Product Documentation

Using a Source Port from a Specified Port Range for Backend Communication

Jan 04, 2016

By default, for configurations with USIP option disabled or with USIP and use proxy port options enabled, the NetScaler appliance communicates to the servers from a random source port (greater than 1024). 

The NetScaler supports using a source port from a specified port range for communicating to the servers. One of the use case of this feature is for servers that are configured to identify received traffic belonging to a specific set on the basis of source port for logging and monitoring purposes. For example, identifying internal and external traffic for logging purpose.

Configuring the NetScaler appliance to use a source port from a port range for communicating to the servers consists of the following tasks:

  • Create a net profile and set the source port range parameter. A source port range parameter specifies one or more port ranges. The NetScaler randomly selects one of the free ports from the specified port ranges and used it as the source port for each connection to servers.
  • Bind the net profile to load balancing virtual servers, services, or service groups: A net profile with source port range setting can be bound to a virtual server, service, or a service group of a load balancing configuration. For a connection to a virtual server, the NetScaler randomly selects one of the free ports from the specified port ranges of a net profile and use this port as the source port for connecting to one of the bound server.

To specify a source port range or ranges by using the NetScaler command line

At the command prompt, type:

  • bind netProfile <name> (-srcPortRange <int[-int]> ...)
  • show netprofile <name>

To specify a source port range or ranges by using the configuration utility

  1. Navigate to System > Network > Net Profiles.
  2. Set the Source Port Range parameter while adding or modifying NetProfiles.
Sample Configuration 複製

In the following sample configuration, net profile PARTIAL-NAT-1 has partial NAT settings and is bound to load balancing virtual server LBVS-1, which is of type ANY. For packets received on LBVS-1 from 192.0.0.0/8, the NetScaler appliance translates the last octet of the packet's source IP address to 100. For example, a packet with source IP address 192.0.2.30 received on LBVS-1, the NetScaler appliance translates the source IP address to 100.0.2.30 before sending it one of the bound servers.

> add netprofile CUSTOM-SRCPORT-NP-1

Done

> bind netprofile CUSTOM-SRCPRT-NP-1 –srcportrange 2000-3000
Done

> bind netprofile CUSTOM-SRCPRT-NP-1 –srcportrange 5000-6000
Done

> add lb vserver LBVS-1 ANY 203.0.113. 61 * -netprofile PARTIAL-NAT-1
Done