Product Documentation

Integrating NetScaler Appliances with VMware NSX

Jul 01, 2016

In Software Defined Networking (SDN), a software application controller manages a network and its activities instead of hardware that supports the network. That is, SDN allows the network administrators to virtualize a physical network connectivity into a logical network connectivity and manage network services using a software based centralized management tool. SDN allows network engineers and administrators to respond to rapidly changing business requirements.

While the better known advantages of SDN are traffic programmability, greater agility, the ability to create policy driven network supervision, and implementing network automation, some of the specific advantages of SDN are listed below:

  • Centralized network provisioning
  • Increased network security at granular level
  • Reduced operating costs
  • Increased levels of cloud abstraction
  • Guaranteed content delivery
  • Reduced network downtime

NetScaler Management and Analytics System (MAS) supports SDN in enterprises network by integrating with SDN controllers of different vendors.

NetScaler MAS integrates with VMware network virtualization platform to automate the deployment, configuration, and management of NetScaler services. This integration abstracts away the traditional complexities associated with physical network topology, enabling vSphere/vCenter admins to programmatically deploy NetScaler services faster.

VMware NSX exposes logical firewalls, switches, routers, ports, and other networking elements to allow virtual networking among diverse hypervisors, cloud management systems, and associated network hardware. It also supports external networking, and security services.

The Cloud Orchestration feature of NetScaler MAS enables the integration of Citrix NetScaler products with VMware NSX, and provides the following capabilities:

  • Ability to allocate a pre-provisioned VPX on-demand to a certain Edge gateway as part of service insertion.
  • Ability to configure advanced features of NetScaler such as SSL and CS along with basic load balancing through application templates on the instances that are running inside NSX environment.
  • Ability to de-allocate a VPX from a certain Edge gateway as part of service deletion and re-allocate the same VPX for another Edge gateway.
  • Ability to rapidly deploy NetScaler ADC functions from the vCenter console as part of the deployment workflow of all the infrastructure required for an application.

Benefits:

  • Automated, on-demand allocation of new ADC services as part of an application deployment workflow
  • Simplified configuration of application specific, advanced ADC functionality through application templates
  • Multi-tenant separation-of-duties and a self-service consumption model while providing cloud administrators a single point of control
  • Easier integration with NetScaler MAS API’s, which help to support unanticipated future uses. 

Prerequisites

  • Install VMware ESXi version 4.1 or later with hardware that meets the minimum requirements.
  • Install VMware Client on a management workstation that meets the minimum system requirements.
  • Install VMware OVF Tool (required for VMware ESXi version 4.1) on a management workstation that meets the minimum system requirements.
  • Install NetScaler Management and Analytics System on any of the supported hypervisors.

For tasks to install NetScaler MAS build 11.1, on any of the supported hypervisors, see Installing NetScaler MAS Single Server Deployment.

VMware ESXi Hardware Requirements

The following table lists the virtual computing resources that you require on your VMware ESXi server to install a NetScaler MAS virtual appliance.

Component

Requirement

RAM

8 GB

Virtual CPU

8

Storage space

500 GB

Virtual Network Interfaces

1

Throughput

1 Gbps

Note: The memory and hard disk requirements specified above are for deploying NetScaler MAS on VMware ESXi server, considering that there are no other virtual machines running on the host. The hardware requirements for VMware ESXi server depends on the number of virtual machines running on it.

Integrating NetScaler MAS with VMware NSX

This section provides you with a list of tasks that you have to perform on both VMware NSX Manager and on NetScaler MAS.

Note: Make sure that VMware NSX for vSphere 6.2 and above is installed and configured, and the edge gateways, DLR, and virtual machines that have to be load balanced are already created. 

Configuring VMware NSX

  • Create a pool of NetScaler VPX instances of different capacities, which are added to the different service packages.

For example:

  • Create five NetScaler VPX instances of VPX1000 (1 Gbps). These instances are added to the Gold service package.
  • Create five NetScaler VPX instances of VPX10 (10 Mbps). These instances are added to the Bronze service package.

