NetScaler 10 Learn to configure, and

upskill in this latest feature packed

release
Self-paced exercise guide

Citrix Virtual Classroom

Table of Contents
Overview............................................................................................................................................................. 3
How to log in to your lab ................................................................................................................................. 4
Exercise 1: Upgrade your NetScaler ............................................................................................................... 6
Exercise 2: Networking Network Profiles ................................................................................................. 8
Exercise 3: ICMP based on VServer Health ............................................................................................... 11
Exercise 4: DataStream Responder .............................................................................................................. 14
Exercise 5: DataStream Caching ................................................................................................................... 21
Exercise 6: Action Analytics .......................................................................................................................... 26
Exercise 7: DNS Response Rewriting .......................................................................................................... 30
Exercise 8: AutoScale Domain Based Service............................................................................................. 34

Page 2

Citrix Virtual Classroom

Overview
Hands-on Training Module
This training module has the following details:
Objective

Provide hands on experience in the configuration and use of the

NetScaler 10 features, with a focus on DataStream, Action Analytics,
and various DNS enhancements.

Audience

Primary: NetScaler administrators

Lab Environment Details

Below you can find the lab architecture.
This is an isolated environment, so all attendees will use the same IP addresses in the Private Network
(blue). The servers you will actually need for this lab are highlighted below.

Required Lab Credentials

Here are the login credentials required to connect to the lab environment.
Machine
XenServer
Win7Client
NetScalerVPX
All Windows Servers
MySQL Login
Apache_MySQL

Username
root
Training\administrator
nsroot
Training\administrator
netscalersql
root

Password
(Supplied)
Citrix123
nsroot
Citrix123
netscaler
c!tr!x

Page 3

Citrix
Classroom
How to Virtual
log into the
lab environment
The self-paced lab environment is hosted on a cloud-based Citrix XenServer. Connecting to your
server from the portal page is as easy as 1-2-3.

Step-by-step login instructions

Step
1.

Action
Once logged in at the self-paced portal, click the Start lab button to launch a connection to
published XenCenter.

2.

When XenCenter loads, right-click the XenCenter node and select Add.

3.

On the Add New Server screen enter the XenServer IP address provided on the portal
and in the Password field enter the password provided on the portal. The user name will
always be root.

Page 4

Your lab desktop this is important!! If you dont follow the steps below,
you may experience slow mouse movements, keystrokes, and screen
updates.

When all the servers are started, you should select the Win7Client VM and click on the Console
tab. Wait for approximately 30 seconds. It should automatically switch to Remote Desktop. If it says
Switch to Default Desktop then it is already using Remote Desktop, and you can leave it as is. It
will prompt you to log in once it switches to Remote Desktop. Please use training\administrator and
Citrix123 to log in.

All of the lab exercises should be completed from within the Win7Client. You will get the best
experience if you go to console-fullscreen in XenCenter on the Win7Client VM. You can toggle this by
entering Ctrl+Alt on your keyboard when at the console. This is what it should look like:

If you see XenCenter prompting you to Switch to Remote Desktop it means you are using the
default desktop access method, which we recommend against.

Lab walkthrough Only if you encounter

issues.
Overview
If you are encountering problems in the lab, and are stuck at one particular point, you have the option of
using our cheatsheet which is located in the root of the C:\ on the Win7Client Virtual machine.

Step by step guidance

Each lab is labeled in the text file. You need only open PuTTy (the SSH client), log in, and copy and paste
the relevant lines from the textfile into the CLI.
In order to find out where you went wrong, save the configuration. In PuTTY, type the command:
clear conf full
Now you can copy and paste all the commands (excluding the upgrade) up to the lab you encountered
trouble. You should now see the correct functionality. Save the config.
In the NetScaler GUI, you can click on System Diagnostics Configuration Difference

Now choose saved config as the second file, and ns.conf.0 as the first file like below. This will show you
the configuration differences
between the two files, and you will
hopefully see where you went astray.

