[170581] in North American Network Operators' Group
Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
daemon@ATHENA.MIT.EDU (Paul Bertain)
Tue Apr 1 10:07:23 2014
In-Reply-To: <E14A388D64084E4499220708BD9746A5EA43886E@NETMBX11.netas.lab.nortel.com>
From: Paul Bertain <paul@bertain.net>
Date: Tue, 1 Apr 2014 06:58:16 -0700
To: Anil KARADAG <akaradag@NETAS.com.tr>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Anil,
The command is for the service or servicegroup and it is:
set service <name> -useproxyport (NO|YES)
Paul
> On Apr 1, 2014, at 1:38, Anil KARADAG <akaradag@NETAS.com.tr> wrote:
>=20
> My aim is forwarding all sip packages from netscaler snip:client port numb=
er to backend server ip: backend server port. I tried the following scenario=
s;
> =20
> - =E2=80=9Cuse source ip=E2=80=9D is enabled, =E2=80=9Cuse proxy p=
ort=E2=80=9D is set no
> o Result: we see client port as source port but no SNIP for source ip-a=
ddress
> - In additional above configured also RNAT
> o Result: we see SNIP ip address as source ip address but source port ag=
ain become random.
> =20
> Checked the citrix support link for rnat, but our sip packages include =E2=
=80=98via header=E2=80=99 option with SNIP: client port number;
> =20
> Via: SIP/2.0/UDP <netscaler SNIP:5060;received=3D192.168.184.13;branch=3Dz=
9hZ4bb1ce74d0f-a161-43af-8f08-2d98cf702742_0efcfc5e_71732184846337
> From: Alex White-Robinson [mailto:alexwr@gmail.com]=20
> Sent: Tuesday, April 01, 2014 11:00 AM
> To: Anil KARADAG
> Cc: Pui Edylie; Paul Bertain; nanog@nanog.org
> Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
> =20
> Have you configured RNAT yet? Might tidy up your SIP problem. Do you need t=
he servers to see the client's source port, or is your issue that SIP respon=
se traffic is not on the port the client expects?
>=20
> Give the guide to setting up RNAT here a try - http://support.citrix.com/p=
roddocs/topic/netscaler-traffic-management-10-1-map/ns-lb-commonprotocols-si=
p-con.html
>=20
> tl;dr though -
> set rnat <server subnet> <netmask>
> set lb sipParameters -rnatSrcPort 5060 -rnatDstPort 5060 -retryDur 1000 -a=
ddRportVip ENABLED -sip503RateThreshold 1000
> =20
> =20
> =20
> On Tue, Apr 1, 2014 at 7:33 PM, Anil KARADAG <akaradag@netas.com.tr> wrote=
:
> Hi again,
>=20
>=20
>=20
> I continue to work on fixing the problem, but no success so far. Is there a=
ny way to use client port number without enabling "use source ip"??
>=20
>=20
>=20
> -----Original Message-----
> From: Anil KARADAG [mailto:akaradag@NETAS.com.tr]
> Sent: Monday, March 31, 2014 3:51 PM
> To: Pui Edylie; Paul Bertain
> Cc: nanog@nanog.org
> Subject: RE: Outgoing traffic problem on Citrix Netscaler Load Balancer
>=20
>=20
>=20
> Hi,SIP source ports destination ports
> SIP source ports destination ports
>=20
>=20
> Thanks for solution but I cannot use it, because backend servers must know=
netscaler snip ip for clients. So I need fixed proxy port to communication w=
ith backend servers.
>=20
>=20
>=20
> -----Original Message-----
>=20
> From: Pui Edylie [mailto:email@edylie.net]
>=20
> Sent: Monday, March 31, 2014 3:23 PM
>=20
> To: Anil KARADAG; Paul Bertain
>=20
> Cc: nanog@nanog.org
>=20
> Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
>=20
>=20
>=20
> Hi Anil,
>=20
>=20
>=20
> Take a look at
>=20
> http://support.citrix.com/proddocs/topic/ns-system-10-1-map/ns-nw-ipaddrss=
ng-enabling-use-src-ip-mode-tsk.html
>=20
> - use the client's port.
