[170578] in North American Network Operators' Group
Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
daemon@ATHENA.MIT.EDU (Alex White-Robinson)
Tue Apr 1 04:00:55 2014
In-Reply-To: <E14A388D64084E4499220708BD9746A5EA4387BC@NETMBX11.netas.lab.nortel.com>
From: Alex White-Robinson <alexwr@gmail.com>
Date: Tue, 1 Apr 2014 20:59:44 +1300
To: Anil KARADAG <akaradag@netas.com.tr>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Have you configured RNAT yet? Might tidy up your SIP problem. Do you need
the servers to see the client's source port, or is your issue that SIP
response traffic is not on the port the client expects?
Give the guide to setting up RNAT here a try -
http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-1-=
map/ns-lb-commonprotocols-sip-con.html
tl;dr though -
set rnat <server subnet> <netmask>
set lb sipParameters -rnatSrcPort 5060 -rnatDstPort 5060 -retryDur
1000 -addRportVip ENABLED -sip503RateThreshold 1000
On Tue, Apr 1, 2014 at 7:33 PM, Anil KARADAG <akaradag@netas.com.tr> wrote:
> Hi again,
>
>
>
> I continue to work on fixing the problem, but no success so far. Is there
> any way to use client port number without enabling "use source ip"??
>
>
>
> -----Original Message-----
> From: Anil KARADAG [mailto:akaradag@NETAS.com.tr]
> Sent: Monday, March 31, 2014 3:51 PM
> To: Pui Edylie; Paul Bertain
> Cc: nanog@nanog.org
> Subject: RE: Outgoing traffic problem on Citrix Netscaler Load Balancer
>
>
>
> Hi,SIP source ports destination ports
> SIP source ports destination ports
>
>
> Thanks for solution but I cannot use it, because backend servers must kno=
w
> netscaler snip ip for clients. So I need fixed proxy port to communicatio=
n
> with backend servers.
>
>
>
> -----Original Message-----
>
> From: Pui Edylie [mailto:email@edylie.net]
>
> Sent: Monday, March 31, 2014 3:23 PM
>
> To: Anil KARADAG; Paul Bertain
>
> Cc: nanog@nanog.org
>
> Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
>
>
>
> Hi Anil,
>
>
>
> Take a look at
>
>
> http://support.citrix.com/proddocs/topic/ns-system-10-1-map/ns-nw-ipaddrs=
sng-enabling-use-src-ip-mode-tsk.html
>
> - use the client's port.
>
>
>
> We prefer F5 LTM much better than Netscaler :)
>
>
>
> Cheers,
>
> Edy
>
>
>
> On 3/31/2014 8:17 PM, Anil KARADAG wrote:
>
> > Hi Paul,
>
> >
>
> > Thanks for reply, it works :). But I have another problem; source port
> is altered by the virtual service. However, we need the source port to be
> the same on the destination servers. Is there a way to ensure this?
>
> >
>
> > Thanks
>
> >
>
> > -----Original Message-----
>
> > From: Paul Bertain [mailto:paul@bertain.net]
>
> > Sent: Tuesday, March 25, 2014 10:47 PM
>
> > To: Anil KARADAG
>
> > Cc: nanog@nanog.org
>
> > Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
>
> >
>
> > Hi Anil,
>
> >
>
> > Have you setup MBF? I've seen that as an issue before. If you don't
> have a default route set, than MBF might help you send the response out t=
he
> interface on which it was received.
>
> >
>
> > Paul
>
> >
>
> >> On Mar 24, 2014, at 11:46 PM, Anil KARADAG <akaradag@NETAS.com.tr
> <mailto:akaradag@NETAS.com.tr>> wrote:
>
> >>
>
> >> Hi,
>
> >>
>
> >> I setup a netscaler load balancer for sip traffic on Amazon EC2.
> Clients packets are arrived to the backend servers over to the load
> balancer but any responses cannot be arrived to clients. I see the
> responses on the load balancer.
>
> >>
>
> >> I think there is a config problem for that but I don't know and did no=
t
> find any solution for that. How can I fix the outbound traffic issue.
