Product Documentation

Configuring Multiple Azure NICs and IP Addresses for an HA Setup

Dec 11, 2017

In Azure Resource Manager (ARM), you can deploy a  NetScaler virtual appliance with multiple NICs. Each NIC can contain multiple IP addresses.

In an active-active high-availability (HA) setup, two NetScaler VPX instances are deployed independently, but each is ready to assume the other node's load in the event of a failure. In this type of deployment, you must configure the NICs identically on both instances.

This section covers how to assign multiple NICs and IPs to NetScaler virtual appliances by using Windows PowerShell and includes the following topics:

Note

In this document, IP-Config refers to a pair of IP addresses, public IP and private IP, that is associated with an individual NIC. For more information, see the Azure Resource Manager Terminology section.

Scenario: An Active-Active HA Setup

In this Active-Active HA mode scenario, two NetScaler virtual appliances are deployed independently, but as an HA pair. For this type of deployment, you have to create similar configurations on both appliances.

The following figure shows the deployment topology.

Figure 1. Deployment Topology

localized image

Each VPX instance contains two NICs, with each NIC are deployed in a different subnet. One NIC contains two IP-Configs, while other NIC contains one IP-Config. 

IPConfig-1, IPConfig-2, and IPConfig-5 are associated with VPX 1; IPConfig-3, IPConfig-4, and IPConfig-6 are associated with VPX 2. 

  • IPConfig-1 and IPConfig-3 are used for serving SSH traffic for VPX1 and VPX2 respectively.
  • IPConfig-2 and IPConfig-4 are used to serve Back-end Pool 1 (BEP-1).
  • IPConfig-5 and IPConfig-6 are used to serve Back-end Pool 2 (BEP-2).

In the figure PIP1:22 -> (VPX1):22  and PIP1:10022 -> (VPX2):22 refer to the remapping of the destination address in the header. For more information, see step 3 "Associate the ALB with two inbound NAT rules."

You can deploy the above topology in two steps:

1. Deploy an Azure Load Balancer (ALB).

2. Deploy two VPX instances independently as HA nodes.

Step 1: Deploy an ALB

Here is the summary of the substeps to deploy an ALB. For details, see Procedure to Configure Multiple Azure NICs and IP Addresses for NetScaler VPX Instances in HA Mode.

1. Deploy an ALB with two front-end pools and two back-end pools (BEPs). Associate the pools, as shown in the following table:

Associate With
Front-end Pool1  Back-end Pool 1
Front-end  Pool 2 Back-end Pool 2

2. Create public IPs (PIPs) and associate them with the pools, as shown in the following table:

Associate With
PIP1 Front-end Pool 1
PIP2 Front-end Pool 2

3. Associate the ALB with two inbound NAT rules:

  Map With
Rule# 1 PIP1 Port 22 (VPX1)
Rule# 2 PIP2 Port 10022 (VPX2)

4. Associate the ALB with two load-balancing rules:

  Map To With
Rule# 1 PIP1 BEP-1 Port 80
Rule# 2 PIP2 BEP-2 Port 443

Step 2: Deploy Two VPX Instances as HA Nodes

Here's the summary of the substeps required to configure the VPX instances as HA nodes. For details, see Procedure to Configure Multiple Azure NICs and IP Addresses for NetScaler VPX Instances in HA Mode.

1. Deploy two VPX instances, each instance having two NICs. Associate the NICs with the IP-Configs, as shown below:

  Associate With
VPX1 NIC1
  • IPConfig-1
  • IPConfig-2 
VPX1 NIC2
  • IPConfig-5 
VPX2 NIC3
  • IPConfig-3
  • IPConfig-4    
VPX2 NIC4
  • IPConfig-6 

2. Associate IP-Configs with BEPs, as shown in the table.

Associate With
IPConfig-2  BEP1:80 (red line)
IPConfig-4  BEP1:80 (red line)
IPConfig-5  BEP2:443 (blue line)
IPConfig-6  BEP2:443 (blue line)

Parameters Settings

Following are sample parameters settings for the  in this scenario. You can use different settings if you want.

