Where Does a Citrix NetScaler Fit in the Network?
A NetScaler resides between the clients and the servers, so that client requests and server responses pass through it. In a typical installation, virtual servers (vservers) configured on the NetScaler provide connection points that clients use to access the applications behind the NetScaler. In this case, the NetScaler owns public IP addresses that are associated with its vservers, while the real servers are
isolated in a private network. It is also possible to operate the NetScaler in a transparent mode as an L2 bridge or L3 router, or even to combine aspects of these and other modes.
Physical Deployment Modes
A NetScaler logically residing between clients and servers can be deployed in either of two physical modes: inline and one-arm.
In the normal inline mode, multiple network interfaces are connected to different Ethernet segments and the NetScaler is placed between the clients and the servers. The NetScaler has a separate network interface to each client network and a separate network interface to each server network. The NetScaler and the servers can exist on different subnets in this configuration. It is possible for the
servers to be in a public network and the clients to directly access the servers through the NetScaler, with the NetScaler transparently applying the L4-L7 features. Usually, vservers (described later) are configured to provide an abstraction of the real servers. The following diagram illustrates a typical inline deployment.
In a less common version of one-arm mode, only one network interface of the NetScaler is connected to an Ethernet segment. The NetScaler in this case does not isolate the client and server sides of the network, but provides access to applications through configured vservers. This version of one-arm mode can simplify network changes needed for NetScaler installation in some environments.
Citrix NetScaler as an L2 Device
A NetScaler functioning as an L2 device is said to operate in L2 mode. In L2 mode, the NetScaler forwards packets between network interfaces when all of the following conditions are met:
• The packets are destined to another device's media access control (MAC) address.
• The destination MAC address is on a different network interface.
• The network interface is a member of the same virtual LAN (VLAN).
By default all network interfaces are members of a pre-defined VLAN, VLAN 1. Address Resolution Protocol (ARP) requests and responses are forwarded to all network interfaces that are members of the same VLAN. To avoid bridging loops, L2 mode must be disabled if another L2 device is working in parallel with the NetScaler.
Citrix NetScaler as a Packet Forwarding Device
A NetScaler can function as a packet forwarding device, and this mode of operation is called L3 mode. When a NetScaler in L3 mode receives, on its MAC address, unicast packets that are destined for an unknown IP address, it forwards them if there is a proper route to the destination. A NetScaler can also route packets between VLANs.
In both modes of operation, L2 and L3, a NetScaler generally drops packets that are in:
• Unknown protocol frames destined for a NetScaler's MAC address (non-IP and non-ARP)
• Spanning Tree protocol
I really enjoyed while reading your article, the information you have mentioned in this post was damn good. Keep sharing your blog with updated and useful information..
ReplyDeleteread more about best citrix netscaler training