Where Does a NetScaler Fit in the Network?
NetScaler resides in front of web and applications servers, so that client requests and server responses pass through it. In a typical installation, virtual servers (vservers) configured on the NetScaler provide connection/termination points that clients use to access the applications delivered by NetScaler. In this case, the NetScaler owns public IP addresses that are associated with its vservers, while the real servers are isolated in a private network. It is also possible to operate the NetScaler in a transparent mode as an L2 bridge or L3 router, or even to combine aspects of these and other modes.
Physical Deployment Modes
NetScaler can be deployed in either of two physical modes: inline and one-arm. In inline mode, ultiple network interfaces are connected to different Ethernet segments, and the NetScaler is placed between the clients and the servers. The NetScaler has a separate network interface to each client network and a separate network interface to each server network. The NetScaler and the servers can exist on different subnets in this configuration. It is possible for the servers to be in a public network and the clients to directly access the servers through the NetScaler, with the NetScaler transparently applying the L4-L7 features. Usually, vservers are configured to provide an abstraction of the real servers.
The following figure shows a typical inline deployment.
In one-arm mode, only one network interface of the NetScaler is connected to an Ethernet segment. The NetScaler in this case does not isolate the client and server sides of the network, but provides access to applications through configured vservers. One-arm mode can simplify network changes needed for NetScaler installation in some environments.
Citrix NetScaler as an L2 Device
A NetScaler functioning as an L2 device is said to operate in L2 mode. In L2 mode, the NetScaler
forwards packets between network interfaces when all of the following conditions are met:
• The packets are destined to another device’s media access control (MAC) address.
• The destination MAC address is on a different network interface.
• The network interface is a member of the same virtual LAN (VLAN).
By default, all network interfaces are members of a pre-defined VLAN, VLAN 1. Address Resolution
Protocol (ARP) requests and responses are forwarded to all network interfaces that are members of
the same VLAN. To avoid bridging loops, L2 mode must be disabled if another L2 device is working
in parallel with the NetScaler.
Citrix NetScaler as a Packet Forwarding Device
A NetScaler can function as a packet forwarding device, and this mode of operation is called
L3 mode. With L3 mode enabled, the NetScaler forwards any received unicast packets that are
destined for an IP address that it does not have internally configured, if there is a route to the
destination. A NetScaler can also route packets between VLANs.
In both modes of operation, L2 and L3, a NetScaler generally drops packets that are in:
• Unknown protocol frames destined for a NetScaler’s MAC address (non-IP and non-ARP)
• Spanning Tree protocol (unless BridgeBPDUs is ON)
How a NetScaler Communicates with Clients and Servers
A NetScaler appliance is usually deployed in front of a server farm and functions as a transparent
TCP proxy between clients and servers, without requiring any client-side configuration. This basic
mode of operation is called Request Switching technology and is the core of NetScaler functionality.
Request Switching enables a NetScaler to multiplex and offload the TCP connections, maintain persistent connections, and manage traffic at the request (application layer) level. This is possible
because the NetScaler can separate the HTTP request from the TCP connection on which the request is delivered.
Depending on the configuration, a NetScaler may process the traffic before forwarding the request to a server. For example, if the client attempts to access a secure application on the server, the NetScaler might perform the necessary SSL processing before sending traffic to the server.
To facilitate efficient and secure access to server resources, a NetScaler uses a set of IP addresses collectively known as NetScaler-owned IP addresses. To manage your network traffic, you assign NetScaler-owned IP addresses to virtual entities that become the building blocks of your configuration. For example, to configure load balancing, you create virtual servers (vservers) to receive client requests and distribute them to services, which are entities representing the applications on your servers.
No comments:
Post a Comment