ADC

Configure multiple IP addresses for a Citrix ADC VPX standalone instance by using PowerShell commands

In an Azure environment, a Citrix ADC VPX virtual appliance can be deployed with multiple NICs. Each NIC can have multiple IP addresses. This section describes how to deploy a Citrix ADC VPX instance with a single NIC and multiple IP addresses, by using PowerShell commands. You can use the same script for multi-NIC and multi-IP deployment.

Note

In this document, IP-Config refers to a pair of IP addresses, public IP, and private IP, that is associated with an individual NIC. For more information, see the Azure terminology section.

Use case

In this use case, a single NIC is connected to a virtual network (VNET). The NIC is associated with three IP configurations, as shown in the following table.

IP Config Associated with
IPConfig-1 Static public IP address; static private IP address
IPConfig-2 Static public IP address; static private address
IPConfig-3 Static private IP address

Note

IPConfig-3 is not associated with any public IP address.

Diagram: Topology

Here is the visual representation of the use case.

Configure single mode

Note

In a multi-NIC, multi-IP Azure Citrix ADC VPX deployment, the private IP address associated with the primary (first) IPConfig of the primary (first) NIC is automatically added as the management NSIP address of the appliance. The remaining private IP addresses associated with IPConfigs must be added in the VPX instance as VIPs or SNIPs by using the add ns ip command, as determined by your requirements.

Here is the summary of the steps required for configuring multiple IP addresses for a Citrix ADC VPX virtual appliance in standalone mode:

  1. Create Resource Group
  2. Create Storage Account
  3. Create Availability Set
  4. Create Network service group
  5. Create Virtual Network
  6. Create Public IP Address
  7. Assign IP Configuration
  8. Create NIC
  9. Create Citrix ADC VPX Instance
  10. Check NIC Configurations
  11. Check VPX-side Configurations

Script

Parameters

Following are sample parameters settings for the use case in this document. You can use different settings if you want.

$locName=”westcentralus”

$rgName=”Azure-MultiIP”

$nicName1=”VM1-NIC1”

$vNetName=”Azure-MultiIP-vnet”

$vNetAddressRange=”11.6.0.0/16”

$frontEndSubnetName=”frontEndSubnet”

$frontEndSubnetRange=”11.6.1.0/24”

$prmStorageAccountName=”multiipstorage”

$avSetName=”multiip-avSet”

$vmSize=”Standard_DS4_V2” (This parameter creates a VM with up to four NICs.)

Note: The minimum requirement for a VPX instance is 2 vCPUs and 2 GB RAM.

$publisher=”Citrix”

$offer=”netscalervpx110-6531” (You can use different offers.)

$sku=”netscalerbyol” (According to your offer, the SKU can be different.)

$version=”latest”

$pubIPName1=”PIP1”

$pubIPName2=”PIP2”

$domName1=”multiipvpx1”

$domName2=”multiipvpx2”

$vmNamePrefix=”VPXMultiIP”

$osDiskSuffix=”osmultiipalbdiskdb1”

Network Security Group (NSG)-related information:

$nsgName=”NSG-MultiIP”

$rule1Name=”Inbound-HTTP”

$rule2Name=”Inbound-HTTPS”

$rule3Name=”Inbound-SSH”

$IpConfigName1=”IPConfig1”

$IPConfigName2=”IPConfig-2”

$IPConfigName3=”IPConfig-3”

1. Create Resource Group

New-AzureRmResourceGroup -Name $rgName -Location $locName

2. Create Storage Account

$prmStorageAccount = New-AzureRMStorageAccount -Name $prmStorageAccountName -ResourceGroupName $rgName -Type Standard_LRS -Location $locName

3. Create Availability Set

$avSet = New-AzureRMAvailabilitySet -Name $avSetName -ResourceGroupName $rgName -Location $locName

4. Create Network Security Group

  1. Add rules. You must add a rule to the network security group for any port that serves traffic.

    $rule1=New-AzureRmNetworkSecurityRuleConfig -Name $rule1Name -Description "Allow HTTP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 $rule2=New-AzureRmNetworkSecurityRuleConfig -Name $rule2Name -Description "Allow HTTPS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 110 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443 $rule3=New-AzureRmNetworkSecurityRuleConfig -Name $rule3Name -Description "Allow SSH" -Access Allow -Protocol Tcp -Direction Inbound -Priority 120 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22