$locName = "westcentralus"

$rgName = "Azure-MultiIP-ALB" 

$nicName1 = "VM1-NIC1"

$nicName2 = "VM1-NIC2"

$nicName3  = "VM2-NIC1"

$nicName4 = "VM2-NIC2"

$vNetName = "Azure-MultiIP-ALB-vnet"

$vNetAddressRange = "11.5.0.0/16"

$frontEndSubnetName = "frontEndSubnet"

$frontEndSubnetRange= "11.5.1.0/24"

$backEndSubnetName = "backEndSubnet"

$backEndSubnetRange = "11.5.2.0/24"

$prmStorageAccountName = "multiipalbstorage"

$avSetName = "multiple-avSet"

$vmSize = "Standard_DS4_V2" (This size creates a VM with maximum four NICs)

$publisher = "citrix"

$offer = " netscalervpx-120 " (You can use a different offer.)

$sku= "netscalerbyol" (According to the offer, the SKU can be different.)

$version = "latest"

$pubIPName1 = "fronendIPHTTP"

$pubIPName2 = "fronendIPSSL"

$domName1 = "multiipalbhttp"

$domName2 = "multiipalbssl"

$vmNamePrefix= "VPXMultiIPALB"

$osDiskSuffix1 = "osmultiipalbdiskdb1"

$osDiskSuffix2= "osmultiipalbdiskdb2"

$lbName = "MultiIPALB"

$frontEndConfigName1 = "FrontEndHttp"

$frontEndConfigName2 = "FrontEndSSL"

$frontEndConfigName3 = "FrontEndSSH"

$backendPoolName1 = "BackendPoolHttp"

$backendPoolName2      = "BackendPoolSSL"

$backndpoolName3 = "BackendPoolSSH"

$lbRuleName1 = "LBRuleHttp"

$lbRuleName2 = "LBRuleSSL"

$healthProbeName = "HealthProbe"

$inboundNATRuleName1 = "SSHVPX1"

$inboundNATRuleName2 = "SSHVPX2"

$nsgName="NSG-MultiIP-ALB"

$rule1Name="Inbound-HTTP"

$rule2Name="Inbound-HTTPS"

$rule3Name="Inbound-SSH"

$IpConfigName1 = "IPConfig1"

$IPConfigName2 = "IPConfig-2"

$IPConfigName3 = "IPConfig-3"

$IPConfigName4 = "IPConfig-4"

$IPConfigName5 = "IPConfig-5"

$IPConfigName6 = "IPConfig-6"

Procedure to ConfigureMultiple Azure NICs and IP Addresses for an HA Setup

Use the PowerShell commands given below to configure multiple Azure NICs and IP addresses for NetScaler VPX Instances in HA Mode. The configuration includes the following tasks:

  1. Create Resource Group
  2. Create Storage Account
  3. Create Availability Set
  4. Create Network Security Group
  5. Create Virtual Network
  6. Create Public IPs
  7. Assign IP Configuration
  8. Create NICs
  9. Create VPX1
  10. Create VPX 2
  11. Create Load Balancer
  12. Associate NIC IP-Configs with Azure LB Back-end Pool
  13. Associate NAT Rules of NICs' IP-Configwith Azure LB NAT Rules

Create Resource Group

command Copy

New-AzureRmResourceGroup -Name $rgName -Location $locName

Create Storage Account

command Copy

$prmStorageAccount = New-AzureRMStorageAccount -Name $prmStorageAccountName -ResourceGroupName $rgName -Type Standard_LRS -Location $locName

Create Availability Set

command Copy

$avSet = New-AzureRMAvailabilitySet -Name $avSetName -ResourceGroupName $rgName -Location $locName

Create Network Security Group

Complete steps 1 and 2 to configure the Network Security Group (NSG).

1. Add rules.

Command Copy

$rule1 = New-AzureRmNetworkSecurityRuleConfig -Name $rule1Name -Description "Allow HTTP" -Access Allow -Protocol Tcp -Direction Inbound -Priority 101  -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80
$rule2 = New-AzureRmNetworkSecurityRuleConfig -Name $rule2Name -Description "Allow HTTPS" -Access Allow -Protocol Tcp -Direction Inbound -Priority 110  -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443
$rule3 = New-AzureRmNetworkSecurityRuleConfig -Name $rule3Name -Description "Allow SSH" -Access Allow -Protocol Tcp -Direction Inbound -Priority 120 -SourceAddressPrefix Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22

2. Create an NSG object.

command Copy

$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $rgName -Location $locName -Name $nsgName -SecurityRules $rule1,$rule2,$rule3

Create Virtual Network

Complete steps 1-3 to configure a virtual network.

