Jump to content
Welcome to our new Citrix community!
  • NetScaler ADC and Amazon Web Services Validated Reference Design Part 1


    Richard Faulkner
    • Validation Status: Validated
      Summary: NetScaler ADC and Amazon Web Services Validated Reference Design Part 1
      Has Video?: No

     

    NetScaler ADC and Amazon Web Services Validated Reference Design Part 1

    September 21, 2022

    Author:  Luis Ugarte, Beth Pollack, Dave Potter

    Continued on Part 2

    Overview NetScaler Networking VPX

    NetScaler ADC is an all-in-one application delivery controller that makes applications run up to five times better, reduces application ownership costs, optimizes the user experience, and ensures that applications are always available by using:

    • Advanced Layer 4-7 services load balancing and traffic management
    • Proven application acceleration such as HTTP compression and caching
    • An integrated application firewall for application security
    • Server offloading to significantly reduce costs and consolidate servers

    As an undisputed leader of service and application delivery, NetScaler ADC is deployed in thousands of networks around the world to optimize, secure, and control the delivery of all enterprise and cloud services. Deployed directly in front of web and database servers, NetScaler ADC combines high-speed load balancing and content switching, HTTP compression, content caching, SSL acceleration, application flow visibility, and a powerful application firewall into an integrated, easy-to-use platform. Meeting SLAs is greatly simplified with end-to-end monitoring that transforms network data into actionable business intelligence. NetScaler ADC allows policies to be defined and managed using a simple declarative policy engine with no programming expertise required.

    Overview NetScaler ADC in Amazon Web Services

    Support for the NetScaler Networking VPX within Amazon Web Services (AWS) is available beginning with version 10.5–61.11. NetScaler Networking VPX is available as an Amazon Machine Image (AMI) in AWS marketplace. NetScaler Networking VPX on AWS enables customers to leverage AWS Cloud computing capabilities and use NetScaler ADC load balancing and traffic management features for their business needs. NetScaler ADC on AWS supports all the traffic management features of a physical NetScaler ADC appliance. NetScaler ADC instances running in AWS can be deployed as standalone instances or in HA pairs.

    The NetScaler Networking VPX AMI is packaged as an EC2 instance that is launched within an AWS VPC. The VPX AMI instance requires a minimum of 2 virtual CPUs and 2 GB of memory. An EC2 instance launched within an AWS VPC can also provide the multiple interfaces, multiple IP addresses per interface, and public and private IP addresses needed for VPX configuration. Currently, on AWS, VPX can be launched only within a VPC, because each VPX instance requires at least three IP addresses. (Although VPX on AWS can be implemented with one or two elastic network interfaces, NetScaler recommends three network interfaces for a standard VPX on AWS installation.) AWS currently makes multi-IP functionality available only to instances running within an AWS VPC. A VPX instance in a VPC can be used to load balance servers running in EC2 instances.

    An Amazon VPC allows you to create and control a virtual networking environment, including your own IP address range, subnets, route tables, and network gateways.

    Note:

    By default, you can create up to 5 VPC instances per AWS region for each AWS account. You can request higher VPC limits by submitting Amazon’s Request Form.

    An EC2 instance of NetScaler Networking VPX (AMI image) is launched within the AWS VPC.

    The following figure shows a typical VPX on AWS deployment.

    netscaler-and-amazon-aws-01

    The figure shows a simple topology of an AWS VPC with a NetScaler Networking VPX deployment. The AWS VPC has:

    1. A single Internet gateway to route traffic in and out of the VPC.
    2. Network connectivity between the Internet gateway and the Internet.
    3. Three subnets, one each for management, client, and server.
    4. Network connectivity between the Internet gateway and the two subnets (management and client).
    5. A single NetScaler Networking VPX deployed within the VPC. The VPX instance has three Elastic Network Interfaces (ENIs), one attached to each subnet.

    Limitations and usage guidelines

    • The clustering feature is not supported for VPX.
    • For HA to work as expected, associate a dedicated NATing device to management Interface or associate EIP to NSIP. For more information on NAT, see NAT Instances the AWS documentation.
    • Data traffic and management traffic should be segregated by using ENIs belonging to different subnets.
    • Only the NSIP address should be present on the management ENI.
    • If a NAT instance is used for security instead of assigning an EIP to the NSIP, appropriate VPC level routing changes are required. For instructions on making VPC level routing changes, in the AWS documentation, see Scenario 2: VPC with Public and Private Subnets.
    • A VPX instance can be moved from one EC2 instance type to another (for example, from m3.large to an m3.xlarge).
    • For storage options for VPX on AWS, NetScaler recommends EBS, because it is durable and the data is available even after it is detached from instance.
    • Dynamic addition of ENIs to VPX is not supported. You have to restart the VPX instance to apply the update. NetScaler recommends you to stop the standalone or HA instance, attach the new ENI, and then restart the instance.
    • You can assign multiple IP addresses to an ENI. The maximum number of IP addresses per ENI is determined by the EC2 instance type, see EC2 Support for ENIs and IP Addresses.
    • NetScaler recommends that you avoid using the enable and disable interface commands on NetScaler Networking VPX interfaces.

    Due to AWS limitations, these features are not supported:

    Layer 3 limitations:

    • Dynamic Routing
    • IPV6

    Layer 2 Limitations:

    • Gratuitous ARP(GARP)
    • L2 mode
    • Tagged VLAN
    • Virtual MAC (VMAC)
     

    Continued on Part 2

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...