliance (not having to connect to passive NS appliance for manual configuration efforts).
      • Note - additional configuration and network ports need to be open between the two GSLB Sites for proper communication.
GSLB Config Sync 2

GSLB Config Sync 2

 

GSLB Config Sync 3

GSLB Config Sync 3

 

GSLB Config Sync 4

GSLB Config Sync 4

 

GSLB Config Sync 5

GSLB Config Sync 5

 

GSLB Config Sync 6

GSLB Config Sync 6

(Section 7) DNS Sub-Domain Delegation and ADNS (Internal Connectivity):

DNS Sub-Zone Delegation 1

DNS Sub-Zone Delegation 1

 

DNS Sub-Zone Delegation 2

DNS Sub-Zone Delegation 2

 

DNS Sub-Zone Delegation 003

DNS Sub-Zone Delegation 003

 

DNS Sub-Zone Delegation 4

DNS Sub-Zone Delegation 4

 

DNS Sub-Zone Delegation 04

DNS Sub-Zone Delegation 04

 

DNS Sub-Zone Delegation 6

DNS Sub-Zone Delegation 6

 

DNS Sub-Zone Delegation 7

DNS Sub-Zone Delegation 7

 

DNS Sub-Zone Delegation 8

DNS Sub-Zone Delegation 8

 

DNS Sub-Zone Delegation 9

DNS Sub-Zone Delegation 9

 

DNS Sub-Zone Delegation 10

DNS Sub-Zone Delegation 10

 

DNS Sub-Zone Delegation 11

DNS Sub-Zone Delegation 11

 

DNS Sub-Zone Delegation 12

DNS Sub-Zone Delegation 12

 

DNS Sub-Zone Delegation 13

DNS Sub-Zone Delegation 13

 

DNS Sub-Zone Delegation 14

DNS Sub-Zone Delegation 14

 

DNS Sub-Zone Delegation 15

DNS Sub-Zone Delegation 15

 

DNS Sub-Zone Delegation 16

DNS Sub-Zone Delegation 16

  • The above screenshot show local MS DNS server pointing to ADNS service and IP under netscaler configuration.
DNS Sub-Zone Delegation 17

DNS Sub-Zone Delegation 17

1 Response

  1. This is great especially with the screenshots. It would be helpful if you can separate the steps for Active and Passive NS. Also why do you only have one ADNS? I thought you should one for each? Thanks

Leave a comment