>=20
>=20
>=20
> We prefer F5 LTM much better than Netscaler :)
>=20
>=20
>=20
> Cheers,
>=20
> Edy
>=20
>=20
>=20
> On 3/31/2014 8:17 PM, Anil KARADAG wrote:
>=20
> > Hi Paul,
>=20
> >
>=20
> > Thanks for reply, it works :). But I have another problem; source port i=
s altered by the virtual service. However, we need the source port to be the=
same on the destination servers. Is there a way to ensure this?
>=20
> >
>=20
> > Thanks
>=20
> >
>=20
> > -----Original Message-----
>=20
> > From: Paul Bertain [mailto:paul@bertain.net]
>=20
> > Sent: Tuesday, March 25, 2014 10:47 PM
>=20
> > To: Anil KARADAG
>=20
> > Cc: nanog@nanog.org
>=20
> > Subject: Re: Outgoing traffic problem on Citrix Netscaler Load Balancer
>=20
> >
>=20
> > Hi Anil,
>=20
> >
>=20
> > Have you setup MBF? I've seen that as an issue before. If you don't hav=
e a default route set, than MBF might help you send the response out the int=
erface on which it was received.
>=20
> >
>=20
> > Paul
>=20
> >
>=20
> >> On Mar 24, 2014, at 11:46 PM, Anil KARADAG <akaradag@NETAS.com.tr<mailt=
o:akaradag@NETAS.com.tr>> wrote:
>=20
> >>
>=20
> >> Hi,
>=20
> >>
>=20
> >> I setup a netscaler load balancer for sip traffic on Amazon EC2. Client=
s packets are arrived to the backend servers over to the load balancer but a=
ny responses cannot be arrived to clients. I see the responses on the load b=
alancer.
>=20
> >>
>=20
> >> I think there is a config problem for that but I don't know and did not=
find any solution for that. How can I fix the outbound traffic issue.
>=20
> >>
>=20
> >> thanks
>=20
> >> Bu e-posta mesaj? ve ekleri g?nderildi?i ki?i ya da kuruma ?zeldir ve g=
izlidir. Ayr?ca hukuken de gizli olabilir. Hi?bir ?ekilde ???nc? ki?ilere a?=
?klanamaz ve yay?nlanamaz. E?er mesaj?n g?nderildi?i al?c? de?ilseniz bu ele=
ktronik postan?n i?eri?ini a??klaman?z, kopyalaman?z, y?nlendirmeniz ve kull=
anman?z kesinlikle yasakt?r ve bu elektronik postay? ve eklerini derhal silm=
eniz gerekmektedir. NETA? TELEKOM?N?KASYON A.?. bu mesaj?n i?erdi?i bilgiler=
in do?rulu?u veya eksiksiz oldu?u konusunda herhangi bir garanti vermemekted=
ir. Bu nedenle bu bilgilerin ne ?ekilde olursa olsun i?eri?inden, iletilmesi=
nden, al?nmas?ndan, saklanmas?ndan ve kullan?lmas?ndan sorumlu de?ildir. Bu m=
esajdaki g?r??ler g?nderen ki?iye ait olup, NETA? TELEKOM?N?KASYON A.?.'nin g=
?r??lerini yans?tmayabilir.
>=20
> >> -------------------------------------------------------
>=20
> >> This e-mail and its attachments are private and confidential and intend=
ed for the exclusive use of the individual or entity to whom it is addressed=
. It may also be legally confidential. Any disclosure, distribution or other=
dissemination of this message to any third party is strictly prohibited. If=
you are not the intended recipient you are hereby notified that any dissemi=
nation, forwarding, copying or use of any of the information is strictly pro=
hibited, and the e-mail should immediately be deleted. NETA? TELEKOM?N?KASYO=
N A.?. makes no warranty as to the accuracy or completeness of any informati=
on contained in this message and hereby excludes any liability of any kind f=
or the information contained therein or for the transmission, reception, sto=
rage or use of such information in any way whatsoever. The opinions expresse=
d in this message are those of the sender and may not necessarily reflect th=
e opinions of NETA? TELEKOM?N?KASYON A.?.
