Thank you all for “attending” the web based TechTalk on June 17th, 2010.

The topic – “Guaranteeing Availability and Scale for XenApp and XenDesktop Deployments” – covered a lot of ground across a few products. Some questions were raised during the talk.

By the way, actual replay of the TechTalk is available here.

Let me address some of these:

Can GSLB be IP based, without pointing to a DNS name?
To answer this question, I must reiterate that GSLB is entirely a DNS response operation despite the fact that is name includes the words “Load Balancing”. As such, the receipt of the DNS query for the IP address of the FQDN is what triggers the IP address selection by GSLB algorithms.

If administrators wish to redirect requests from/to specific IP addresses, (for example to an alternate VIP if the back end systems are down), it is possible to use other NetScaler functions such as backup server (as used in D/R GSLB) or possibly some kind of repsonder or rewrite policies.

Note that this kind of rewriting may cause some web hosts or application to malfunction – depending on the headers they are looking for. This is the reason that NetScaler’s GSLB site persistence offers two methodologies for redirecting misdirected requests through its Proxy and HTTP Redirect options.

Perhaps this is a topic for a future BLOG .

Are there any NetScaler settings/options that need to be enabled to allow use of “Source IP”?
Setting the User Source IP option is available when configuring the Service or Service Group within the NetScaler configuration. This can be set in any Service or Service Group that requires it.

I typically try not to enable Use Source IP unless absolutely necessary. This is because there are two main considerations in its use.

The first is one which I referenced in the TechTalk. There is an elimination of the connection pooling function, since the source IP address will be unique across clients and the connection cannot, therefore be reused. That is not a huge issue in itself, since, when NetScaler is used to optimize typical web applications. This simply reverts to the behavior that the web servers were seeing without the NetScaler. It is therefore not added overhead, rather simply an elimination of one of the NetScaler optimization benefits.

The second implication – while not applicable to AGEE – is server response routing. If Use Source IP is enabled to a back-end web server pool, and the NetScaler’s VIP is accessed by users with public IP addresses, the back end server’s routing table has to change. In this configuration, a web server will see an external IP address, and will route the response to its default route since the source IP can be from any subnet on the planet (or maybe from the space shuttle).

As such, when Use Source IP is enabled, the Web Server’s default route must be changed to point to the address of the NetScaler’s back end port – a MIP or SNIP. Use of one of these is required because these IP addresses “move” during a NetScaler HA failover and/or failback.

And if there is actually is a path without the default route change, asymmetric routing can be introduced . This will impact response based NetScaler functions such as certain Application Firewall operations, cache, response rewrite, SSL offload, … (the list goes on) since they will be bypassed and not be invoked. And if not planned, asymmetric routing can present opportunities to practice the fine art of hair pulling.

Is there a GUI equivalent to the farmgroups WI setting?
The Web Interface configuration file changes shown during the TechTalk were made using an extremley sophisticated test editor (NotePad). There is no GUI/wizard to perform this change at this time.

In fact, the facility to allow the association of Active Directory Groups to farms, and the facility to associate a Recovery Farm are relatively new product enhancements. WI 5.2 and higher is required to use these functions.

What is not new in this facility is that if you edit the configuration file and mistype the syntax, bad things can happen unless you like hair-pulling. I speak from experience.

Anyway, these new facilities are documented in the Web Interface section of eDocs.

Again, thanks to those who attended the TechTalk.

As usual, I welcome your comments..

Stefan
Twitter: StefanDrege
Or EMail