Product Documentation

Use Case 5: Configuring DSR Mode When Using TOS

Jun 08, 2015

Differentiated services (DS), also known as TOS (Type of Service), is a field that is part of the TCP packet header. TOS is used by upper layer protocols for optimizing the path for a packet. The TOS information encodes the NetScaler appliance virtual IP address (VIP), and the load balanced servers extract the VIP from it.

In the following scenario, the appliance adds the VIP to the TOS field in the packet and then forwards the packet to the load balanced server. The load balanced server then responds directly to the client, bypassing the appliance, as illustrated in the following diagram.

Figure 1. The NetScaler Appliance in DSR mode with TOS

The TOS feature is specifically customized for a controlled environment, as described below:

  • The environment must not have any stateful devices, such as stateful firewall and TCP gateways, in the path between the appliance and the load balanced servers.
  • Routers at all the entry points to the network must remove the TOS field from all incoming packets to make sure that the load balanced server does not confuse another TOS field with that added by the appliance.
  • Each server can have only 63 VIPs.
  • The intermediate router must not send out ICMP error messages regarding fragmentation. The client will not understand the message, as the source IP address will be the IP address of the load balanced server and not the NetScaler VIP.
  • TOS is valid only for IP-based services. You cannot use domain name based services with TOS.

In the example, Service-ANY-1 is created and bound to the virtual server Vserver-LB-1. The virtual server load balances the client request to the service, and the service responds to clients directly, bypassing the appliance. The following table lists the names and values of the entities configured on the appliance in DSR mode.

Entity Type

Name

IP Address

Protocol

Virtual server

Vserver-LB-1

10.102.33.91

ANY

Services

Service-ANY-1

10.102.100.44

ANY

Monitors

PING

None

None

DSR with TOS requires that load balancing be set up on layer 3. To configure a basic load balancing setup for Layer 3, see Setting Up Basic Load Balancing. Name the entities and set the parameters using the values described in the previous table.

After you configure the load balancing setup, you must customize the load balancing setup for DSR mode by configuring the redirection mode to allow the server to decapsulate the data packet and then respond directly to the client and bypass the appliance.

After specifying the redirection mode, you can optionally enable the appliance to transparently monitor the server. This enables the appliance to transparently monitor the load balanced servers.

To configure the redirection mode for the virtual server by using the command line interface

At the command prompt, type:

set lb vserver <vServerName> -m <Value> -tosId <Value>

Example

set lb vserver Vserver-LB-1 -m TOS -tosId 3

To configure the redirection mode for the virtual server by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers.
  2. Open a virtual server, and in Redirect Mode, select TOS ID.

To configure the transparent monitor for TOS by using the command line interface

At the command prompt, type:

add monitor <MonitorName> <Type> -destip <DestinationIP> -tos <Value> -tosId <Value>

Example

add monitor mon1 PING -destip 10.102.33.91 -tos Yes  -tosId 3

To create the transparent monitor for TOS by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Monitors.
  2. Create a monitor, select TOS, and type the TOS ID that you specified for the virtual server.