Product documentation
Citrix ADC CPX
Current Release 13.0 12.1
View PDF

Configuring high availability for Citrix ADC CPX

September 16, 2020
Contributed by: 
C S

A system with mission-critical and business-critical applications must be continuously available without having single-points-of failure. Systems with high availability ensure the continuous availability of applications without any disruption to services provided for the user. Citrix ADC CPX supports high availability deployment of two Citrix ADC instances which protects the services from unplanned downtime and ensures business continuity in the event of a failure. Once you configure high availability, you can also upgrade the Citrix ADC CPX software without causing any disruption of services to the users.

Note: If the internal user account is disabled, high availability for Citrix ADC CPX feature is not supported.

Topology 1: Deploy Citrix ADC CPX instances on a single Docker host with bridge networking mode

In this topology, two Citrix ADC CPX nodes are created on the same Docker host with bridge networking mode. Both nodes are on the same bridge network and nodes are directly reachable to each other.

The following diagram explains this topology.

Topology 1

In this example two Citrix ADC CPX instances, CPX-1 (NSIP: 172.17.0.3) and CPX-2 (NSIP: 172.17.0.4), are created on the same Docker host. For high availability support, you must configure high availability nodes on both Citrix ADC CPX instances using the NSIP of the other node.

Perform the following steps to configure high availability support on Citrix ADC CPX instances on a single docker host in bridge mode.

  1. Access the Docker host and log on to the SSH prompt of the Citrix ADC CPX instance. For more information, see Configuring a Citrix ADC CPX Instance by Using the Command Line Interface.

  2. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh ‘add ha node 1 172.17.0.4 [-inc enabled]’

  3. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add ha node 1 172.17.0.3 [-inc enabled]’

Note: When a Citrix ADC CPX node in bridge networking mode is restarted, the IP address assigned to a Citrix ADC CPX might change depending on the docker version on host. If the NSIP of either of the nodes change after restarting a Citrix ADC CPX, the existing high availability configuration will not work even though the configuration is saved. In that case, you must configure high availability on Citrix ADC CPX nodes again.

Topology 2: Deploy Citrix ADC CPXs on different Docker hosts with bridge networking mode

In this topology, two Citrix ADC CPX instances are deployed in bridge mode on two different docker hosts which are reachable from each other. In this deployment, Citrix ADC CPX must be aware of the IP address of the host. The HOST environment variable can be used at the time of provisioning the Citrix ADC CPX to make Citrix ADC CPX aware of the IP address of the host.

You must set port mapping for Citrix ADC CPX nodes. You can use the -p option of the docker run command while creating the Citrix ADC CPX node to enable port mapping for the required ports.

You must map the following ports:

  • UDP 3003
  • TCP 3008
  • TCP 8873

The following diagram explains the topology of deploying two Citrix ADC CPX instances in bridge mode on two different docker hosts.

Topology 2

In this diagram, straight blue line represents flow of CPX-HA traffic between two hosts.

Note: On a Docker host, only one Citrix ADC CPX can form a high availability pair. Any other Citrix ADC CPX on the same host cannot form a high availability pair with another Citrix ADC CPX on a different host.

Perform the following steps to deploy Citrix ADC instances in bridge mode on different docker hosts and configure high availability support using the sample topology.

In this example, host1 IP address is configured as 10.10.10.10/24 and host2 IP address is configured as 10.10.10.20/24.

  1. Deploy Citrix ADC CPX with the required port-mapping on host1 using the following command.

    Docker run -dt --privileged=true -e EULA=yes --ulimit core=-1 -p 8873:8873 -p 3003:3003/udp -p 3008:3008 -e Host=10.10.10.10 cpx:latest

  2. Deploy Citrix ADC CPX on host2 using the same command with IP address of host 2.

    docker run -dt --privileged=true -e EULA=yes --ulimit core=-1 -p 8873:8873 -p 3003:3003/udp -p 3008:3008 -e HOST=10.10.10.20 cpx:latest

  3. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh  ‘add ha node 1 10.10.10.20 -inc enabled’

  4. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add ha node 1 10.10.10.10 -inc enabled’

Note: In this deployment, you must use the host IP address of the high availability node instead of the NSIP address of the high availability node.