In vSphere client, navigate to Networking, and create a port group of type VLAN trunking with range, for example, 101-105 (you can even provide the full range, but create port group of type VLAN for only the required VLANs).

localized image

Create a new interface for each NetScaler VPX instance, and attach it to the VLAN range trunk port group that was created above.

localized image

In vSphere client, navigate to Networking, and create a port group of type VLAN. For example, If the initial trunked port group was created with range 101-105, create five VLAN port groups one per VLAN, that is a port group with VLAN 101, another with VLAN102, and so on, until VLAN 105.

 

localized image

Adding NetScaler VPX Instance in NetScaler MAS

Add NetScaler VPX instances in NetScaler MAS and specify the VLAN range of the trunked group for each device.

1.      In NetScaler MAS, navigate to Infrastructure > Instances > NetScaler VPX, and click Add.

2.      On the Add NetScaler VPX page, specify either the host names of the instances, the IP address of each instance, or a range of IP addresses, and then select an instance profile from the Profile Name list. You can also create a new instance profile by clicking the + icon.

3.      Click OK.

4.      Select the newly added NetScaler VPX instance from the list on the NetScaler VPX page, and click the down arrow button in Action field. Select Configure Interfaces for Orchestration.

localized image

5.     On the Interfaces page, select the management interface, and click Disable to disable VLAN from binding to the management interface.

localized image

6.      On the Interfaces page, select the required interface, and click Configure VLAN Range.

7.      Enter the VLAN range configured in NSX Manager, click OK, and then click Close.

localized image

Registering VMware NSX Manager with NetScaler MAS

Register VMware NSX manager with NetScaler MAS to create a communication channel between them.

1.      In NetScaler MAS, navigate to Orchestration > Cloud Orchestration > Cloud Platform, select NSX Manager from the drop-down list, and click Get Started.

 

localized image

2.      On Configure NSX Manager Settings page, set the following parameters:

a.      NSX Manager IP Address - IP address of NSX Manager.

b.      NSX Manager Username - Administrative user name of NSX Manager.

c.      Password - Password of the administrative user of NSX Manager.

3.      In NetScaler MAS account used by NSX Manager section, set the NetScaler Driver Username and Password for the NSX Manager. NetScaler MAS authenticates load balancer configuration requests from the NSX Manager by using these logon credentials.

4.      Click OK.

localized image

5.      Navigate to Orchestration > System > Deployment Settings. Provide the VLAN range which was configured in trunked port group.

localized image

6.      Log on to the NSX Manager on vSphere Web Client, and navigate to Service Definitions > Service Managers.

You can view Citrix NetScaler MAS as one of the service managers. This indicates that the registration is successful and a communication channel is established between the NSX manager and NetScaler MAS.

localized image

Creating a Service Package in NetScaler MAS

1.       From NetScaler MAS home page navigate to Orchestration > Cloud Orchestration > Service Packages, and click Add to add a new service package.

localized image

2.      On Service Package page, in Basic Settings section, set the following parameters:

a.      Name – type the name of a service package

b.      Isolation Policy – by default, the isolation policy is set to Dedicated

c.      Device Type – by default, the device type is set to NetScaler VPX

Note: These values are set by default in this version, and you cannot modify them.

d.      Click Continue

localized image

3.      In Assign Devices section, select the pre-provisioned VPX for this package, and click Continue.

localized image

4.      In Publish Service Package section, click Continue to publish the service package to VMware NSX, and then click Done.

localized image
localized image

This procedure configures a service package in the NSX Manager. A service can have multiple devices added to it and multiple edges can use the same service package to offload the NetScaler VPX instance to NetScaler MAS.

5.      Log on to the NSX Manager on vSphere Web Client, and navigate to Service Definitions > Services.

You can see that the NetScaler MAS service package is registered. 

localized image

Performing Load Balancer Service Insertion for Edge

Perform load balancer service insertion on the previously created NSX Edge gateway (offload the load balancing function from NSX LB to NetScaler).

