ADC

Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands

You can deploy a pair of Citrix ADC VPX instances with multiple NICs in an active-passive high availability (HA) setup on Azure. Each NIC can contain multiple IP addresses.

An active-passive deployment requires:

  • An HA Independent Network Configuration (INC) configuration
  • The Azure Load Balancer (ALB) in Direct Server Return (DSR) mode

All traffic goes through the primary node. The secondary node remains in standby mode until the primary node fails.

Note

For a Citrix ADC VPX high availability deployment on an Azure cloud to work, you need a floating public IP (PIP) that can be moved between the two high-availability nodes. The Azure Load Balancer (ALB) provides that floating PIP, which is moved to the second node automatically in the event of a failover.

Diagram: Example of an active-passive deployment architecture

Azure high availability

In an active-passive deployment, the ALB floating public IP (PIP) addresses are added as the VIP addresses in each VPX node. In HA-INC configuration, the VIP addresses are floating and SNIP addresses are instance specific.

ALB monitors each VPX instance by sending health probe at every 5 seconds and redirects traffic to that instance only that sends health probes response on regular interval. So in an HA setup, the primary node responds to health probes and secondary does not. If the primary instances miss two consecutive health probes, ALB does not redirect traffic to that instance. On failover, the new primary starts responding to health probes and the ALB redirects traffic to it. The standard VPX high availability failover time is three seconds. The total failover time that might take for traffic switching can be maximum of 13 seconds.

You can deploy a VPX pair in active-passive HA setup in two ways by using:

  • Citrix ADC VPX Standard high availability template: use this option to configure an HA pair with the default option of three subnets and six NICs.
  • Windows PowerShell commands: use this option to configure an HA pair according to your subnet and NIC requirements.

This topic describes how to deploy a VPX pair in active-passive HA setup by using PowerShell commands. If you want to use the Citrix ADC VPX Standard HA template, see Configuring an HA Setup with Multiple IP Addresses and NICs.

Configure HA-INC nodes by using PowerShell Commands

Scenario: HA-INC PowerShell deployment

In this scenario, you deploy a Citrix ADC VPX pair by using the topology given in the table. Each VPX instance contains three NICs, with each NIC is deployed in a different subnet. Each NIC is assigned an IP configuration.

ALB VPX1 VPX2
ALB is associated with public IP 3 (pip3) Management IP is configured with IPConfig1, which includes one public IP (pip1) and one private IP (12.5.2.24); nic1; Mgmtsubnet=12.5.2.0/24 Management IP is configured with IPConfig5, which includes one public IP (pip3) and one private IP (12.5.2.26);nic4;Mgmtsubnet=12.5.2.0/24
LB rules and port configured are HTTP (80),SSL (443), health probe (9000) Client-side IP is configured with IPConfig3, which includes one private IP(12.5.1.27);nic2; FrontEndsubet=12.5.1.0/24 Client-side IP is configured with IPConfig7, which includes one private IP (12.5.1.28);nic5;FrontEndsubet=12.5.1.0/24
- Server-side IP is configured with IPConfig4, which includes one private IP(12.5.3.24); nic3;BackendSubnet=12.5.3.0/24 Server-side IP is configured with IPConfig8, which includes one private IP(12.5.3.28);nic6;BackendSubnet=12.5.3.0/24
- Rules and ports for NSG are SSH (22),HTTP (80),HTTPS (443) -

Parameter settings

The following parameter settings are used in this scenario.

$locName= “South east Asia”

$rgName = “MulitIP-MultiNIC-RG”

$nicName1= “VM1-NIC1”

$nicName2 = “VM1-NIC2”

$nicName3= “VM1-NIC3”

$nicName4 = “VM2-NIC1”

$nicName5= “VM2-NIC2”

$nicName6 = “VM2-NIC3”

$vNetName = “Azure-MultiIP-ALB-vnet”

$vNetAddressRange= “12.5.0.0/16”

$frontEndSubnetName= “frontEndSubnet”

$frontEndSubnetRange= “12.5.1.0/24”

$mgmtSubnetName= “mgmtSubnet”

$mgmtSubnetRange= “12.5.2.0/24”

$backEndSubnetName = “backEndSubnet”

$backEndSubnetRange = “12.5.3.0/24”

$prmStorageAccountName = “multiipmultinicbstorage”

$avSetName = “multiple-avSet”

$vmSize= “Standard_DS4_V2”

$publisher = “Citrix”

$offer = “netscalervpx-120”

$sku = “netscalerbyol”

$version=”latest”

$pubIPName1=”VPX1MGMT”

$pubIPName2=”VPX2MGMT”

$pubIPName3=”ALBPIP”

$domName1=”vpx1dns”

$domName2=”vpx2dns”

$domName3=”vpxalbdns”

$vmNamePrefix=”VPXMultiIPALB”

$osDiskSuffix1=”osmultiipalbdiskdb1”

$osDiskSuffix2=”osmultiipalbdiskdb2”

$lbName= “MultiIPALB”

$frontEndConfigName1= “FrontEndIP”

$backendPoolName1= “BackendPoolHttp”

$lbRuleName1= “LBRuleHttp”

$healthProbeName= “HealthProbe”

$nsgName=”NSG-MultiIP-ALB”

$rule1Name=”Inbound-HTTP”

$rule2Name=”Inbound-HTTPS”

$rule3Name=”Inbound-SSH”

To complete the deployment, complete the following steps by using PowerShell commands:

  1. Create a resource group, storage account, and availability set
  2. Create a network security group and add rules
  3. Create a virtual network and three subnets
  4. Create public IP addresses
  5. Create IP configurations for VPX1
  6. Create IP configurations for VPX2
  7. Create NICs for VPX1
  8. Create NICs for VPX2
  9. Create VPX1
  10. Create VPX2
  11. Create ALB

Create a resource group, storage account, and availability set.