>
> >>
>
> >> thanks
>
> >> Bu e-posta mesaj? ve ekleri g?nderildi?i ki?i ya da kuruma ?zeldir ve
> gizlidir. Ayr?ca hukuken de gizli olabilir. Hi?bir ?ekilde ???nc? ki?iler=
e
> a??klanamaz ve yay?nlanamaz. E?er mesaj?n g?nderildi?i al?c? de?ilseniz b=
u
> elektronik postan?n i?eri?ini a??klaman?z, kopyalaman?z, y?nlendirmeniz v=
e
> kullanman?z kesinlikle yasakt?r ve bu elektronik postay? ve eklerini derh=
al
> silmeniz gerekmektedir. NETA? TELEKOM?N?KASYON A.?. bu mesaj?n i?erdi?i
> bilgilerin do?rulu?u veya eksiksiz oldu?u konusunda herhangi bir garanti
> vermemektedir. Bu nedenle bu bilgilerin ne ?ekilde olursa olsun
> i?eri?inden, iletilmesinden, al?nmas?ndan, saklanmas?ndan ve
> kullan?lmas?ndan sorumlu de?ildir. Bu mesajdaki g?r??ler g?nderen ki?iye
> ait olup, NETA? TELEKOM?N?KASYON A.?.'nin g?r??lerini yans?tmayabilir.
>
> >> -------------------------------------------------------
>
> >> This e-mail and its attachments are private and confidential and
> intended for the exclusive use of the individual or entity to whom it is
> addressed. It may also be legally confidential. Any disclosure,
> distribution or other dissemination of this message to any third party is
> strictly prohibited. If you are not the intended recipient you are hereby
> notified that any dissemination, forwarding, copying or use of any of the
> information is strictly prohibited, and the e-mail should immediately be
> deleted. NETA? TELEKOM?N?KASYON A.?. makes no warranty as to the accuracy
> or completeness of any information contained in this message and hereby
> excludes any liability of any kind for the information contained therein =
or
> for the transmission, reception, storage or use of such information in an=
y
> way whatsoever. The opinions expressed in this message are those of the
> sender and may not necessarily reflect the opinions of NETA?
> TELEKOM?N?KASYON A.?.
>
> > Bu e-posta mesaj=FD ve ekleri g=F6nderildi=F0i ki=FEi ya da kuruma =F6z=
eldir ve
> gizlidir. Ayr=FDca hukuken de gizli olabilir. Hi=E7bir =FEekilde =FC=E7=
=FCnc=FC ki=FEilere
> a=E7=FDklanamaz ve yay=FDnlanamaz. E=F0er mesaj=FDn g=F6nderildi=F0i al=
=FDc=FD de=F0ilseniz bu
> elektronik postan=FDn i=E7eri=F0ini a=E7=FDklaman=FDz, kopyalaman=FDz, y=
=F6nlendirmeniz ve
> kullanman=FDz kesinlikle yasakt=FDr ve bu elektronik postay=FD ve eklerin=
i derhal
> silmeniz gerekmektedir. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. bu mesaj=FDn =
i=E7erdi=F0i
> bilgilerin do=F0rulu=F0u veya eksiksiz oldu=F0u konusunda herhangi bir ga=
ranti
> vermemektedir. Bu nedenle bu bilgilerin ne =FEekilde olursa olsun
> i=E7eri=F0inden, iletilmesinden, al=FDnmas=FDndan, saklanmas=FDndan ve
> kullan=FDlmas=FDndan sorumlu de=F0ildir. Bu mesajdaki g=F6r=FC=FEler g=F6=
nderen ki=FEiye
> ait olup, NETA=DE TELEKOM=DCN=DDKASYON A.=DE.'nin g=F6r=FC=FElerini yans=
=FDtmayabilir.
>
> > -------------------------------------------------------
>
> > This e-mail and its attachments are private and confidential and
> intended for the exclusive use of the individual or entity to whom it is
> addressed. It may also be legally confidential. Any disclosure,
> distribution or other dissemination of this message to any third party is
> strictly prohibited. If you are not the intended recipient you are hereby
> notified that any dissemination, forwarding, copying or use of any of the
> information is strictly prohibited, and the e-mail should immediately be
> deleted. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. makes no warranty as to the =
accuracy
> or completeness of any information contained in this message and hereby
> excludes any liability of any kind for the information contained therein =
or
> for the transmission, reception, storage or use of such information in an=
y
> way whatsoever. The opinions expressed in this message are those of the
> sender and may not necessarily reflect the opinions of NETA=DE
> TELEKOM=DCN=DDKASYON A.=DE.