Topology 3: Deploy Citrix ADC CPXs on different Docker hosts in host networking mode without a dedicated Interface

In this topology, two Citrix ADC CPX instances are deployed on two different Docker hosts in host mode without a dedicated interface. The hosts must be reachable to each other. In this deployment, Citrix ADC CPX must be aware of the IP address of the host. You can use the HOST environment variable during the provisioning of Citrix ADC CPX to make it aware of the IP address of the host.

You must set port mapping for Citrix ADC CPX node. You can use the -p option of the docker run command while creating the Citrix ADC CPX node to enable port mapping for the required ports.

The following diagram explains the topology.

Topology 3

In this diagram, straight blue line represents flow of CPX-HA traffic between two hosts.

Note: On a Docker host, you can deploy only one host-mode Citrix ADC CPX.

Perform the following steps to deploy the Citrix ADC CPX instances and configure high availability support using the sample topology.

  1. Deploy Citrix ADC CPX with the required port-mapping and on host1 using the following command.

    docker run -dt --privileged=true -e EULA=yes --ulimit core=-1 --net=host -e NS_NETMODE=HOST -e HOST=10.10.10.10 cpx:latest

  2. Deploy Citrix ADC CPX on host2 with the IP address of host2 using the following command.

    docker run -dt --privileged=true -e EULA=yes --ulimit core=-1
--net=host -e NS_NETMODE=HOST -e HOST=10.10.10.20 cpx:latest

  3. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh  ‘add ha node 1 10.10.10.20 -inc enabled

  4. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add ha node 1 10.10.10.10 -inc enabled’

Topology 4: Deploy CPXs on different Docker hosts with host networking mode and dedicated interfaces

In this topology, two Citrix ADC CPX instances are deployed on different Docker hosts in host networking mode. The hosts must have more than one interface. You can specify the dedicated interface for Citrix ADC CPX by using the CPX_NW_DEV environment variable.

For more information on assigning dedicated network interfaces for Citrix ADC CPX using the CPX_NW_DEV environment variable, see Deploying the Citrix ADC CPX Instance Using the docker run Command.

Citrix ADC CPXs deployed on different Docker hosts must be reachable to each other on this data network with the dedicated interface.

This configuration allows high availability nodes to exchange heartbeat messages and synchronize configuration files by directly communicating on ports 3003, 3008, and 8873. There is no need for NAT rules on host. The default NSIP of Citrix ADC CPX created in host mode is same on both nodes. So, you must also specify the NS_IP and NS_GATEWAY information.

In this example, two host-mode Citrix ADC CPXs are created on two different hosts. Citrix ADC CPX instances own the eth1 interfaces on both hosts and eth1 interfaces are connected to the same network.

The following diagram explains the topology. In this diagram, blue arrow represents the flow of CPX-HA traffic on the network connected to the eth1 interface.

Topology 4

Note: On a Docker host, you can only deploy one host-mode Citrix ADC CPX.

Perform the following steps to deploy the Citrix ADC CPX instances and configure high availability support using the sample topology.

  1. Deploy Citrix ADC CPX in host mode on host1 using the following command.

    docker run -dt --privileged=true --net=host -e NS_NETMODE="HOST" -e CPX_NW_DEV=eth1 -e NS_IP='12.12.12.2' -e NS_GATEWAY='12.12.12.9' -e EULA=yes --ulimit core=-1 cpx:latest

  2. Deploy Citrix ADC CPX in host mode on host2 using the following command.

    docker run -dt --privileged=true --net=host -e NS_NETMODE="HOST" -e CPX_NW_DEV=eth1 -e NS_IP='12.12.12.3' -e NS_GATEWAY='12.12.12.10' -e EULA=yes --ulimit core=-1 cpx:latest

    Note: You must configure static routes for both Citrix ADC CPX nodes to reach the other Citrix ADC CPX node for exchanging heartbeat messages and synchronizing configuration files.

  3. Configure a high availability node on CPX-1 instance by using the following command.

    cli_script.sh  ‘add ha node 1 12.12.12.3 [-inc enabled]’

  4. Configure a high availability node on CPX-2 instance by using the following command.

    cli_script.sh ‘add high availability node 1 12.12.12.2 [-inc enabled]’
Configuring high availability for Citrix ADC CPX
September 16, 2020
Contributed by: 
C S
September 16, 2020
Contributed by: 
C S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings
© 1999- Cloud Software Group, Inc. All rights reserved.