[170579] in North American Network Operators' Group
RE: Outgoing traffic problem on Citrix Netscaler Load Balancer
daemon@ATHENA.MIT.EDU (Anil KARADAG)
Tue Apr 1 04:38:44 2014
From: "Anil KARADAG" <akaradag@NETAS.com.tr>
To: Alex White-Robinson <alexwr@gmail.com>
Date: Tue, 1 Apr 2014 08:38:18 +0000
In-Reply-To: <CAFhRO6RgohVhHWocgngKgbrhZUsujU-hq92DPgQmz5oPuWR2Rg@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
My aim is forwarding all sip packages from netscaler snip:client port numbe=
r to backend server ip: backend server port. I tried the following scenario=
s;
- "use source ip" is enabled, "use proxy port" is set no
o Result: we see client port as source port but no SNIP for source ip-ad=
dress
- In additional above configured also RNAT
o Result: we see SNIP ip address as source ip address but source port aga=
in become random.
Checked the citrix support link for rnat, but our sip packages include 'via=
header' option with SNIP: client port number;
Via: SIP/2.0/UDP <netscaler SNIP:5060;received=3D192.168.184.13;branch=3Dz9=
hZ4bb1ce74d0f-a161-43af-8f08-2d98cf702742_0efcfc5e_71732184846337
From: Alex White-Robinson [mailto:alexwr@gmail.com]
Sent: Tuesday, April 01, 2014 11:00 AM
To: Anil KARADAG
Cc: Pui Edylie; Paul Bertain; nanog@nanog.org
Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
Have you configured RNAT yet? Might tidy up your SIP problem. Do you need t=
he servers to see the client's source port, or is your issue that SIP respo=
nse traffic is not on the port the client expects?
Give the guide to setting up RNAT here a try - http://support.citrix.com/pr=
oddocs/topic/netscaler-traffic-management-10-1-map/ns-lb-commonprotocols-si=
p-con.html
tl;dr though -
set rnat <server subnet> <netmask>
set lb sipParameters -rnatSrcPort 5060 -rnatDstPort 5060 -retryDur 1000 -ad=
dRportVip ENABLED -sip503RateThreshold 1000
On Tue, Apr 1, 2014 at 7:33 PM, Anil KARADAG <akaradag@netas.com.tr<mailto:=
akaradag@netas.com.tr>> wrote:
Hi again,
I continue to work on fixing the problem, but no success so far. Is there a=
ny way to use client port number without enabling "use source ip"??
-----Original Message-----
From: Anil KARADAG [mailto:akaradag@NETAS.com.tr<mailto:akaradag@NETAS.com.=
tr>]
Sent: Monday, March 31, 2014 3:51 PM
To: Pui Edylie; Paul Bertain
Cc: nanog@nanog.org<mailto:nanog@nanog.org>
Subject: RE: Outgoing traffic problem on Citrix Netscaler Load Balancer
Hi,SIP source ports destination ports
SIP source ports destination ports
Thanks for solution but I cannot use it, because backend servers must know =
netscaler snip ip for clients. So I need fixed proxy port to communication =
with backend servers.
-----Original Message-----
From: Pui Edylie [mailto:email@edylie.net<mailto:email@edylie.net>]
Sent: Monday, March 31, 2014 3:23 PM
To: Anil KARADAG; Paul Bertain
Cc: nanog@nanog.org<mailto:nanog@nanog.org>
Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
Hi Anil,
Take a look at
http://support.citrix.com/proddocs/topic/ns-system-10-1-map/ns-nw-ipaddrssn=
g-enabling-use-src-ip-mode-tsk.html
- use the client's port.
We prefer F5 LTM much better than Netscaler :)
Cheers,
Edy
On 3/31/2014 8:17 PM, Anil KARADAG wrote:
> Hi Paul,
>
> Thanks for reply, it works :). But I have another problem; source port is=
altered by the virtual service. However, we need the source port to be the=
same on the destination servers. Is there a way to ensure this?
>
> Thanks
>
> -----Original Message-----
> From: Paul Bertain [mailto:paul@bertain.net<mailto:paul@bertain.net>]
> Sent: Tuesday, March 25, 2014 10:47 PM
> To: Anil KARADAG
> Cc: nanog@nanog.org<mailto:nanog@nanog.org>
> Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
>
> Hi Anil,
>
> Have you setup MBF? I've seen that as an issue before. If you don't have=
a default route set, than MBF might help you send the response out the int=
erface on which it was received.
