Citrix ADC

Configure Azure route server with Citrix ADC VPX HA pair

You can configure Azure route server with Citrix ADC VPX instance to exchange the VIP routes configured with virtual network using the BGP protocol. The Citrix ADC can be deployed in standalone or in HA-INC mode, and then configured with BGP. This deployment doesn’t require an Azure load balancer (ALB) in front of the ADC HA pair.

The following diagram depicts how a VPX HA topology is integrated with the Azure route server. Each of the ADC instances has 3 interfaces: one for management, one for client traffic, and one for server traffic.

VPX HA topology with the Azure route server

The topology diagram uses the following IP addresses.

Sample IP configuration for primary ADC instance:

NSIP: 10.0.0.4/24
SNIP on 1/1: 10.0.1.4/24
SNIP on 1/2: 10.0.2.4/24
VIP: 172.168.1.1/32
<!--NeedCopy-->

Sample IP configuration for secondary ADC instance:

NSIP: 10.0.0.5/24
SNIP on 1/1: 10.0.1.5/24
SNIP on 1/2: 10.0.2.5/24
VIP: 172.168.1.1/32
<!--NeedCopy-->

Prerequisites

You must be familiar with the following information before deploying a Citrix ADC VPX instance on Azure.

How to configure an Azure route server with Citrix ADC VPX HA pair

  1. Create a route server in the Azure portal. For more information, see Create and configure a Route Server using the Azure portal.

    In the following example, subnet 10.0.3.0/24 is used for deploying Azure server. Once the route server is created, get the route server IP addresses, for example: 10.0.3.4, 10.0.3.5.

    Create route server

  2. Set up peering with network virtual appliance (NVA) in the Azure portal. Add your Citrix ADC VPX instance as the NVA. For more information, see Set up peering with NVA.

    In the following example, the ADC SNIP on 1/1 interfaces: 10.0.1.4 and 10.0.1.5, and the ASN: 400 and 500, are used while adding the peer.

    Set up peers

  3. Add two Citrix ADC VPX instances for the HA configuration.

    Complete the following steps:

    1. Deploy two VPX instances (primary and secondary instances) on Azure.
    2. Add client and server NIC on both the instances.
    3. Configure HA settings on both instances by using the Citrix ADC GUI.
  4. Configure dynamic routing in the primary ADC instance.

    Sample configuration:

    enable ns mode L3 MBF USNIP SRADV DRADV  PMTUD
    enable ns feature LB BGP
    add ns ip 10.0.1.4 255.255.255.0 -vServer DISABLED -dynamicRouting ENABLED
    VTYSH
    configure terminal
    router BGP 400
    timers bgp 1 3
    neighbor 10.0.3.4 remote-as 65515
    neighbor 10.0.3.4 advertisement-interval 3
    neighbor 10.0.3.4 fall-over  bfd
    neighbor 10.0.3.5 remote-as 65515
    neighbor 10.0.3.5 advertisement-interval 3
    neighbor 10.0.3.5 fall-over  bfd
    address-family ipv4
    redistribute kernel
    redistribute static
    <!--NeedCopy-->
    
  5. Configure dynamic routing in the secondary ADC instance.

    Sample configuration:

    enable ns mode L3 MBF USNIP SRADV DRADV  PMTUD
    enable ns feature LB BGP
    add ns ip 10.0.1.5 255.255.255.0 -vServer DISABLED -dynamicRouting ENABLED
    VTYSH
    configure terminal
    router BGP 500
    timers bgp 1 3
    neighbor 10.0.3.4 remote-as 65515
    neighbor 10.0.3.4 advertisement-interval 3
    neighbor 10.0.3.4 fall-over  bfd
    neighbor 10.0.3.5 remote-as 65515
    neighbor 10.0.3.5 advertisement-interval 3
    neighbor 10.0.3.5 fall-over  bfd
    address-family ipv4
    redistribute kernel
    redistribute static
    <!--NeedCopy-->
    
  6. Verify the BGP peers established using the BGP commands in the VTY shell interface. For more information, see Verifying the BGP Configuration.

    show ip bgp neighbors
    <!--NeedCopy-->
    
  7. Configure LB virtual server in the primary ADC instance.

    Sample configuration:

    add ns ip 172.16.1.1 255.255.255.255 -type VIP -hostRoute ENABLED
    add lbvserver v1 HTTP 172.16.1.1 80
    add service s1 10.0.2.6 HTTP 80
    bind lbvserver v1 s1
    enable ns feature lb
    <!--NeedCopy-->
    

    A client in the same virtual network as of the Citrix ADC VPX instance can now access the LB virtual server. In this case, the ADC VPX instance advertises the VIP route to the Azure route server.

Configure Azure route server with Citrix ADC VPX HA pair