This KB will go over the basics of creating a Load Balancer VIP and Service Group when using dedicated Load Balancers
- Must have a dedicated Netscaler available in your environment
- Must have an Admin login to your netscaler
- Must have Java installed and configured correctly. See KB: How-to-Configure-Java
- Understand the basic architecture of how a Netscaler works. See KB:Load Balancing Dedicated vs Shared
- Traffic destined to the Load Balancer will hit the Virtual Server(VIP) first. From there it will determine which member of the attached Service Group to send traffic to based on the Load Balancing Method.
- For external access to the VIP, use the Add Public IP function of Control to perform a 1 to 1 NAT Public IP to the VIP
- Log into the Netscaler web interface using http://netscalerManagementip with an Admin account
Create Service Group
- Expand the menu Load Balancing, select Service Groups, and click Add. (Version 10.1 and later this is within Traffic Management)
- Description of each required field
- Service Group Name: The name we reference when attaching the Service Group to the VIP
- Protocol: This should match the type of traffic that will be used between the Load Balancer and the members of the Service Group. Note: If you are doing SSL offloading, then the Service Group type will be HTTP while the VIP type is SSL. (Since traffic between the Load Balancer and members will not be re-encrypted.)
- Members: Specify the IP and port that should be used for each member of the Load Balanced pool. You can add additional optional parameters if necessary
The below example shows a Service Group with name "website1_servicegroup", protocol of HTTP, and 5 members of the Load Balanced Pool, 10.10.10.4, 10.10.10.5, 10.10.10.6, 10.10.10.7, 10.10.10.8 all using Port 80.
Create Virtual Servers
- Expand the menu Load Balancing, select Virtual Servers, and click Add. (Version 10.1 and later this is within Traffic Management)
- Input a descriptive name, select the correct protocol, and input the IP address of the VIP. Note: For dedicated Load Balancers the VIP will always be an internal IP. This internal IP can be used internally or over a vpn, or a public NAT can be established as well to allow load balancing of an external site.
- Select the Service Groups tab, and locate the Service Group you configured in the previous section "Create Service Group". Mark the checkbox next to the Service Group you wish to apply to this VIP.
- Select the Method and Persistence tab. Choose the LB Method of your choice, as well as Persistence settings(sticky sessions).
- If you are doing SSL offloading, go to the SSL Settings tab and apply/install the SSL certificate of your choice.
- In order for the Load Balancer to function correctly , the Management and RNAT IPs need to be able to reach each member of the Service Groups. You can view the RNAT IP by going to Network -> IPs and finding the "Mapped IP". By default, all IPs can talk to all other IPs within the same VLAN. However if you begin to add additional networks to your environment, you will need to create Firewall rules via the portal to allow the traffic. You will also need to add a route on the Load Balancer. You can do this by going to Network -> Routes -RNAT via the Netscaler UI. Contact the NOC if you need additional help with this.
- When Load Balancing websites, its recommended to setup additional monitors on the Service Group instead of just Ping/TCP. An http-ecv monitor will verify each member of the Service Group is responding correctly before sending traffic to it. You can find assistance with this monitor here: http://support.citrix.com/article/CTX120921
- Tracking a Dedicated Load Balancer license expiration date is performed by the customer, please reference our License Management Article.