>
> Paul
>
>> On Mar 24, 2014, at 11:46 PM, Anil KARADAG <akaradag@NETAS.com.tr<mailto=
:akaradag@NETAS.com.tr><mailto:akaradag@NETAS.com.tr<mailto:akaradag@NETAS.=
com.tr>>> wrote:
>>
>> Hi,
>>
>> I setup a netscaler load balancer for sip traffic on Amazon EC2. Clients=
packets are arrived to the backend servers over to the load balancer but a=
ny responses cannot be arrived to clients. I see the responses on the load =
balancer.
>>
>> I think there is a config problem for that but I don't know and did not =
find any solution for that. How can I fix the outbound traffic issue.
>>
>> thanks
>> Bu e-posta mesaj? ve ekleri g?nderildi?i ki?i ya da kuruma ?zeldir ve gi=
zlidir. Ayr?ca hukuken de gizli olabilir. Hi?bir ?ekilde ???nc? ki?ilere a?=
?klanamaz ve yay?nlanamaz. E?er mesaj?n g?nderildi?i al?c? de?ilseniz bu el=
ektronik postan?n i?eri?ini a??klaman?z, kopyalaman?z, y?nlendirmeniz ve ku=
llanman?z kesinlikle yasakt?r ve bu elektronik postay? ve eklerini derhal s=
ilmeniz gerekmektedir. NETA? TELEKOM?N?KASYON A.?. bu mesaj?n i?erdi?i bilg=
ilerin do?rulu?u veya eksiksiz oldu?u konusunda herhangi bir garanti vermem=
ektedir. Bu nedenle bu bilgilerin ne ?ekilde olursa olsun i?eri?inden, ilet=
ilmesinden, al?nmas?ndan, saklanmas?ndan ve kullan?lmas?ndan sorumlu de?ild=
ir. Bu mesajdaki g?r??ler g?nderen ki?iye ait olup, NETA? TELEKOM?N?KASYON =
A.?.'nin g?r??lerini yans?tmayabilir.
>> -------------------------------------------------------
>> This e-mail and its attachments are private and confidential and intende=
d for the exclusive use of the individual or entity to whom it is addressed=
. It may also be legally confidential. Any disclosure, distribution or othe=
r dissemination of this message to any third party is strictly prohibited. =
If you are not the intended recipient you are hereby notified that any diss=
emination, forwarding, copying or use of any of the information is strictly=
prohibited, and the e-mail should immediately be deleted. NETA? TELEKOM?N?=
KASYON A.?. makes no warranty as to the accuracy or completeness of any inf=
ormation contained in this message and hereby excludes any liability of any=
kind for the information contained therein or for the transmission, recept=
ion, storage or use of such information in any way whatsoever. The opinions=
expressed in this message are those of the sender and may not necessarily =
reflect the opinions of NETA? TELEKOM?N?KASYON A.?.
> Bu e-posta mesaj=FD ve ekleri g=F6nderildi=F0i ki=FEi ya da kuruma =F6zel=
dir ve gizlidir. Ayr=FDca hukuken de gizli olabilir. Hi=E7bir =FEekilde =FC=
=E7=FCnc=FC ki=FEilere a=E7=FDklanamaz ve yay=FDnlanamaz. E=F0er mesaj=FDn =
g=F6nderildi=F0i al=FDc=FD de=F0ilseniz bu elektronik postan=FDn i=E7eri=F0=
ini a=E7=FDklaman=FDz, kopyalaman=FDz, y=F6nlendirmeniz ve kullanman=FDz ke=
sinlikle yasakt=FDr ve bu elektronik postay=FD ve eklerini derhal silmeniz =
gerekmektedir. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. bu mesaj=FDn i=E7erdi=F0=
i bilgilerin do=F0rulu=F0u veya eksiksiz oldu=F0u konusunda herhangi bir ga=
ranti vermemektedir. Bu nedenle bu bilgilerin ne =FEekilde olursa olsun i=
=E7eri=F0inden, iletilmesinden, al=FDnmas=FDndan, saklanmas=FDndan ve kulla=
n=FDlmas=FDndan sorumlu de=F0ildir. Bu mesajdaki g=F6r=FC=FEler g=F6nderen =
ki=FEiye ait olup, NETA=DE TELEKOM=DCN=DDKASYON A.=DE.'nin g=F6r=FC=FElerin=
i yans=FDtmayabilir.