  2. Create network security group object.

    $nsg=New-AzureRmNetworkSecurityGroup -ResourceGroupName $rgName -Location $locName -Name $nsgName -SecurityRules $rule1,$rule2,$rule3

5. Create Virtual Network

  1. Add subnets.

    $frontendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $frontEndSubnetName -AddressPrefix $frontEndSubnetRange

  2. Add virtual network object.

    $vnet=New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $rgName -Location $locName -AddressPrefix $vNetAddressRange -Subnet $frontendSubnet

  3. Retrieve subnets.

    $subnetName="frontEndSubnet" $subnet1=$vnet.Subnets|?{$_.Name -eq $subnetName}

6. Create Public IP Address

$pip1=New-AzureRmPublicIpAddress -Name $pubIPName1 -ResourceGroupName $rgName -DomainNameLabel $domName1 -Location $locName -AllocationMethod Static $pip2=New-AzureRmPublicIpAddress -Name $pubIPName2 -ResourceGroupName $rgName -DomainNameLabel $domName2 -Location $locName -AllocationMethod Static

Note

Check availability of domain names before using.

Allocation method for IP addresses can be dynamic or static.

7. Assign IP Configuration

In this use case, consider the following points before assigning IP addresses:

  • IPConfig-1 belongs to subnet1 of VPX1.
  • IPConfig-2 belongs to subnet 1 of VPX1.
  • IPConfig-3 belongs to subnet 1 of VPX1.

Note

When you assign multiple IP configurations to a NIC, one configuration must be assigned as primary.

$IPAddress1="11.6.1.27"
$IPConfig1=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName1 -Subnet $subnet1 -PrivateIpAddress $IPAddress1 -PublicIpAddress $pip1 –Primary
$IPAddress2="11.6.1.28"
$IPConfig2=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName2 -Subnet $subnet1 -PrivateIpAddress $IPAddress2 -PublicIpAddress $pip2
$IPAddress3="11.6.1.29"
$IPConfig3=New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName3 -Subnet $subnet1 -PrivateIpAddress $IPAddress3 -Primary

Use a valid IP address that meets your subnet requirements and check its availability.

8. Create NIC

$nic1=New-AzureRmNetworkInterface -Name $nicName1 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig1,$IpConfig2,$IPConfig3 -NetworkSecurityGroupId $nsg.Id

9. Create Citrix ADC VPX Instance

  1. Initialize variables.

    $suffixNumber = 1 $vmName = $vmNamePrefix + $suffixNumber

  2. Create VM config object.

    $vmConfig=New-AzureRMVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avSet.Id

  3. Set credentials, OS, and image.

    $cred=Get-Credential -Message "Type the name and password for VPX login." $vmConfig=Set-AzureRMVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred $vmConfig=Set-AzureRMVMSourceImage -VM $vmConfig -PublisherName $publisher -Offer $offer -Skus $sku -Version $version

  4. Add NIC.

    $vmConfig=Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic1.Id -Primary

    Note

    In a multi-NIC VPX deployment, one NIC must be primary. So, “-Primary” must be appended while adding that NIC to the VPX instance.

  5. Specify OS disk and create VM.

    $osDiskName=$vmName + "-" + $osDiskSuffix1 $osVhdUri=$prmStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $osDiskName + ".vhd" $vmConfig=Set-AzureRMVMOSDisk -VM $vmConfig -Name $osDiskName -VhdUri $osVhdUri -CreateOption fromImage Set-AzureRmVMPlan -VM $vmConfig -Publisher $publisher -Product $offer -Name $sku New-AzureRMVM -VM $vmConfig -ResourceGroupName $rgName -Location $locName

10. Check NIC Configurations

After the VPX instance starts, you can check the IP addresses allocated to IPConfigs of the VPX NIC by using the following command.

$nic.IPConfig

11. Check VPX-side Configurations

When the Citrix ADC VPX instance starts, a private IP address associated with primary IPconfig of the primary NIC is added as the NSIP address. The remaining private IP addresses must be added as VIP or SNIP addresses, as determined by your requirements. Use the following command.

add nsip <Private IPAddress><netmask> -type VIP/SNIP

You’ve now configured multiple IP addresses for a Citrix ADC VPX instance in standalone mode.

Configure multiple IP addresses for a Citrix ADC VPX standalone instance by using PowerShell commands