New-AzureRmResourceGroup -Name $rgName -Location $locName


$prmStorageAccount=New-AzureRMStorageAccount -Name $prmStorageAccountName -ResourceGroupName $rgName -Type Standard_LRS -Location $locName


$avSet=New-AzureRMAvailabilitySet -Name $avSetName -ResourceGroupName $rgName -Location $locName

Create a network security group and add rules.

$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name $rule1Name -Description "Allow HTTP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 101


-SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80


$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name $rule2Name -Description "Allow HTTPS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 110


-SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443


$rule3 = New-AzureRmNetworkSecurityRuleConfig -Name $rule3Name -Description "Allow SSH" -Access Allow -Protocol Tcp -Direction Inbound -Priority 120


-SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22


$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $rgName -Location $locName -Name $nsgName -SecurityRules $rule1,$rule2,$rule3

Create a virtual network and three subnets.

$frontendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $frontEndSubnetName -AddressPrefix $frontEndSubnetRange (this parameter value should be as per your requirement)


$mgmtSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $mgmtSubnetName -AddressPrefix $mgmtSubnetRange


$backendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $backEndSubnetName -AddressPrefix $backEndSubnetRange


$vnet =New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $rgName -Location $locName -AddressPrefix $vNetAddressRange -Subnet $frontendSubnet,$backendSubnet, $mgmtSubnet


$subnetName ="frontEndSubnet"


\$subnet1=\$vnet.Subnets|?{\$\_.Name -eq \$subnetName}


$subnetName="backEndSubnet"


\$subnet2=\$vnet.Subnets|?{\$\_.Name -eq \$subnetName}


$subnetName="mgmtSubnet"


\$subnet3=\$vnet.Subnets|?{\$\_.Name -eq \$subnetName}

Create public IP addresses.

$pip1=New-AzureRmPublicIpAddress -Name $pubIPName1 -ResourceGroupName $rgName -DomainNameLabel $domName1 -Location $locName -AllocationMethod Dynamic

$pip2=New-AzureRmPublicIpAddress -Name $pubIPName2 -ResourceGroupName $rgName -DomainNameLabel $domName2 -Location $locName -AllocationMethod Dynamic

$pip3=New-AzureRmPublicIpAddress -Name $pubIPName3 -ResourceGroupName $rgName -DomainNameLabel $domName3 -Location $locName -AllocationMethod Dynamic

Create IP configurations for VPX1.

$IpConfigName1 = "IPConfig1"


$IPAddress = "12.5.2.24"


$IPConfig1=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName1 -Subnet $subnet3 -PrivateIpAddress $IPAddress -PublicIpAddress $pip1 -Primary


$IPConfigName3="IPConfig-3"


$IPAddress="12.5.1.27"


$IPConfig3=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName3 -Subnet $subnet1 -PrivateIpAddress $IPAddress -Primary


$IPConfigName4 = "IPConfig-4"


$IPAddress = "12.5.3.24"


$IPConfig4 = New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName4 -Subnet $subnet2 -PrivateIpAddress $IPAddress -Primary

Create IP configurations for VPX2.

$IpConfigName5 = "IPConfig5"


$IPAddress="12.5.2.26"


$IPConfig5=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName5 -Subnet $subnet3 -PrivateIpAddress $IPAddress -PublicIpAddress $pip2 -Primary


$IPConfigName7="IPConfig-7"


$IPAddress="12.5.1.28"


$IPConfig7=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName7 -Subnet $subnet1 -PrivateIpAddress $IPAddress -Primary


$IPConfigName8="IPConfig-8"


$IPAddress="12.5.3.28"


$IPConfig8=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName8 -Subnet $subnet2 -PrivateIpAddress $IPAddress -Primary

Create NICs for VPX1.

$nic1=New-AzureRmNetworkInterface -Name $nicName1 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig1 -NetworkSecurityGroupId $nsg.Id


$nic2=New-AzureRmNetworkInterface -Name $nicName2 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig3 -NetworkSecurityGroupId $nsg.Id


$nic3=New-AzureRmNetworkInterface -Name $nicName3 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig4 -NetworkSecurityGroupId $nsg.Id

Create NICs for VPX2.

