How the Citrix ADC Proxies Connections

When a client initiates a connection, the Citrix ADC appliance terminates the client connection, initiates a connection to an appropriate server, and sends the packet to the server. The appliance does not perform this action for service type UDP or ANY.

For more information about service types, see Load Balancing.

You can configure the Citrix ADC to process the packet before initiating the connection with a server. The default behavior is to change the source and destination IP addresses of a packet before sending the packet to the server. You can configure the Citrix ADC to retain the source IP address of the packets by enabling Use Source IP mode.

How the Destination IP Address Is Selected

Traffic sent to the Citrix ADC appliance can be sent to a virtual server or to a service. The appliance handles traffic to virtual servers and services differently. The Citrix ADC terminates traffic received at a virtual server IP (VIP) address and changes the destination IP address to the IP address of the server before forwarding the traffic to the server, as shown in the following diagram.

Figure 1. Proxying Connections to VIPs

proxy connection vip

Packets destined for a service are sent directly to the appropriate server, and the Citrix ADC does not modify the destination IP addresses. In this case, the Citrix ADC functions as a proxy.

How the Source IP Address Is Selected

When the Citrix ADC appliance communicates with the physical servers or peer devices, by default, it does not use the IP address of the client. Citrix ADC maintains a pool of subnet IP addresses (SNIPs), and selects an IP address from this pool to use as the source IP address of a connection to the physical server. Depending on the subnet in which the physical server is placed, Citrix ADC selects a specific SNIP address.

Note: If the Use Source IP (USIP) option is enabled, appliance uses the IP address of the client.