1. Add subnets.

command Copy

$frontendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $frontEndSubnetName -AddressPrefix $frontEndSubnetRange
$backendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name $backEndSubnetName -AddressPrefix $backEndSubnetRange

2.  Add Virtual Network Object.

command Copy

$vnet = New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $rgName -Location $locName -AddressPrefix $vNetAddressRange -Subnet $frontendSubnet,$backendSubnet

3. Retrieve subnets.

command Copy

$subnetName="frontEndSubnet"
$subnet1 = $vnet.Subnets|?{$_.Name -eq $subnetName}
$subnetName="backEndSubnet"
$subnet2=$vnet.Subnets|?{$_.Name -eq $subnetName}

Create Public IP Addresses

command Copy

$pip1 = New-AzureRmPublicIpAddress -Name $pubIPName1 -ResourceGroupName $rgName -DomainNameLabel $domName1 -Location $locName -AllocationMethod Dynamic
$pip2 = New-AzureRmPublicIpAddress -Name $pubIPName2 -ResourceGroupName $rgName -DomainNameLabel $domName2 -Location $locName -AllocationMethod Dynamic

Note

Check the availability of a domain name before using it.

The allocation method can be dynamic or static.  

 

Assign IP Configuration

For this scenario, consider the following points before assigning IP addresses:

  • IPConfig 1 belongs to subnet1 for VPX1.
  • IPConfig 2 belongs to subnet 1 for VPX1.
  • IPConfig 5 belongs to subnet 2 for VPX1.
  • IPConfig 3 belongs to subnet 1 of VPX2.
  • IPConfig 4 belongs to subnet 1 of VPX2.
  • IPConfig 6 belongs to subnet 2 of VPX2.

Do not associate public IP addresses with IP configurations of NICs, because ALBs have public IP addresses.

Note

This section mentions IP-Config commands with public IP associated with it, as an example. This deployment does not use IP-Config with whom public IP is associated.

1. IPConfig 1 belongs to subnet1 for VPX1.

command Copy

$IPConfig1 = New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName1 -Subnet $subnet1 -Primary

Important

Make a note of the -Primary switch. When you assign multiple IP configurations to a NIC, one configuration must be assigned as the primary.

2.  IPConfig 2 belongs to subnet 1 for VPX1. 

Use a valid and available IP address that meets the requirement of your subnet.

command Copy

$IPAddress = "11.5.1.27"
$IPConfig2 = New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName2 -Subnet $subnet1 -PrivateIpAddress $IPAddress

3. IPConfig 5 belongs to subnet 2 for VPX1.

command Copy

$IPAddress = "11.5.2.24" 
$IPConfig5 = New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName5 -Subnet $subnet2 -PrivateIpAddress $IPAddress -Primary

4. IPConfig 3 belongs to subnet 1 of VPX2.

command Copy

$IPConfig3= New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName3 -Subnet $subnet1 -Primary

5. IPConfig 4 belongs to subnet 1 of VPX2.

command Copy

$IPAddress = "11.5.1.25" 
$IPConfig4 = New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName4 -Subnet $subnet1 -PrivateIpAddress $IPAddress

6. IPConfig 6 belongs to subnet 2 of VPX2.

command Copy

$IPConfig6 = New-AzureRmNetworkInterfaceIpConfig -Name $IPConfigName6 -Subnet $subnet2 -Primary

Create NICs

Complete steps 1-2 to configure the NICs.

1. Create NICs for VPX1.

command Copy

$nic1 = New-AzureRmNetworkInterface -Name $nicName1 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig1,$IpConfig2 -NetworkSecurityGroupId $nsg.Id
$nic2 = New-AzureRmNetworkInterface -Name $nicName2 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig5 -NetworkSecurityGroupId $nsg.Id

2. Create NICs for VPX2.

command Copy

$nic3 = New-AzureRmNetworkInterface -Name $nicName3 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig3,$IpConfig4 -NetworkSecurityGroupId $nsg.Id
$nic4 = New-AzureRmNetworkInterface -Name $nicName4 -ResourceGroupName $rgName -Location $locName -IpConfiguration $IpConfig6 -NetworkSecurityGroupId $nsg.Id

Create VPX1

Complete steps 1-5 to configure VPX1.

