Configuring high availability for NetScaler CPX

A system with mission-critical and business-critical applications must be continuously available without having single-points-of failure. Systems with high availability ensure the continuous availability of applications without any disruption to services provided for the user. NetScaler CPX supports high availability deployment of two NetScaler instances which protects the services from unplanned downtime and ensures business continuity in the event of a failure. Once you configure high availability, you can also upgrade the NetScaler CPX software without causing any disruption of services to the users.

Note: If the internal user account is disabled, high availability for NetScaler CPX feature is not supported.

Topology 1: Deploy NetScaler CPX instances on a single Docker host with bridge networking mode

In this topology, two NetScaler CPX nodes are created on the same Docker host with bridge networking mode. Both nodes are on the same bridge network and nodes are directly reachable to each other.

The following diagram explains this topology.

Topology 1

In this example two NetScaler CPX instances, CPX-1 (NSIP: 172.17.0.3) and CPX-2 (NSIP: 172.17.0.4), are created on the same Docker host. For high availability support, you must configure high availability nodes on both NetScaler CPX instances using the NSIP of the other node.

Perform the following steps to configure high availability support on NetScaler CPX instances on a single docker host in bridge mode.

  1. Access the Docker host and log on to the SSH prompt of the NetScaler CPX instance. For more information, see Configuring a NetScaler CPX Instance by Using the Command Line Interface.

  2. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh ‘add ha node 1 172.17.0.4 [-inc enabled]’
    
  3. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add ha node 1 172.17.0.3 [-inc enabled]’
    

Note: When a NetScaler CPX node in bridge networking mode is restarted, the IP address assigned to a NetScaler CPX might change depending on the docker version on host. If the NSIP of either of the nodes change after restarting a NetScaler CPX, the existing high availability configuration will not work even though the configuration is saved. In that case, you must configure high availability on NetScaler CPX nodes again.

Topology 2: Deploy NetScaler CPXs on different Docker hosts with bridge networking mode

In this topology, two NetScaler CPX instances are deployed in bridge mode on two different docker hosts which are reachable from each other. In this deployment, NetScaler CPX must be aware of the IP address of the host. The HOST environment variable can be used at the time of provisioning the NetScaler CPX to make NetScaler CPX aware of the IP address of the host.

You must set port mapping for NetScaler CPX nodes. You can use the -p option of the docker run command while creating the NetScaler CPX node to enable port mapping for the required ports.

You must map the following ports:

  • UDP 3003
  • TCP 3008
  • TCP 8873

The following diagram explains the topology of deploying two NetScaler CPX instances in bridge mode on two different docker hosts.

Topology 2

In this diagram, straight blue line represents flow of CPX-HA traffic between two hosts.

Note: On a Docker host, only one NetScaler CPX can form a high availability pair. Any other NetScaler CPX on the same host cannot form a high availability pair with another NetScaler CPX on a different host.

Perform the following steps to deploy NetScaler instances in bridge mode on different docker hosts and configure high availability support using the sample topology.

In this example, host1 IP address is configured as 10.10.10.10/24 and host2 IP address is configured as 10.10.10.20/24.

  1. Deploy NetScaler CPX with the required port-mapping on host1 using the following command.

    Docker run -dt --privileged=true -e EULA=yes --ulimit core=-1 -p 8873:8873 -p 3003:3003/udp -p 3008:3008 -e Host=10.10.10.10 cpx:latest
    
  2. Deploy NetScaler CPX on host2 using the same command with IP address of host 2.

    docker run -dt --privileged=true -e EULA=yes --ulimit core=-1 -p 8873:8873 -p 3003:3003/udp -p 3008:3008 -e HOST=10.10.10.20 cpx:latest
    
  3. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh  ‘add ha node 1 10.10.10.20 -inc enabled’
    
  4. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add ha node 1 10.10.10.10 -inc enabled’
    

Note: In this deployment, you must use the host IP address of the high availability node instead of the NSIP address of the high availability node.