>=20
> > Bu e-posta mesaj=C4=B1 ve ekleri g=C3=B6nderildi=C4=9Fi ki=C5=9Fi ya da k=
uruma =C3=B6zeldir ve gizlidir. Ayr=C4=B1ca hukuken de gizli olabilir. Hi=C3=
=A7bir =C5=9Fekilde =C3=BC=C3=A7=C3=BCnc=C3=BC ki=C5=9Filere a=C3=A7=C4=B1kl=
anamaz ve yay=C4=B1nlanamaz. E=C4=9Fer mesaj=C4=B1n g=C3=B6nderildi=C4=9Fi a=
l=C4=B1c=C4=B1 de=C4=9Filseniz bu elektronik postan=C4=B1n i=C3=A7eri=C4=9Fi=
ni a=C3=A7=C4=B1klaman=C4=B1z, kopyalaman=C4=B1z, y=C3=B6nlendirmeniz ve kul=
lanman=C4=B1z kesinlikle yasakt=C4=B1r ve bu elektronik postay=C4=B1 ve ekle=
rini derhal silmeniz gerekmektedir. NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=
=C5=9E. bu mesaj=C4=B1n i=C3=A7erdi=C4=9Fi bilgilerin do=C4=9Frulu=C4=9Fu ve=
ya eksiksiz oldu=C4=9Fu konusunda herhangi bir garanti vermemektedir. Bu ned=
enle bu bilgilerin ne =C5=9Fekilde olursa olsun i=C3=A7eri=C4=9Finden, ileti=
lmesinden, al=C4=B1nmas=C4=B1ndan, saklanmas=C4=B1ndan ve kullan=C4=B1lmas=C4=
=B1ndan sorumlu de=C4=9Fildir. Bu mesajdaki g=C3=B6r=C3=BC=C5=9Fler g=C3=B6n=
deren ki=C5=9Fiye ait olup, NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E.=E2=
=80=99nin g=C3=B6r=C3=BC=C5=9Flerini yans=C4=B1tmayabilir.
>=20
> > -------------------------------------------------------
>=20
> > This e-mail and its attachments are private and confidential and intende=
d for the exclusive use of the individual or entity to whom it is addressed.=
It may also be legally confidential. Any disclosure, distribution or other d=
issemination of this message to any third party is strictly prohibited. If y=
ou are not the intended recipient you are hereby notified that any dissemina=
tion, forwarding, copying or use of any of the information is strictly prohi=
bited, and the e-mail should immediately be deleted. NETA=C5=9E TELEKOM=C3=9C=
N=C4=B0KASYON A.=C5=9E. makes no warranty as to the accuracy or completeness=
of any information contained in this message and hereby excludes any liabil=
ity of any kind for the information contained therein or for the transmissio=
n, reception, storage or use of such information in any way whatsoever. The o=
pinions expressed in this message are those of the sender and may not necess=
arily reflect the opinions of NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E=
.
