Product Documentation

Configuring the Source Port for Server-Side Connections

Aug 31, 2016

When the NetScaler appliance connects to a physical server, it can use the source port from client's request, or it can use a proxy port as the source port for the connection. You can set the Use Proxy Port parameter to YES to handle situations such as the following scenario:

  • The NetScaler appliance is configured with two load balancing virtual servers, LBVS1 and LBVS2.
  • Both the virtual servers are bound to the same service, S-ANY.
  • Use (the client's) source IP address (USIP) is enabled on the service.
  • Client C1 sends two requests, Req1 and Req2, for the same service.
  • Req1 is received by LBVS1 and Req2 is received by LBVS2.
  • LBVS1 and LBVS2 forward the request to S-ANY, and when S-ANY sends the response, they forward the response to the client.
  • Consider two cases:
    • Use the client port. When the NetScaler uses the client port, both the virtual servers use the client's IP address (because USIP is ON) and the client's port when connecting to the server. Therefore, when the service sends the response, the NetScaler cannot determine which virtual server should receive the response.
    • Use proxy port. When the NetScaler uses a proxy port, the virtual servers use the client's IP address (because USIP is ON), but different ports when connecting to the server. Therefore, when the service sends the response, the port number identifies the virtual server that should receive the response.

However, if you require a fully transparent configuration, such as a fully transparent cache redirection configuration, you must disable the Use Proxy port Setting so that the NetScaler appliance can use the source port from the client’s request.

The Use Proxy Port option becomes relevant if the use source IP (USIP) option is enabled. For TCP-based service types, such as TCP, HTTP, and SSL, the option is enabled by default. For UDP-based service types, such as UDP and DNS, including ANY, the option is disabled by default. For more information about the USIP option, see "Enabling Use Source IP Mode."

You can configure the Use Proxy Port setting either globally or on a given service.

Configuring the Use Proxy Port Setting on a Service

You configure the Use ProxyPort settingon the service if you want to override the global setting.

To configure the Use Proxy Port setting on a service by using the command line interface

At the command prompt, type:

set service <name> -useProxyPort (YES | NO)

Example

> set service svc1 -useproxyport YES 
 Done > show service svc1 
	svc1 (10.102.29.30:80) - HTTP 
	State: UP 
	. . . 
	Use Source IP: YES		Use Proxy Port: YES	 
	. . .  
 Done 
> 

To configure the Use Proxy Port setting on a service by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Services, and open a service.
  2. In Advanced Settings, select Traffic Settings, and select Use Proxy Port.

Configuring the Use Proxy Port Setting Globally

You configure the Use Proxy Port setting globally if you want to apply the setting to all the services on the NetScaler appliance. The global setting is overridden by service-specific Use Proxy Port settings.

To configure the Use Proxy Port setting globally by using the command line interface

At the command prompt, type the following commands to configure the Use Proxy Port setting globally and verify the configuration:

  • set ns param -useproxyport ( ENABLED | DISABLED )
  • show ns param

Example

> set ns param -useproxyport ENABLED 
 Done 
> show ns param 
	Global configuration settings: 
                . . . 
               Use Proxy Port: ENABLED 
 Done 
> 

To configure the Use Proxy Port setting globally by using the configuration utility

Navigate to System > Settings > Change global system settings, and select or clear Use Proxy Port.