Topology 3: Deploy NetScaler CPXs on different Docker hosts in host networking mode without a dedicated Interface

In this topology, two NetScaler CPX instances are deployed on two different Docker hosts in host mode without a dedicated interface. The hosts must be reachable to each other. In this deployment, NetScaler CPX must be aware of the IP address of the host. You can use the HOST environment variable during the provisioning of NetScaler CPX to make it aware of the IP address of the host.

You must set port mapping for NetScaler CPX node. You can use the -p option of the docker run command while creating the NetScaler CPX node to enable port mapping for the required ports.

The following diagram explains the topology.

Topology 3

In this diagram, straight blue line represents flow of CPX-HA traffic between two hosts.

Note: On a Docker host, you can deploy only one host-mode NetScaler CPX.

Perform the following steps to deploy the NetScaler CPX instances and configure high availability support using the sample topology.

  1. Deploy NetScaler CPX with the required port-mapping and on host1 using the following command.

    docker run -dt --privileged=true -e EULA=yes --ulimit core=-1 --net=host -e NS_NETMODE=HOST -e HOST=10.10.10.10 cpx:latest
    
  2. Deploy NetScaler CPX on host2 with the IP address of host2 using the following command.

    docker run -dt --privileged=true -e EULA=yes --ulimit core=-1
    --net=host -e NS_NETMODE=HOST -e HOST=10.10.10.20 cpx:latest
    
  3. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh  ‘add ha node 1 10.10.10.20 -inc enabled
    
  4. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add ha node 1 10.10.10.10 -inc enabled’
    

Topology 4: Deploy CPXs on different Docker hosts with host networking mode and dedicated interfaces

In this topology, two NetScaler CPX instances are deployed on different Docker hosts in host networking mode. The hosts must have more than one interface. You can specify the dedicated interface for NetScaler CPX by using the CPX_NW_DEV environment variable.

For more information on assigning dedicated network interfaces for NetScaler CPX using the CPX_NW_DEV environment variable, see Deploying the NetScaler CPX Instance Using the docker run Command.

NetScaler CPXs deployed on different Docker hosts must be reachable to each other on this data network with the dedicated interface.

This configuration allows high availability nodes to exchange heartbeat messages and synchronize configuration files by directly communicating on ports 3003, 3008, and 8873. There is no need for NAT rules on host. The default NSIP of NetScaler CPX created in host mode is same on both nodes. So, you must also specify the NS_IP and NS_GATEWAY information.

In this example, two host-mode NetScaler CPXs are created on two different hosts. NetScaler CPX instances own the eth1 interfaces on both hosts and eth1 interfaces are connected to the same network.

The following diagram explains the topology. In this diagram, blue arrow represents the flow of CPX-HA traffic on the network connected to the eth1 interface.

Topology 4

Note: On a Docker host, you can only deploy one host-mode NetScaler CPX.

Perform the following steps to deploy the NetScaler CPX instances and configure high availability support using the sample topology.

  1. Deploy NetScaler CPX in host mode on host1 using the following command.

    docker run -dt --privileged=true --net=host -e NS_NETMODE="HOST" -e CPX_NW_DEV=eth1 -e NS_IP='12.12.12.2' -e NS_GATEWAY='12.12.12.9' -e EULA=yes --ulimit core=-1 cpx:latest
    
  2. Deploy NetScaler CPX in host mode on host2 using the following command.

    docker run -dt --privileged=true --net=host -e NS_NETMODE="HOST" -e CPX_NW_DEV=eth1 -e NS_IP='12.12.12.3' -e NS_GATEWAY='12.12.12.10' -e EULA=yes --ulimit core=-1 cpx:latest
    

    Note: You must configure static routes for both NetScaler CPX nodes to reach the other NetScaler CPX node for exchanging heartbeat messages and synchronizing configuration files.

  3. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh  ‘add ha node 1 12.12.12.3 [-inc enabled]’
    
  4. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add high availability node 1 12.12.12.2 [-inc enabled]’