> -------------------------------------------------------
> This e-mail and its attachments are private and confidential and intended=
for the exclusive use of the individual or entity to whom it is addressed.=
It may also be legally confidential. Any disclosure, distribution or other=
dissemination of this message to any third party is strictly prohibited. I=
f you are not the intended recipient you are hereby notified that any disse=
mination, forwarding, copying or use of any of the information is strictly =
prohibited, and the e-mail should immediately be deleted. NETA=DE TELEKOM=
=DCN=DDKASYON A.=DE. makes no warranty as to the accuracy or completeness o=
f any information contained in this message and hereby excludes any liabili=
ty of any kind for the information contained therein or for the transmissio=
n, reception, storage or use of such information in any way whatsoever. The=
opinions expressed in this message are those of the sender and may not nec=
essarily reflect the opinions of NETA=DE TELEKOM=DCN=DDKASYON A.=DE.
Bu e-posta mesaj=FD ve ekleri g=F6nderildi=F0i ki=FEi ya da kuruma =F6zeldi=
r ve gizlidir. Ayr=FDca hukuken de gizli olabilir. Hi=E7bir =FEekilde =FC=
=E7=FCnc=FC ki=FEilere a=E7=FDklanamaz ve yay=FDnlanamaz. E=F0er mesaj=FDn =
g=F6nderildi=F0i al=FDc=FD de=F0ilseniz bu elektronik postan=FDn i=E7eri=F0=
ini a=E7=FDklaman=FDz, kopyalaman=FDz, y=F6nlendirmeniz ve kullanman=FDz ke=
sinlikle yasakt=FDr ve bu elektronik postay=FD ve eklerini derhal silmeniz =
gerekmektedir. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. bu mesaj=FDn i=E7erdi=F0=
i bilgilerin do=F0rulu=F0u veya eksiksiz oldu=F0u konusunda herhangi bir ga=
ranti vermemektedir. Bu nedenle bu bilgilerin ne =FEekilde olursa olsun i=
=E7eri=F0inden, iletilmesinden, al=FDnmas=FDndan, saklanmas=FDndan ve kulla=
n=FDlmas=FDndan sorumlu de=F0ildir. Bu mesajdaki g=F6r=FC=FEler g=F6nderen =
ki=FEiye ait olup, NETA=DE TELEKOM=DCN=DDKASYON A.=DE.'nin g=F6r=FC=FElerin=
i yans=FDtmayabilir.
-------------------------------------------------------
This e-mail and its attachments are private and confidential and intended f=
or the exclusive use of the individual or entity to whom it is addressed. I=
t may also be legally confidential. Any disclosure, distribution or other d=
issemination of this message to any third party is strictly prohibited. If =
you are not the intended recipient you are hereby notified that any dissemi=
nation, forwarding, copying or use of any of the information is strictly pr=
ohibited, and the e-mail should immediately be deleted. NETA=DE TELEKOM=DCN=
=DDKASYON A.=DE. makes no warranty as to the accuracy or completeness of an=
y information contained in this message and hereby excludes any liability o=
f any kind for the information contained therein or for the transmission, r=
eception, storage or use of such information in any way whatsoever. The opi=
nions expressed in this message are those of the sender and may not necessa=
rily reflect the opinions of NETA=DE TELEKOM=DCN=DDKASYON A.=DE.