1.      In NSX Manager, navigate to Home > NSX Edges, and select the edge gateway that you have configured.

localized image

2.      Click Manage, and on the Load Balancer tab, select Global Configuration, and click Edit.

localized image

3.      Select Enable Load Balancer, Logging, Enable Service Insertion to enable them.

a)        In Service Definition, select the service package that was created in NetScaler MAS and published to NSX Manager.

localized image

4.      Select the existing runtime NICs and click the Edit icon to edit runtime NICs that have to be connected when NetScaler VPX is allocated.

localized image

5.      Edit the name of the NIC, specify Connectivity Type as Data, and click Change.

localized image

6.      Select the appropriate web logical switch.

localized image

7.      In Primary IP Allocation Mode, select IP Pool from the drop-down list, and click the down-arrow button on IP Pool field.

localized image

8.      In the Select IP Pool window, select the appropriate IP pool, and click OK.

localized image

The IP address is acquired and is set as the source net IP address in the NetScaler VPX appliance. A L2 gateway is created in the NSX Manager to map the VXLAN to VLAN.

Note: All data interfaces are connected as run-time NICs, and they should be part of interfaces for DLR.

9.      Refresh the view to see the creation of the run time.

localized image
localized image

10.      After the VM has started, the value of Status changes to In Service and that of Install State changes to Enabled.

localized image

Note: In NetScaler MAS, navigate to Orchestration > Requests to see progress details of completion of LB service insertion.

Viewing L2 Gateway on NSX Manager

1.      Log on to the NSX Manager on vSphere Web Client, navigate to NSX Edges, and select the DLR created.

localized image

2.      In the DLR page, navigate to Manage > Bridging. You can see the L2 gateway displayed in the list.

localized image

Note: An L2 gateway gets created for each data interface.

Viewing Allotted NetScaler

1.      Log on to the NetScaler VPX instance using the IP address displayed in NetScaler MAS.  Then, navigate to Configuration > System > Networking. In the right pane, you can see that the two IP address are added. Click the IP address hyperlink to see the details.

localized image

The subnet IP address is same as the IP address of the web interface added in the NSX.

localized image

2.      Navigate to Configuration > System > Licenses to view the licenses that are applied to this instance.

Configuring NetScaler VPX Instance Using Stylebook

1.      In NetScaler MAS, navigate to Orchestration > Cloud Orchestration > Edge Gateways.

Make a note of the NetScaler instance IP that is allotted to the respective Edge Gateway on which Load Balancing configuration through Stylebooks has to be applied.

localized image

2.      Create a new Stylebook. Navigate to Applications > Configuration, import the stylebook, and select the stylebook from the list.

To create a new stylebook, see Create Your Own Stylebook.

localized image

3.      Specify values for all the required parameters.

localized image

4.      Specify the NetScaler VPX instance on which you want to run these configuration settings. 

localized image

5.      Select the IP instance noted earlier, and click Select.

localized image

6.      Click Create to apply the configuration on the selected device.

localized image

Viewing Load Balancer Configuration

1.      Log on to the NetScaler VPX instance, navigate to Configuration > Traffic Management > Load Balancing to view the load balancing virtual server that is created.

localized image

You can also view the service groups that are created.

localized image

2.      Select the service group, and click Manage Members. The Configure Service Group Member page displays the members associated with the service group.

localized image

Deleting Load Balancer Service

1.      In NetScaler MAS, navigate to Applications > Configuration, and click X icon to delete the application configuration.

localized image

2.      Log on to the NSX Manager on vSphere Web Client and navigate to the edge gateway to which the NetScaler VPX instance is connected.

3.      Navigate to the Manage > Load Balancer > Global Configuration, right-click on the runtime entry, and click Unprovision.

Note: Edge Gateways in NetScler MAS corresponds to runtime entries in NSX manager.

localized image

The NetScaler VPX instance is rendered out of service.

4.      Navigate to Orchestration > Cloud Orchestration > Edge Gateways. Verify that the respective mapping of Edge Gateway to the deleted instance is not present.