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> Bu e-posta mesaj=C4=B1 ve ekleri g=C3=B6nderildi=C4=9Fi ki=C5=9Fi ya da ku=
ruma =C3=B6zeldir ve gizlidir. Ayr=C4=B1ca hukuken de gizli olabilir. Hi=C3=A7=
bir =C5=9Fekilde =C3=BC=C3=A7=C3=BCnc=C3=BC ki=C5=9Filere a=C3=A7=C4=B1klana=
maz ve yay=C4=B1nlanamaz. E=C4=9Fer mesaj=C4=B1n g=C3=B6nderildi=C4=9Fi al=C4=
=B1c=C4=B1 de=C4=9Filseniz bu elektronik postan=C4=B1n i=C3=A7eri=C4=9Fini a=
=C3=A7=C4=B1klaman=C4=B1z, kopyalaman=C4=B1z, y=C3=B6nlendirmeniz ve kullanm=
an=C4=B1z kesinlikle yasakt=C4=B1r ve bu elektronik postay=C4=B1 ve eklerini=
derhal silmeniz gerekmektedir. NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E=
. bu mesaj=C4=B1n i=C3=A7erdi=C4=9Fi bilgilerin do=C4=9Frulu=C4=9Fu veya eks=
iksiz oldu=C4=9Fu konusunda herhangi bir garanti vermemektedir. Bu nedenle b=
u bilgilerin ne =C5=9Fekilde olursa olsun i=C3=A7eri=C4=9Finden, iletilmesin=
den, al=C4=B1nmas=C4=B1ndan, saklanmas=C4=B1ndan ve kullan=C4=B1lmas=C4=B1nd=
an sorumlu de=C4=9Fildir. Bu mesajdaki g=C3=B6r=C3=BC=C5=9Fler g=C3=B6nderen=
ki=C5=9Fiye ait olup, NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E.=E2=80=
=99nin g=C3=B6r=C3=BC=C5=9Flerini yans=C4=B1tmayabilir.
>=20
> -------------------------------------------------------
>=20
> This e-mail and its attachments are private and confidential and intended f=
or the exclusive use of the individual or entity to whom it is addressed. It=
may also be legally confidential. Any disclosure, distribution or other dis=
semination of this message to any third party is strictly prohibited. If you=
are not the intended recipient you are hereby notified that any disseminati=
on, forwarding, copying or use of any of the information is strictly prohibi=
ted, and the e-mail should immediately be deleted. NETA=C5=9E TELEKOM=C3=9CN=
=C4=B0KASYON A.=C5=9E. makes no warranty as to the accuracy or completeness o=
f any information contained in this message and hereby excludes any liabilit=
y of any kind for the information contained therein or for the transmission,=
reception, storage or use of such information in any way whatsoever. The op=
inions expressed in this message are those of the sender and may not necessa=
rily reflect the opinions of NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E.=
>=20
> Bu e-posta mesaj=C4=B1 ve ekleri g=C3=B6nderildi=C4=9Fi ki=C5=9Fi ya da ku=
ruma =C3=B6zeldir ve gizlidir. Ayr=C4=B1ca hukuken de gizli olabilir. Hi=C3=A7=
bir =C5=9Fekilde =C3=BC=C3=A7=C3=BCnc=C3=BC ki=C5=9Filere a=C3=A7=C4=B1klana=
maz ve yay=C4=B1nlanamaz. E=C4=9Fer mesaj=C4=B1n g=C3=B6nderildi=C4=9Fi al=C4=
=B1c=C4=B1 de=C4=9Filseniz bu elektronik postan=C4=B1n i=C3=A7eri=C4=9Fini a=
=C3=A7=C4=B1klaman=C4=B1z, kopyalaman=C4=B1z, y=C3=B6nlendirmeniz ve kullanm=
an=C4=B1z kesinlikle yasakt=C4=B1r ve bu elektronik postay=C4=B1 ve eklerini=
derhal silmeniz gerekmektedir. NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E=
. bu mesaj=C4=B1n i=C3=A7erdi=C4=9Fi bilgilerin do=C4=9Frulu=C4=9Fu veya eks=
iksiz oldu=C4=9Fu konusunda herhangi bir garanti vermemektedir. Bu nedenle b=
u bilgilerin ne =C5=9Fekilde olursa olsun i=C3=A7eri=C4=9Finden, iletilmesin=
den, al=C4=B1nmas=C4=B1ndan, saklanmas=C4=B1ndan ve kullan=C4=B1lmas=C4=B1nd=
an sorumlu de=C4=9Fildir. Bu mesajdaki g=C3=B6r=C3=BC=C5=9Fler g=C3=B6nderen=
ki=C5=9Fiye ait olup, NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E.=E2=80=
=99nin g=C3=B6r=C3=BC=C5=9Flerini yans=C4=B1tmayabilir.