$nic4=New-AzureRmNetworkInterface -Name $nicName4 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig5 -NetworkSecurityGroupId $nsg.Id


$nic5=New-AzureRmNetworkInterface -Name $nicName5 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig7 -NetworkSecurityGroupId $nsg.Id


$nic6=New-AzureRmNetworkInterface -Name $nicName6 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig8 -NetworkSecurityGroupId $nsg.Id

Create VPX1.

This step includes the following substeps:

  • Create VM config object
  • Set credentials, OS, and image
  • Add NICs
  • Specify OS disk and create VM

     $suffixNumber = 1
    
     $vmName=$vmNamePrefix + $suffixNumber
    
     $vmConfig=New-AzureRMVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avSet.Id
    
     $cred=Get-Credential -Message "Type the name and password for VPX login."
    
     $vmConfig=Set-AzureRMVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred
    
     $vmConfig=Set-AzureRMVMSourceImage -VM $vmConfig -PublisherName $publisher -Offer $offer -Skus $sku -Version $version
    
     $vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic1.Id -Primary
    
     $vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic2.Id
    
     $vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic3.Id
    
     $osDiskName=$vmName + "-" + $osDiskSuffix1
    
     $osVhdUri=$prmStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $osDiskName + ".vhd"
    
     $vmConfig=Set-AzureRMVMOSDisk -VM $vmConfig -Name $osDiskName -VhdUri $osVhdUri -CreateOption fromImage
    
     Set-AzureRmVMPlan -VM $vmConfig -Publisher $publisher -Product $offer -Name $sku
    
     New-AzureRMVM -VM $vmConfig -ResourceGroupName $rgName -Location $locName
    

Create VPX2.

```
$suffixNumber=2


$vmName=$vmNamePrefix + $suffixNumber


$vmConfig=New-AzureRMVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avSet.Id


$cred=Get-Credential -Message "Type the name and password for VPX login."


$vmConfig=Set-AzureRMVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred


$vmConfig=Set-AzureRMVMSourceImage -VM $vmConfig -PublisherName $publisher -Offer $offer -Skus $sku -Version $version


$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic4.Id -Primary


$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic5.Id


$vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic6.Id


$osDiskName=$vmName + "-" + $osDiskSuffix2


$osVhdUri=$prmStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $osDiskName + ".vhd"


$vmConfig=Set-AzureRMVMOSDisk -VM $vmConfig -Name $osDiskName -VhdUri $osVhdUri -CreateOption fromImage


Set-AzureRmVMPlan -VM $vmConfig -Publisher $publisher -Product $offer -Name $sku


New-AzureRMVM -VM $vmConfig -ResourceGroupName $rgName -Location $locName
<!--NeedCopy--> ```

To view private and public IP addresses assigned to the NICs, type the following commands:

```
$nic1.IPConfig


$nic2.IPConfig


$nic3.IPConfig


$nic4.IPConfig


$nic5.IPConfig


$nic6.IPConfig
<!--NeedCopy--> ```

Create Azure load balance (ALB).

This step includes the following substeps:

  • Create front end IP config
  • Create health probe
  • Create back end address pool
  • Create load-balancing rules (HTTP and SSL)
  • Create ALB with front end IP config, back end address pool, and LB rule
  • Associate IP config with back end pools

    $frontEndIP1=New-AzureRmLoadBalancerFrontendIpConfig -Name $frontEndConfigName1 -PublicIpAddress $pip3

    $healthProbe=New-AzureRmLoadBalancerProbeConfig -Name $healthProbeName -Protocol Tcp -Port 9000 –IntervalInSeconds 5 -ProbeCount 2

    $beAddressPool1=New-AzureRmLoadBalancerBackendAddressPoolConfig -Name $backendPoolName1

    $lbRule1=New-AzureRmLoadBalancerRuleConfig -Name $lbRuleName1 -FrontendIpConfiguration $frontEndIP1 -BackendAddressPool $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 80 -EnableFloatingIP

    $lb=New-AzureRmLoadBalancer -ResourceGroupName $rgName -Name $lbName -Location $locName -FrontendIpConfiguration $frontEndIP1 -LoadBalancingRule $lbRule1 -BackendAddressPool $beAddressPool1 -Probe $healthProbe

    $nic2.IpConfigurations[0].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[0])

    $nic5.IpConfigurations[0].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[0])

    $lb=$lb |Set-AzureRmLoadBalancer

    $nic2=$nic2 | Set-AzureRmNetworkInterface

    $nic5=$nic5 | Set-AzureRmNetworkInterface

After you’ve successfully deployed the Citrix ADC VPX pair, log on to each VPX instance to configure HA-INC, and SNIP and VIP addresses.

  1. Type the following command to add HA nodes.

    add ha node 1 PeerNodeNSIP -inc Enabled

  2. Add private IP addresses of client-side NICs as SNIPs for VPX1 (NIC2) and VPX2 (NIC5)

    add nsip privateIPofNIC2 255.255.255.0 -type SNIP add nsip privateIPofNIC5 255.255.255.0 -type SNIP

  3. Add load-balancing virtual server on the primary node with front-end IP address (public IP) of ALB.

    add lb virtual server v1 HTTP FrontEndIPofALB 80

Related resources:

Configuring GSLB on Active-Standby HA Deployment on Azure

Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands