Currently, several customers are using NetScaler as a centralized resource to perform load balancing for applications in large data centers.
When the NetScaler application switch is used as >= L3 switch, it is setup as a proxy. However, this results in the loss of the client’s source IP. As a result, we need to insert the client’s connection information as part of the initial data stream.
For HTTP and SSL services, this is done by inserting the ClientIP address as HTTP Header on the request to the server. This is not possible for TCP-based services .
This drawback is solved by this feature. After the three-way handshake with the server, a single packet of additional data will be sent to the server. This data will be prepended with the 32-bit binary representation of the value entered as the CIP header, and then the complete TCP/IP header information for the packet that induced the backend connection to be established.
This data starts with the start of the IP header to the end of the TCP header, including IPv6 extension headers, IPv4 options, and TCP options as appropriate. As such, proper logic in the application will need to be incorporated to ensure that the proper fields are being parsed.
An extra packet is sent by the NetScaler to the server side containing the following information:
- Variable length: Client side session information, it is a copy of final acknowledgement packet used in client side connection establishment (only header).
- IPV6: Basic IPv6 header is copied to the server side as it is. NetScaler does not have dual IPv6 stack rather it converts IPv6 packet to IPv4 and Layer 3 and after upper layers processes the packet. Again the packet is translated from IPv4 to IPv6. While converting original IPv6 header to IPv4 for TCP level proxing all extension headers are ignored. But for TCP CIP, we copy the original IPv6 basic header and forward to the server side.
Client ip Header sample format which will be sent in the Data field
Further information about configuring this option can be found in the kb article below.
http://support.citrix.com/article/CTX205670
