Configure the source port for server-side connections

When the NetScaler appliance connects to a physical server, it can use the source port from client’s request, or it can use a proxy port as the source port for the connection. You can set the Use Proxy Port parameter to YES to handle situations such as the following scenario:

  • The NetScaler appliance is configured with two load balancing virtual servers, LBVS1 and LBVS2.
  • Both the virtual servers are bound to the same service, S-ANY.
  • Use (the client’s) source IP address (USIP) is enabled on the service.
  • Client C1 sends two requests, Req1 and Req2, for the same service.
  • Req1 is received by LBVS1 and Req2 is received by LBVS2.
  • LBVS1 and LBVS2 forward the request to S-ANY, and when S-ANY sends the response, they forward the response to the client.
  • Consider two cases:
    • Use the client port. When the appliance uses the client port, both the virtual servers use the client’s IP address (because USIP is ON) and the client’s port when connecting to the server. Therefore, when the service sends the response, the appliance cannot determine which virtual server should receive the response.
    • Use proxy port. When the appliance uses a proxy port, the virtual servers use the client’s IP address (because USIP is ON), but different ports when connecting to the server. Therefore, when the service sends the response, the port number identifies the virtual server that should receive the response.

However, if you require a fully transparent configuration, such as a fully transparent cache redirection configuration, you must disable the Use Proxy port Setting so that the NetScaler appliance can use the source port from the client’s request.

The Use Proxy Port option becomes relevant if the use source IP (USIP) option is enabled. For TCP-based service types, such as TCP, HTTP, and SSL, the option is enabled by default. For UDP-based service types, such as UDP and DNS, including ANY, the option is disabled by default. For more information about the USIP option, see “Enabling Use Source IP Mode.”

You can configure the Use Proxy Port setting either globally or on a given service.

Configure the use proxy port setting on a service

You configure the Use ProxyPort settingon the service if you want to override the global setting.

To configure the Use Proxy Port setting on a service by using the CLI

At the command prompt, type:

set service <name> -useProxyPort (YES | NO)

Example:

set service svc1 -useproxyport YES
Done

show service svc1
svc1 (10.102.29.30:80) - HTTP
State: UP
. . .
Use Source IP: YES Use Proxy Port: YES
. . .
Done

To configure the Use Proxy Port setting on a service by using the GUI

  1. Navigate to Traffic Management > Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and select Use Proxy Port.

Configure the use proxy port setting globally

You configure the Use Proxy Port setting globally if you want to apply the setting to all the services on the NetScaler appliance. The global setting is overridden by service-specific Use Proxy Port settings.

To configure the Use Proxy Port setting globally by using the CLI

At the command prompt, type the following commands to configure the Use Proxy Port setting globally and verify the configuration:

  • set ns param -useproxyport ( ENABLED DISABLED )
  • show ns param

Example:

set ns param -useproxyport ENABLED

Done

show ns param
Global configuration settings:
. . .
Use Proxy Port: ENABLED
Done

To configure the Use Proxy Port setting globally by using the GUI

Navigate to System > Settings > Change global system settings, and select or clear Use Proxy Port.

Configure the source port for server-side connections