> -------------------------------------------------------
> This e-mail and its attachments are private and confidential and intended f=
or the exclusive use of the individual or entity to whom it is addressed. It=
may also be legally confidential. Any disclosure, distribution or other dis=
semination of this message to any third party is strictly prohibited. If you=
are not the intended recipient you are hereby notified that any disseminati=
on, forwarding, copying or use of any of the information is strictly prohibi=
ted, and the e-mail should immediately be deleted. NETA=C5=9E TELEKOM=C3=9CN=
=C4=B0KASYON A.=C5=9E. makes no warranty as to the accuracy or completeness o=
f any information contained in this message and hereby excludes any liabilit=
y of any kind for the information contained therein or for the transmission,=
reception, storage or use of such information in any way whatsoever. The op=
inions expressed in this message are those of the sender and may not necessa=
rily reflect the opinions of NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E.=
> =20
> Bu e-posta mesaj=C4=B1 ve ekleri g=C3=B6nderildi=C4=9Fi ki=C5=9Fi ya da ku=
ruma =C3=B6zeldir ve gizlidir. Ayr=C4=B1ca hukuken de gizli olabilir. Hi=C3=A7=
bir =C5=9Fekilde =C3=BC=C3=A7=C3=BCnc=C3=BC ki=C5=9Filere a=C3=A7=C4=B1klana=
maz ve yay=C4=B1nlanamaz. E=C4=9Fer mesaj=C4=B1n g=C3=B6nderildi=C4=9Fi al=C4=
=B1c=C4=B1 de=C4=9Filseniz bu elektronik postan=C4=B1n i=C3=A7eri=C4=9Fini a=
=C3=A7=C4=B1klaman=C4=B1z, kopyalaman=C4=B1z, y=C3=B6nlendirmeniz ve kullanm=
an=C4=B1z kesinlikle yasakt=C4=B1r ve bu elektronik postay=C4=B1 ve eklerini=
derhal silmeniz gerekmektedir. NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E=
. bu mesaj=C4=B1n i=C3=A7erdi=C4=9Fi bilgilerin do=C4=9Frulu=C4=9Fu veya eks=
iksiz oldu=C4=9Fu konusunda herhangi bir garanti vermemektedir. Bu nedenle b=
u bilgilerin ne =C5=9Fekilde olursa olsun i=C3=A7eri=C4=9Finden, iletilmesin=
den, al=C4=B1nmas=C4=B1ndan, saklanmas=C4=B1ndan ve kullan=C4=B1lmas=C4=B1nd=
an sorumlu de=C4=9Fildir. Bu mesajdaki g=C3=B6r=C3=BC=C5=9Fler g=C3=B6nderen=
ki=C5=9Fiye ait olup, NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E.=E2=80=
=99nin g=C3=B6r=C3=BC=C5=9Flerini yans=C4=B1tmayabilir.=20
> -------------------------------------------------------=20
> This e-mail and its attachments are private and confidential and intended f=
or the exclusive use of the individual or entity to whom it is addressed. It=
may also be legally confidential. Any disclosure, distribution or other dis=
semination of this message to any third party is strictly prohibited. If you=
are not the intended recipient you are hereby notified that any disseminati=
on, forwarding, copying or use of any of the information is strictly prohibi=
ted, and the e-mail should immediately be deleted. NETA=C5=9E TELEKOM=C3=9CN=
=C4=B0KASYON A.=C5=9E. makes no warranty as to the accuracy or completeness o=
f any information contained in this message and hereby excludes any liabilit=
y of any kind for the information contained therein or for the transmission,=
reception, storage or use of such information in any way whatsoever. The op=
inions expressed in this message are those of the sender and may not necessa=
rily reflect the opinions of NETA=C5=9E TELEKOM=C3=9CN=C4=B0KASYON A.=C5=9E.=
