====================Questions================================
set interface 1/1 -speed 1000 -duplex FULL -flowControl RXTX -lacpMode DISABLED -throughput 0
set interface 1/2 -speed 1000 -duplex FULL -flowControl RXTX -lacpMode DISABLED -throughput 0
set interface 1/3 -speed 1000 -duplex FULL -flowControl RXTX -haMonitor OFF -lacpMode DISABLED -throughput 0
set interface 1/4 -speed 1000 -duplex FULL -flowControl RXTX -haMonitor OFF -lacpMode DISABLED -throughput 0
add channel LA/1 -ifnum 1/1 1/2 1/3 1/4 -Mode MANUAL -connDistr ENABLED -macdistr BOTH -speed 1000 -flowControl RXTX -haMonitor ON
-trunk OFF -throughput 2998
why -lacpMode is DISABLED
b pool cal_trafficlim { monitor all udp (or tcp) member 10.7.180.17:1300 }
b virtual cal_trafficlim { destination 10.7.179.136:1300 profiles udp pool cal_trafficlim }
Destination Customer Reachable IP Address or DNS Name
Service Port Number or Name if Well-known Service
state enable
================================NS====================================
/etc/nsresolv.con
127.0.0.2
nslookup not work // dig and host work
8.1:
I SET UP HA
Disabling Interface Monitors
In an HA configuration, an administrator can designate which interfaces to monitor for failing events. If any monitored interface goes down, a failover will occur.
set interface id -ha monitor OFF
Before two nodes are able to function in an HA pari, they must first be made aware of each other by issuing the add node command on each node of the pair:
Type the following command on Node A
1.add node id IPAddress
Replace id with the node ID and IPAddress with IP address of Node B
on node B:
2. set node -hastatus staysecondary
3. add node id IPAddress
4. show node to verify which node is primary
5. set node -hastatus enable -- remove stay secondary behavior
6. save config
II Performing Synchronization
Synchronization occurs when a secondary node is started and when it pulls the configurations from the primary.
Froced sychronization
In an HA pair deployment, any command issued on the primary node will propagated automatically to the secondary node.
Forced synchronization can be performed on the primary or the secondary node. the command will faill if below occurs:
On a standalone NetScaler system
On a NetSclar system that has HA disabled
On a NetSclar system that has HA synchronization disabled
force ha sync --- File synchronization takes place on TCP port 22.
sync ha files ssl
Once it open, Secondary node will fetch the configuration file from the Primary node
set ha node -haSync DISABLE
III Performing a Forced Failover
force ha failover
IV HA Management
A best practice is to manage an HA pair using a MIP or SNIP address
An administartor can use the following command in the CLI to enable managment access for the MIP address
set ns ip IPAddress -mgmtAccess enabled
Replace IPAddress with the MIP or SNIP address
By default, managment access and communication between two nodes in an HA pair is not secured through SSL.
Service nsrpcs nskrpcs
When the nodes of an HA pair are running different versions of the system software, the node running the newest version goes into listen mode. When a node is in listen mode, neither propagation nor synhronizaiton will occur.
set ha node -hastatus staysecondary.
NetScaler Networking Overview:
Subnet IP SNIP addresses provide the NetScaler system with network presence in different subnets.
When enabling VLAN support on NetScaler system, an administrator can assocaite particular IP address with specific VLANs, VLAN IP addresses are another form of a SNIP address:
1. add VLAN id
2. bind VLAN id -IPAdress ip_address netmask
3. remove VLAN id
---NS Networking---
Internet Control Message Protocol
MTU Maximum Transmission Unit
By default, the NetScaler system functions as a Layer 3 network device. However, it can be configured to function as a Layer 2 device.when running in Layer 2 mode, it forwards data it receives that is not addressed to its MAC address.
USIP Use Source IP mode
The NetScaler system supports Routing Information Protocol (RIP) for learning dynamic routes on the network
Advertising Networks
NetScaler system to advertise: routes to virtual IP addresses , routes to downstream networks.
remove a route in the CLI
Link Aggregation Control Protocol (LACP)
An administrator can configure specific Link aggregate channels in the NetScaler system LACP by using the procedure following:
add channel id -ifnum interface_name
bind channel id -ifnum interface_name
id: LA/1 LA/2 ifnum : 1/1 1/2 2/1 2/2
SNIP Subnet IP Address
在NSIP,MIP,Server IP不在同一子网里的情况下,不用SNIP则需要在添加路由设备
In Use SNIP mode, a SNIP is the source IP address of a packet sent from the NetScaler to the server, and the SNIP is the IP address that the server uses to access the NetScaler. This mode is enabled by default. When mulitple SNIP's cover the IP addresses of the next hops, the SNIPs are used in round robin manner.
enable ns mode mode : enable ns mode usnip
Mapped IP Address (MIP)
Mapped IP address are used for external connections from the NetScaler. A MIP can be considered a default Subnet IP address (SNIP) when a SNIP cannot be used.
Example : add ns ip 10.102.29.54 255.255.255.0 -type SNIP
Subnet IP address SNIP If IP address being removed is the last IP address in the subnet, the associated route from the route table is deleted.
Mapped IP address (MIP) If a SNIP exists, you can remove the MIPs
Network Address Translation:
NAT:
Inbound NAT INAT:Netscaler 用Server的private IP地址替换client发出包中的destinatiion IP 地址
Reverse NAT RNAT:Netscaler 在Server发出的包中,用public NAT IP地址替换source IP 地址。
配置inat:
Netscaler 用物理server的privateIP地址替代public VIP 10.102.29.55
add inat Name PublicIPAddress PrivateIPAddress
add inat MyNAT 10.102.29.55 192.168.1.0
配置唯一的ip地址作为INAT的source地址:
set inat NameofINAT –proxyip Value
add inat MyNAT1 –proxyip 10.102.29.56
如果INAT和RNAT都配置在NETSCALER上时,INAT要优于RNAT
当INAT和VSERVER(VIP)都用了相同的IP地址时,Vserver会overridesINAT的配置。
