Application Delivery Management

Provision ADC VPX instances on SDX using ADM

You can provision one or more ADC VPX instances on the SDX appliance by using Citrix ADM. The number of instances that you can deploy depends on the license you have purchased. If the number of instances added is equal to the number specified in the license, the ADM restricts you from provisioning more Citrix ADC instances.

Before you begin, ensure to add an SDX instance in ADM where you want to provision VPX instances.

To provision a VPX instance, do the following:

  1. Navigate to Networks > Instances > Citrix ADC.

  2. In the SDX tab, select an SDX instance where you want to provision a VPX instance.

  3. In Select Action, select Provision VPX.

Step 1 - Add a VPX instance

The ADM uses the following information to configure VPX instances in an SDX appliance:

  • Name - Specify a name to an ADC instance.

  • Establish a communication network between SDX and VPX. To do so, select the required options from the list:

    • Manage through internal network - This option establishes an internal network for a communication between the ADM and a VPX instance.

    • IP address - You can select an IPv4 or IPv6 address or both to manage the Citrix VPX instance. A VPX instance can have only one management IP (also called Citrix ADC IP). You cannot remove the Citrix ADC IP address.

      For the selected option, assign a netmask, default gateway, and next hop to the ADM server for the IP address.

  • XVA File - Select the XVA file from which you want to provision a VPX instance. Use one of the following options to select the XVA file.

    • Local - Select the XVA file from your local machine.

    • Appliance - Select the XVA file from an ADM file browser.

  • Admin Profile - This profile provides access to provision VPX instances. With this profile, ADM retrieves the configuration data from an instance. If you have to add a profile, click Add.

  • Agent - Select the agent with which you want to associate the instances

  • Site - Select the site where you want the instance to be added.

Add a VPX instance

Step 2 - Allocate licenses

In the License Allocation section, specify the VPX license. You can use Standard, Advanced, and Premium licenses.

  • Allocation mode - You can choose Fixed or Burstable modes for the bandwidth pool.

    If you choose Burstable mode, you can use extra bandwidth when the fixed bandwidth is reached.

  • Throughput - Assign the total throughput (in Mbps) to an instance.

Note

Buy a separate license (SDX 2-Instance Add-On Pack for Secure Web Gateway) for Citrix Secure Web Gateway (SWG) instances on SDX appliances. This instance pack is different from the SDX platform license or SDX instance pack.

For more information, see Deploying a Citrix Secure Web Gateway Instance on an SDX Appliance.

Allocate licenses

From the SDX 12.0 57.19 version, the interface to manage crypto capacity has changed. For more information, see Manage crypto capacity.

Step 3 - Allocate resources

In the Resource Allocation section, allocate resources to a VPX instance to maintain traffic.

  • Total Memory (MB) - Assign total memory to an instance. The minimum value is 2048 MB.

  • Packets per second - Specify the number of packets to transmit per second.

  • CPU - Specify number of CPU cores to an instance. You can use shared or dedicated CPU cores.

    When you select a shared core to an instance, the other instances can use the shared core at the time of resource shortage.

    Restart instances on which CPU cores are reassigned to avoid any performance degradation.

    If you are using the SDX 25000xx platform, you can assign a maximum of 16 cores to an instance. Also, if you are using the SDX 2500xxx platform, you can assign a maximum of 11 cores to an instance.

    Note

    For an instance, the maximum throughput that you configure is 180 Gbps.

Allocate resources

The following table lists the supported VPX, Single bungle image version, and the number of cores you can assign to an instance:

Platform Name Total Cores Total Cores Available for VPX Provisioning Maximum Cores That Can Be Assigned to a Single Instance
SDX 8015, SDX 8400, and SDX 8600 4 3 3
SDX 8900 8 7 7
SDX 11500, SDX 13500, SDX 14500, SDX 16500, SDX 18500, and SDX 20500 12 10 5
SDX 11515, SDX 11520, SDX 11530, SDX 11540, and SDX 11542 12 10 5
SDX 17500, SDX 19500, and SDX 21500 12 10 5
SDX 17550, SDX 19550, SDX 20550, and SDX 21550 12 10 5
SDX 14020, SDX 14030, SDX 14040, SDX 14060, SDX 14080 and SDX 14100 12 10 5
SDX 22040, SDX 22060, SDX 22080, SDX 22100, and SDX 22120 16 14 7
SDX 24100 and SDX 24150 16 14 7
SDX 14020 40G, SDX 14030 40G, SDX 14040 40G, SDX 14060 40G, SDX 14080 40G and SDX 14100 40G 12 10 10
SDX 14020 FIPS, SDX 14030 FIPS, SDX 14040 FIPS, SDX 14060 FIPS, SDX 14080 FIPS and SDX 14100. FIPS 12 10 5
SDX 14040 40S, SDX 14060 40S, SDX 14080 40S, and SDX 14100 40S 12 10 5
SDX 25100A, 25160A, 25200A 20 18 9
SDX 25100-40G, 25160-40G, 25200-40G 20 18 16 (if version is 11.1-51.x or higher); 9 (if version is 11.1-50.x or lower; all versions of 11.0 and 10.5)
SDX 26100, 26160, 26200, 26250 28 26 13
15000-50G 16 14 7