>
>
>
>
>
>
>
> Bu e-posta mesaj=FD ve ekleri g=F6nderildi=F0i ki=FEi ya da kuruma =F6zel=
dir ve
> gizlidir. Ayr=FDca hukuken de gizli olabilir. Hi=E7bir =FEekilde =FC=E7=
=FCnc=FC ki=FEilere
> a=E7=FDklanamaz ve yay=FDnlanamaz. E=F0er mesaj=FDn g=F6nderildi=F0i al=
=FDc=FD de=F0ilseniz bu
> elektronik postan=FDn i=E7eri=F0ini a=E7=FDklaman=FDz, kopyalaman=FDz, y=
=F6nlendirmeniz ve
> kullanman=FDz kesinlikle yasakt=FDr ve bu elektronik postay=FD ve eklerin=
i derhal
> silmeniz gerekmektedir. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. bu mesaj=FDn =
i=E7erdi=F0i
> bilgilerin do=F0rulu=F0u veya eksiksiz oldu=F0u konusunda herhangi bir ga=
ranti
> vermemektedir. Bu nedenle bu bilgilerin ne =FEekilde olursa olsun
> i=E7eri=F0inden, iletilmesinden, al=FDnmas=FDndan, saklanmas=FDndan ve
> kullan=FDlmas=FDndan sorumlu de=F0ildir. Bu mesajdaki g=F6r=FC=FEler g=F6=
nderen ki=FEiye
> ait olup, NETA=DE TELEKOM=DCN=DDKASYON A.=DE.'nin g=F6r=FC=FElerini yans=
=FDtmayabilir.
>
> -------------------------------------------------------
>
> This e-mail and its attachments are private and confidential and intended
> for the exclusive use of the individual or entity to whom it is addressed=
.
> It may also be legally confidential. Any disclosure, distribution or othe=
r
> dissemination of this message to any third party is strictly prohibited. =
If
> you are not the intended recipient you are hereby notified that any
> dissemination, forwarding, copying or use of any of the information is
> strictly prohibited, and the e-mail should immediately be deleted. NETA=
=DE
> TELEKOM=DCN=DDKASYON A.=DE. makes no warranty as to the accuracy or compl=
eteness
> of any information contained in this message and hereby excludes any
> liability of any kind for the information contained therein or for the
> transmission, reception, storage or use of such information in any way
> whatsoever. The opinions expressed in this message are those of the sende=
r
> and may not necessarily reflect the opinions of NETA=DE TELEKOM=DCN=DDKAS=
YON A.=DE.
>
> Bu e-posta mesaj=FD ve ekleri g=F6nderildi=F0i ki=FEi ya da kuruma =F6zel=
dir ve
> gizlidir. Ayr=FDca hukuken de gizli olabilir. Hi=E7bir =FEekilde =FC=E7=
=FCnc=FC ki=FEilere
> a=E7=FDklanamaz ve yay=FDnlanamaz. E=F0er mesaj=FDn g=F6nderildi=F0i al=
=FDc=FD de=F0ilseniz bu
> elektronik postan=FDn i=E7eri=F0ini a=E7=FDklaman=FDz, kopyalaman=FDz, y=
=F6nlendirmeniz ve
> kullanman=FDz kesinlikle yasakt=FDr ve bu elektronik postay=FD ve eklerin=
i derhal
> silmeniz gerekmektedir. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. bu mesaj=FDn =
i=E7erdi=F0i
> bilgilerin do=F0rulu=F0u veya eksiksiz oldu=F0u konusunda herhangi bir ga=
ranti
> vermemektedir. Bu nedenle bu bilgilerin ne =FEekilde olursa olsun
> i=E7eri=F0inden, iletilmesinden, al=FDnmas=FDndan, saklanmas=FDndan ve
> kullan=FDlmas=FDndan sorumlu de=F0ildir. Bu mesajdaki g=F6r=FC=FEler g=F6=
nderen ki=FEiye
> ait olup, NETA=DE TELEKOM=DCN=DDKASYON A.=DE.'nin g=F6r=FC=FElerini yans=
=FDtmayabilir.
> -------------------------------------------------------
> This e-mail and its attachments are private and confidential and intended
> for the exclusive use of the individual or entity to whom it is addressed=
.
> It may also be legally confidential. Any disclosure, distribution or othe=
r
> dissemination of this message to any third party is strictly prohibited. =
If
> you are not the intended recipient you are hereby notified that any
> dissemination, forwarding, copying or use of any of the information is
> strictly prohibited, and the e-mail should immediately be deleted. NETA=
=DE
> TELEKOM=DCN=DDKASYON A.=DE. makes no warranty as to the accuracy or compl=
eteness
> of any information contained in this message and hereby excludes any
> liability of any kind for the information contained therein or for the
> transmission, reception, storage or use of such information in any way
> whatsoever. The opinions expressed in this message are those of the sende=
r
> and may not necessarily reflect the opinions of NETA=DE TELEKOM=DCN=DDKAS=
YON A.=DE.
>
