NetScaler is a full featured Application Delivery Controller providing functions well beyond traditional load balancers. Over the course of ten+ years, we have also accumulated a rich feature set. In this post (series hopefully), I hope to highlight some of the these features.
Forward proxy use cases
Forward proxies are traditionally deployed at the end of the corporate network to provide caching functionality. The most popular proxy is probably open source Squid. They can also be used to log user accesses (with additional user authentication features) and provide content filtering (malware downloads, URL filtering etc). Proxies can either be transparent or explicitly configured in user browsers.
- Provide caching of frequently accessed resources – save bandwidth costs and provide better response time.
- Log user accesses – Blacklist or block undesirable sites or those against corporate policy.
- Content filtering – Security gateway functionality to protect against malware downloads as well as url filtering etc.
Cache Redirection / Integrated Caching
NetScaler has long supported both Cache redirection – ability to transparently redirect and load balance traffic to a set of cache servers as well as Integrated caching – a in-memory cache for speedier responses. Both can even work together. Cache redirection is widely deployed at a lot of our service provider customers in Asia to save on both bandwidth costs and to improve user latency. The cache redirection (CR) feature in NetScaler allows a rich configuration of caching policies to decide which traffic to send to the cache servers or not. Full details of the configuration are available in the NetScaler Traffic Management Guide in the cache redirection chapter.
Forward proxy mode
To configure the NetScaler as a forward proxy, we need to do the following
- Define a Cache Redirection (CR) vserver
forward defines this as a forward proxy vserver and
origin directs all traffic to the origin server.
This defines an explicit VIP address that the NetScaler can listen on. This IP address:port needs to be configured in the user browsers as the proxy location. For example, in Firefox, this would be under Preference\Advanced\Connection tab.
Other options for the -cachetype parameter include TRANSPARENT and REVERSE. Other options for the -redirect
option include CACHE and POLICY.
- Define a DNS vserver to do name resolution. Bind to your local DNS server(s).
If there are multiple DNS servers, you could load balance traffic among them by defining multiple services. NetScaler of course does full DNS load balancing, caches DNS query results and Global server load balancing.
- Configure the CR vserver to use the DNS Vserver for name resolution
That is it. Configure your browser as necessary to point to the CR vserver defined in Step 1 above and you are good to go. This configuration will direct all the traffic to the origin servers (the redirect parameter in step 2). If cache servers are configured, then you need to set the redirect parameter to cache or policy.
- Consolidated web logging with NSWL
NetScaler supports consolidated web logging (NSWL) that can be used to generate web logs in the standard web logging formats (W3C, NCSA, Custom formats). This is a high speed logging facility to send logs to a nswl client running on a logging server. In a forward proxy deployment, this could be used to generate reports of outgoing user traffic.
- Backend Server API usage
Many server applications need to make API calls to partner sites and use the response data in the application. These can use a NetScaler in a forward proxy deployment to provide a layer of isolation between the servers and the partner sites. In addition to logging the requests, NetScaler also makes sure the partner servers are up before forwarding the request.