Note

On the SDX 26xxx platform, a maximum of 26 CPU cores can be assigned to a VPX instance. If crypto units are assigned to the instance, the maximum number of cores depends on the number of crypto units and data interfaces.

For example, if you assign 24000 crypto units to an instance, you can assign 24 CPU cores and maximum two data interfaces to the instance. The SDX appliance considers data interfaces and crypto units as PCI devices. For 26000 crypto units, VPX instance provisioning fails because of no space to add data interfaces.

Step 4 - Add instance administration

You can create an admin user for the VPX instance. To do so, select Add Instance Administration in the Instance Administration section.

Specify the following details:

  • User name: The user name for the Citrix ADC instance administrator. This user has superuser access but does not have access to networking commands to configure VLANs and interfaces.

  • Password: Specify the password for the user name.

  • Shell/Sftp/Scp Access: The access allowed to the Citrix ADC instance administrator. This option is selected by default.

Add instance administration

Step 5 - Specify network settings

Select the required network settings to an instance:

  • Allow L2 Mode under network settings - You can allow L2 mode on the Citrix ADC instance. Select Allow L2 Mode under Networking Settings. Before you log on to the instance and enable L2 mode. For more information, see Allowing L2 Mode on a Citrix ADC instance.

    Note

    If you disable L2 mode for an instance, you must log on to the instance and disable L2 mode from that instance. Otherwise, it might cause all the other Citrix ADC modes to be disabled after you restart the instance.

  • 0/1 - In VLAN tag, specify a VLAN ID for the management interface.

  • 0/2 - In VLAN tag, specify a VLAN ID for the management interface.

By default interface 0/1 and 0/2 are selected.

Network settings

In Data Interfaces, click Add to add data interfaces and specify the following:

  • Interfaces - Select the interface from the list.

    Note

    The interface IDs of interfaces that you add to an instance do not necessarily correspond to the physical interface numbering on the SDX appliance.

    For example, the first interface that you associate with instance-1 is SDX interface 1/4, it appears as interface 1/1 when you view the interface settings in that instance. This interface indicates it is the first interface that you associated with instance-1.

  • Allowed VLANs - Specify a list of VLAN IDs that can be associated with a Citrix ADC instance.

  • MAC Address Mode - Assign a MAC address to an instance. Select from one of the following options:

    • Default - Citrix Workspace assigns a MAC address.

    • Custom - Choose this mode to specify a MAC address that overrides the generated MAC address.

    • Generated - Generate a MAC address by using the base MAC address set earlier. For information about setting a base MAC address, see Assigning a MAC Address to an Interface.

  • VMAC Settings (IPv4 and IPv6 VRIDs to configure Virtual MAC)

Add data interfaces

Click Add.

Step 6 - Specify Management VLAN settings

The Management Service and the management address (NSIP) of the VPX instance are in the same subnetwork, and communication is over a management interface.

If the Management Service and the instance are in different subnetworks, specify a VLAN ID while you provision a VPX instance. Therefore, the instance is reachable over the network when it active.

If your deployment requires the NSIP is accessible only through the selected interface while provisioning the VPX instance, select NSVLAN. And, the NSIP becomes inaccessible through other interfaces.

  • HA heartbeats are sent only on the interfaces that are part of the NSVLAN.

  • You can configure an NSVLAN only from the VPX XVA build 9.3-53.4 and later.

Important

  • You cannot change this setting after you provision the VPX instance.

  • The clear config full command on the VPX instance deletes the VLAN configuration if NSVLAN is not selected.

Manage VLANs

Click Done to provision a VPX instance.

View the provisioned VPX instance

To view the newly provisioned instance, do the following:

  1. Navigate to Networks > Instances > Citrix ADC.

  2. In the VPX tab, search an instance by the Host IP address property and specify SDX instance IP to it.

View provisioned VPX instance

Provision ADC VPX instances on SDX using ADM