NetScaler and basic functions, status of vServers and ICMP ARP operations

Sometimes when setting up a new NetScaler and migrating virtual servers from an old one to another, it is quite often that one might forget to disable or shutdown older vServers. Now NetScaler has features to disable different network settings, so this post I want to explain what each option does.

In a layer 2 network, the ARP protocol (In IPV4 network) is reponsible for mapping IP to MAC addresses. So if we have an vServer 192.168.105.200 and we ping it from a host on the same subnet, it will run an ARP request to get the MAC address of that IP

image

So if we have an vServer running on that IP with port 80 and that is enabled. If that host is not in the ARP table, what will happen when we open up a network connection (Internet browser to that IP on that port)

  • ARP will run a broadcast
  • Get the MAC of that IP
  • Initiate a TCP connection to port 80 using HTTP

Next time we open up a connection, that MAC address will most likely be in the MAC table of the host and will no longer require an ARP request.

So let us say that we want to setup a new NetScaler to replace the old one, and we want to setup a new NetScaler using the same IP address. So I’m guessing that we can just disable the vServer right?

image

Wrong, what will happen is that the IP will still be in use and respond to ARP but the service running on port 80 will not be accessable.

Here we can see that NetScaler one and two responds at the same time, even thou the service is disabled.

image

So what if we disable ARP on the VIP on the older NetScaler ?

image

Yay! now only one NetScaler will respond (IF the ARP cache is cleaned up, on Windows is takes 2 minutes before the dynamic ARP table is cleared out) if you want to disable an old vServer (Disable the vServer first TCP service, then disable ARP and ICMP as well) which will not allow it to communicate at all)

Or what I recommend is that you define the response parameters of the VIP.

image

When we define these to ONE_VSERVER they will only respond to ARP and ICMP if one vserver which is attached to the VIP is in state up. If we then would disable a vServer for maintance or something, then ARP and ICMP would automatically be disabled on the VIP, which makes alot more sense when doing maintance, because if services are reponding to ICMP but not on the service itself, people tend to star troubleshooting pretty fast.

#netscaler