Bu e-posta mesaj=FD ve ekleri g=F6nderildi=F0i ki=FEi ya da kuruma =F6zeldi=
r ve gizlidir. Ayr=FDca hukuken de gizli olabilir. Hi=E7bir =FEekilde =FC=
=E7=FCnc=FC ki=FEilere a=E7=FDklanamaz ve yay=FDnlanamaz. E=F0er mesaj=FDn =
g=F6nderildi=F0i al=FDc=FD de=F0ilseniz bu elektronik postan=FDn i=E7eri=F0=
ini a=E7=FDklaman=FDz, kopyalaman=FDz, y=F6nlendirmeniz ve kullanman=FDz ke=
sinlikle yasakt=FDr ve bu elektronik postay=FD ve eklerini derhal silmeniz =
gerekmektedir. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. bu mesaj=FDn i=E7erdi=F0=
i bilgilerin do=F0rulu=F0u veya eksiksiz oldu=F0u konusunda herhangi bir ga=
ranti vermemektedir. Bu nedenle bu bilgilerin ne =FEekilde olursa olsun i=
=E7eri=F0inden, iletilmesinden, al=FDnmas=FDndan, saklanmas=FDndan ve kulla=
n=FDlmas=FDndan sorumlu de=F0ildir. Bu mesajdaki g=F6r=FC=FEler g=F6nderen =
ki=FEiye ait olup, NETA=DE TELEKOM=DCN=DDKASYON A.=DE.'nin g=F6r=FC=FElerin=
i yans=FDtmayabilir.
-------------------------------------------------------
This e-mail and its attachments are private and confidential and intended f=
or the exclusive use of the individual or entity to whom it is addressed. I=
t may also be legally confidential. Any disclosure, distribution or other d=
issemination of this message to any third party is strictly prohibited. If =
you are not the intended recipient you are hereby notified that any dissemi=
nation, forwarding, copying or use of any of the information is strictly pr=
ohibited, and the e-mail should immediately be deleted. NETA=DE TELEKOM=DCN=
=DDKASYON A.=DE. makes no warranty as to the accuracy or completeness of an=
y information contained in this message and hereby excludes any liability o=
f any kind for the information contained therein or for the transmission, r=
eception, storage or use of such information in any way whatsoever. The opi=
nions expressed in this message are those of the sender and may not necessa=
rily reflect the opinions of NETA=DE TELEKOM=DCN=DDKASYON A.=DE.
Bu e-posta mesaj=FD ve ekleri g=F6nderildi=F0i ki=FEi ya da kuruma =F6zeldi=
r ve gizlidir. Ayr=FDca hukuken de gizli olabilir. Hi=E7bir =FEekilde =FC=
=E7=FCnc=FC ki=FEilere a=E7=FDklanamaz ve yay=FDnlanamaz. E=F0er mesaj=FDn =
g=F6nderildi=F0i al=FDc=FD de=F0ilseniz bu elektronik postan=FDn i=E7eri=F0=
ini a=E7=FDklaman=FDz, kopyalaman=FDz, y=F6nlendirmeniz ve kullanman=FDz ke=
sinlikle yasakt=FDr ve bu elektronik postay=FD ve eklerini derhal silmeniz =
gerekmektedir. NETA=DE TELEKOM=DCN=DDKASYON A.=DE. bu mesaj=FDn i=E7erdi=F0=
i bilgilerin do=F0rulu=F0u veya eksiksiz oldu=F0u konusunda herhangi bir ga=
ranti vermemektedir. Bu nedenle bu bilgilerin ne =FEekilde olursa olsun i=
=E7eri=F0inden, iletilmesinden, al=FDnmas=FDndan, saklanmas=FDndan ve kulla=
n=FDlmas=FDndan sorumlu de=F0ildir. Bu mesajdaki g=F6r=FC=FEler g=F6nderen =
ki=FEiye ait olup, NETA=DE TELEKOM=DCN=DDKASYON A.=DE.'nin g=F6r=FC=FElerin=
i yans=FDtmayabilir.
-------------------------------------------------------
This e-mail and its attachments are private and confidential and intended f=
or the exclusive use of the individual or entity to whom it is addressed. I=
t may also be legally confidential. Any disclosure, distribution or other d=
issemination of this message to any third party is strictly prohibited. If =
you are not the intended recipient you are hereby notified that any dissemi=
nation, forwarding, copying or use of any of the information is strictly pr=
ohibited, and the e-mail should immediately be deleted. NETA=DE TELEKOM=DCN=
=DDKASYON A.=DE. makes no warranty as to the accuracy or completeness of an=
y information contained in this message and hereby excludes any liability o=
f any kind for the information contained therein or for the transmission, r=
eception, storage or use of such information in any way whatsoever. The opi=
nions expressed in this message are those of the sender and may not necessa=
rily reflect the opinions of NETA=DE TELEKOM=DCN=DDKASYON A.=DE.