1. Initialize variables. 

command Copy

$suffixNumber = 1
$vmName = $vmNamePrefix + $suffixNumber

2. Create VM config object.

command Copy

$vmConfig = New-AzureRMVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avSet.Id

3. Set credentials, OS, and image.

command Copy

$cred = Get-Credential -Message "Type the name and password for VPX login."
$vmConfig = Set-AzureRMVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred 
$vmConfig = Set-AzureRMVMSourceImage -VM $vmConfig -PublisherName $publisher -Offer $offer -Skus $sku -Version $version

4. Add NICs.

Configure one NIC as primary.

command Copy

$vmConfig = Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic1.Id -Primary
$vmConfig = Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic2.Id

5. Specify OS disk and create VM.

command Copy

$osDiskName = $vmName + "-" + $osDiskSuffix1
$osVhdUri = $prmStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $osDiskName + ".vhd"
$vmConfig = Set-AzureRMVMOSDisk -VM $vmConfig -Name $osDiskName -VhdUri $osVhdUri -CreateOption fromImage
Set-AzureRmVMPlan -VM $vmConfig -Publisher $publisher -Product $offer -Name $sku
New-AzureRMVM -VM $vmConfig -ResourceGroupName $rgName -Location $locName

Create VPX 2

Follow steps 1-5 to configure VPX2.

1. Initialize variables.

command Copy

$suffixNumber = 2 
$vmName = $vmNamePrefix + $suffixNumber

2. Create VM config object.

command Copy

$vmConfig = New-AzureRMVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avSet.Id

3. Set credentials, OS, and image.

command Copy

$cred = Get-Credential -Message "Type the name and password for VPX login."
$vmConfig = Set-AzureRMVMOperatingSystem -VM $vmConfig -Linux -ComputerName $vmName -Credential $cred  
$vmConfig = Set-AzureRMVMSourceImage -VM $vmConfig -PublisherName $publisher -Offer $offer -Skus $sku -Version $version

4. Add NICs, and configure one NIC as primary.

command Copy

$vmConfig = Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic3.Id –Primary
$vmConfig = Add-AzureRMVMNetworkInterface -VM $vmConfig -Id $nic4.Id

5. Specify OS disk and create VM.

command Copy

$osDiskName = $vmName + "-" + $osDiskSuffix2 
$osVhdUri = $prmStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/" + $osDiskName + ".vhd" 
$vmConfig = Set-AzureRMVMOSDisk -VM $vmConfig -Name $osDiskName -VhdUri $osVhdUri -CreateOption fromImage
Set-AzureRmVMPlan -VM $vmConfig -Publisher $publisher -Product $offer -Name $sku
New-AzureRMVM -VM $vmConfig -ResourceGroupName $rgName -Location $locName

Create the Load Balancer

Complete steps 1-7 to configure the load balancer.

1. Create front-end IP-Config.

command Copy

$frontEndIP1 = New-AzureRmLoadBalancerFrontendIpConfig -Name $frontEndConfigName1 -PublicIpAddress $pip1
$frontEndIP2 = New-AzureRmLoadBalancerFrontendIpConfig -Name $frontEndConfigName2 -PublicIpAddress $pip2

2. Create health probe.

command Copy

$healthProbe = New-AzureRmLoadBalancerProbeConfig -Name $healthProbeName -Protocol Tcp -Port 9000 –IntervalInSeconds 5 -ProbeCount 2

3. Create back-end address pool.

command Copy

$beAddressPool1 = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name $backendPoolName1
$beAddressPool2 = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name $backendPoolName2

4. Create load-balancing rule.

Create one load-balancing rule for HTTP traffic and other for HTTPS traffic.

