UPDATE (April 2014) – My colleague just published an article with the all-new NetScaler 10.1 TFTP LB option, so check it out!

I published an article called “Load Balancing TFTP – Anything But Trivial” a little over a year ago.  And since then, it’s received over 10,000 hits and it’s been one of the most popular articles I’ve ever written in terms of comments and offline emails that I receive about the article.  If you haven’t had a chance to read that article yet (or the comments), please start there.  Because this is essentially a follow-up article.

Now, if you read that last article (or the associated whitepaper that is much better written), you’ll see that I provided a few options to load balance the TFTP service with NetScaler (specifically options 5, 6 and 7).  What I’d like to do in this article is elaborate on those highly generalized options that I provided in the last article.  Because, to be honest with you, that article really did not do justice on the NetScaler side of the house.  And with an ever-increasing number of NetScaler appliances being deployed out there, this is a perfect time to revisit this topic.

Before I jump into the specific options to load balance TFTP with NetScaler, I have to give credit for 99% of the content of this article to my friend and colleague, Mike Skowronski.  Similar to myself, Mike is an Architect on the Americas Consulting team.  But Mike specializes almost exclusively in our Networking practice – and he’s one of the best NetScaler guys we have in the company in my opinion.  Thanks again Mike!  Let’s get to it…

Options to Load Balance TFTP with NetScaler

1. USIP

  • What is this?  In USIP mode the NetScaler preserves the original source IP and passes it to the back end server.
  • What are the pros?
    • Easy to configure.
    • Works with L2 and L3 adjacency.
    • Can use all available LB algorithms for the protocol.
  • What are the cons?
    • In a 1-arm topology, the default gateway of the TFTP servers needs to point to the NetScaler SNIP or MIP.

2. L2 DSR

  • What is this?  In L2 DSR we add the TFTP VIP from the NetScaler to the loopback interface on all the back end TFTP servers.  The TFTP server then responds directly back to the client, bypassing the NetScaler on the return.
  • What are the pros?
    • Fast.
  • What are the cons?
    • As the name implies, only works with L2 adjacency to the TFTP servers.
    • Slightly complicated configuration on the NetScaler.
    • Requires changes to the loopback interface per above on each of the TFTP servers.
    • Limited set of load-balancing algorithms.

3. L3 DSR

  • What is this?  In L3 DSR mode we need to enable IP tunneling on the back end TFTP servers.  Otherwise same as L2 DSR.
  • What are the pros?
    • Works with L3 adjacency.
  • What are the cons?
    • Complicated configuration on the NetScaler.
    • Requires changes to the loopback interface per above on each of the TFTP servers.
    • Requires changes to the network stacks on the TFTP server to enable IP tunneling.
    • Limited set of load-balancing algorithms.

4. Sessionless L2 DSR

  • What is this?  In this mode, we disable session tracking on the TFTP VIP.  Otherwise same as L2 DSR.
  • What are the pros?
    • Very light weight and extremely fast.
  • What are the cons?
    • Slightly complicated configuration on the NetScaler.
    • Requires changes to the loopback interface per above on each of the TFTP servers.
    • Works only with L2 adjacency.
    • Very limited set of load-balancing algorithms.
    • Works only in 2-arm topology.
    • Each TFTP service can be bound once to a single TFTP VIP.

5. Sessionless L3 DSR

  • What is this? In this mode, we disable session tracking on the TFTP VIP.
  • What are the pros?
    • Light-weight and fast.
    • No changes required on back end servers.
  • What are the cons?
    • Very limited set of load-balancing algorithms.
    • Works only in 2-arm topology.
    • Each TFTP service can be bound once to a single TFTP VIP.

6. DS DSR

  • What is this?  Only available in NetScaler v10, we can use the differentiated services field of the IP header to encode a TFTP VIP ID to support DSR.
  • What are the pros?
    • Works with L3 adjacency.
  • What are the cons?
    • Slightly complicated configuration on the NetScaler.
    • Complicated configuration on back end TFTP servers.  Back end TFTP servers need to be configured to map the DS ID to the correct TFTP VIP when they respond back to the client.
    • Limited set of load-balancing algorithms.
    • DS field is 6 bits so limited to 63 vservers (0 isn’t a valid ID) that can be tracked by a back end server.

7. Same-Site GSLB

  • What is this?  In this mode, we configure multiple GSLB sites on the same NetScaler and each of these sites has a single TFTP VIP bound to a single TFTP server.  We then use the GSLB load balancing mechanism to load-balance between the sites and thus as a result achieve load-balancing for the TFTP service.
  • What are the pros?
    • Works with L3 adjacency.
  • What are the cons?
    • Requires that the TFTP clients are configured to use FQDNs instead of IP addresses.
    • Requires that a DNS infrastructure is in place.
    • Complicated NetScaler configuration.
    • This could be considered a sort of hack by some purists.

So there you have it – a much more comprehensive list of options if you have NetScaler at your disposal. Now, I’m sure you’re wondering…if networking configuration and complexity don’t matter, which option would you recommend?  I asked Mike that same question and he told me he’s a fan of any of the Sessionless DSR methods.

We hope this info helps.  If you have a comment or question, please feel free to drop us a line below.  I’ll do my best to answer every comment/question and Mike will also be replying to comments/questions below as well.

Cheers, Nick

Nick Rintalan, Senior Architect, Enterprise Architecture, Americas Consulting