command Copy

$lbRule1 = New-AzureRmLoadBalancerRuleConfig -Name $lbRuleName1 -FrontendIpConfiguration $frontEndIP1 -BackendAddressPool $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 80
$lbRule2 = New-AzureRmLoadBalancerRuleConfig -Name $lbRuleName2 -FrontendIpConfiguration $frontEndIP2 -BackendAddressPool $beAddressPool2 -Probe $healthProbe -Protocol Tcp -FrontendPort 443 -BackendPort 443

5. Create inbound NAT rules.

One inbound NAT rule is used to perform SSH on VPX1, and an other inbound NAT rule is used to perform SSH on VPX2.

command Copy

$inboundNATRule1= New-AzureRmLoadBalancerInboundNatRuleConfig -Name $inboundNATRuleName1 -FrontendIpConfiguration $frontEndIP1 -Protocol TCP -FrontendPort 22 -BackendPort 22
$inboundNATRule2= New-AzureRmLoadBalancerInboundNatRuleConfig -Name $inboundNATRuleName2 -FrontendIpConfiguration $frontEndIP1 -Protocol TCP -FrontendPort 10022 -BackendPort 22

6. Create load balancer object.

When creating a load balancer object, add load balancer rules, inbound NAT rules, and front-end IP belonging to one back-end pool at a time. 

command Copy

$lb= New-AzureRmLoadBalancer -ResourceGroupName $rgName -Name $lbName -Location $locName -FrontendIpConfiguration $frontEndIP1 -LoadBalancingRule $lbRule1 -BackendAddressPool $beAddressPool1 -InboundNatRule $inboundNATRule1 -Probe $healthProbe

7. Update load balancer object.

Update the load balancer object with a second back-end pool and front-end, load balancer, and NAT rule configurations.

command Copy

$lb = Get-AzureRmLoadBalancer -Name $lbName -ResourceGroupName $rgName | Add-AzureRmLoadBalancerBackendAddressPoolConfig -Name $backendPoolName2 | Set-AzureRmLoadBalancer
$lb = $lb | Add-AzureRmLoadBalancerFrontendIpConfig -Name $frontEndConfigName2 -PublicIpAddress $pip2| Set-AzureRmLoadBalancer 
$lb = $lb | Add-AzureRmLoadBalancerRuleConfig -Name $lbRuleName2 -FrontendIpConfiguration $frontEndIP2 -BackendAddressPool $beAddressPool2 -Probe $healthProbe -Protocol Tcp -FrontendPort 443 -BackendPort 443 | Set-AzureRmLoadBalancer 
$lb = $lb | Add-AzureRmLoadBalancerInboundNatRuleConfig -Name $inboundNATRuleName2 -FrontendIpConfiguration $frontEndIP1 -Protocol Tcp -FrontendPort 10022 -BackendPort 22 | Set-AzureRmLoadBalancer

Associate NIC IP-Configs with Azure LB Back-end Pool

As appropriate for your topology requirements, use the following commands to associate NIC's IP-Configs with the Azure LB back-end pool. 

command Copy

$nic1.IpConfigurations[1].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[0])
$nic2.IpConfigurations[0].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[1])
$nic3.IpConfigurations[1].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[0])
$nic4.IpConfigurations[0].LoadBalancerBackendAddressPools.Add($lb.BackendAddressPools[1])
$lb = $lb |Set-AzureRmLoadBalancer
$nic1 = $nic1 | Set-AzureRmNetworkInterface
$nic2 = $nic2 | Set-AzureRmNetworkInterface
$nic3 = $nic3 | Set-AzureRmNetworkInterface
$nic4 = $nic4 | Set-AzureRmNetworkInterface

Associate NAT Rules of Each NIC's IP-Config with Azure LB NAT Rules

Associate each NIC's IP-Config NAT rules with the load balancer's NAT rules.

command Copy

$nic1.IpConfigurations[0].LoadBalancerInboundNatRules.Add($lb.InboundNatRules[0]) <--SSH 22-22
$nic3.IpConfigurations[0].LoadBalancerInboundNatRules.Add($lb.InboundNatRules[1])<--SSH 10022-22
$lb = $lb |Set-AzureRmLoadBalancer
$nic1 = $nic1 | Set-AzureRmNetworkInterface
$nic3 = $nic3 | Set-AzureRmNetworkInterface

You've now deployed a NetScaler virtual appliance with multiple Azure NICs and IP addresses in an active-active HA setup.