Page 6

Exercise 1: Upgrade your NetScaler

Overview
In this exercise you will perform a manual upgrade from NetScaler 9.3 to NetScaler 10 using the CLI.

Step by step guidance

Estimated time to complete this lab: 5 minutes.
Step Action
1.
Launch Putty.exe from the desktop and connect to the saved session NetScaler by double
clicking it.
2.
Login with the username \ password of nsroot \ nsroot.
3.
Type show version to see the NetScaler version
4.
Type shell and press enter.
5.
Type cd /var/nsinstall/10/70.7/ and press enter.
6.
Type tar xvzf build-10.0-70.7_nc.tgz and press enter.
7.
Type ./installns and press enter
8.
Press Y when it prompts you to reboot.
9.
It should take approximately 3 minutes to complete the reboot.
10. Open Firefox, and login to Configuration Utility. Verify the version and build no.

Summary
Key
Takeaways
NOTES

The key takeaways for this exercise are:

Upgrading a NetScaler using the command line
This upgrade required that the firmware was already loaded onto the appliance. You
can download the latest firmware from the citrix.com site providing you have a valid
support agreement. You can use SCP (or WinSCP) to load firmware onto the
appliance. Always place it in the /var/nsinstall directory.
Its a good practice to create a sub directory in /var/nsinstall with the version
number, and within that, a further subdirectory with the build number, as shown on
your appliance (e.g. /var/nsinstall/10/70.7/)
You may also use the Upgrade Wizard available by clicking on the System node in
the configuration utility. This can perform the upgrade from firmware located on the
appliance, or your local computer or a remote FTP server.

Page 7

Exercise 2: Networking Network Profiles

Overview
In this exercise you will configure some network profiles and demonstrate this functionality by browsing
different VServers, connected to the same back end server, and see different SNIPs being utilised.
Usually, when using multiple SNIPs in the same subnet to talk to back end servers the appliance will
round robin on SNIP choice so all the ports dont get exhausted on one SNIP when the others are not
being used. However, sometimes a more granular control is required. Please see the powerpoint for use
cases.

Step by step guidance

Estimated time to complete this lab: 10 minutes.
Step Action
1.
The system will have one SNIP pre-configured. This is 192.168.10.90. We should create a
second SNIP on the appliance for
this lab exercise. Navigate to the
following node in the NetScaler
configuration utility:
Networks IP Add
and enter 192.168.10.21 /
255.255.255.0
2.
Click Create Close to add the SubNet IP.
3.
Now click on Network Net Profiles Add, and create the first Network Profile.
Give it a name of Subnet-90.
4.
Choose the IP ending in 90 from the dropdown, and click Create.

Page 8

Step
5.

Action
The profile will be created, but the window will remain open, ready to create additional
Network Profiles. Change the name from Subnet-90 to Subnet-21 and choose the IP
address ending in 21 from the dropdown.

6.
7.
8.
9.

Click Create, and then click Close.

Right click on the yellow circle beside Load Balancing and right click to enable the feature.
Navigate to Load Balancing Services and click Add
Enter Web1 as the service name, 192.168.10.50 as the IP, and leave the protocol and port
set to HTTP and port 80 respectively.

10.
11.

Click Create well let the service bind a default monitor for now.
Navigate to Virtual Servers under the Load Balancing node and click Add.
Give the Virtual server the name Vserver-25 and the IP address 192.168.10.25.
Activate (bind) the configured service Web1. Do NOT click Create yet.

12.

Select the Profiles Tab, and choose Subnet-90 from the Net Profile drop down list.

13.
14.

Now click Create. The VServer entity will be created, but the window will remain open.
Change the Net Profile value to Subnet-21
Change the VServer IP address to 192.168.10.26.
Page 9

Step
15.

16.

17.

18.

Action
Change the Vserver name to Vserver-26.

Click Create and then click Close.

Open a new tab on your browser, and enter the following URL:
http://192.168.10.25/show-ip.asp
This page dynamically displays the IP address that the web server sees the request coming
from. Confirm it displays the IP ending in 90.
Enter the following URL:
http://192.168.10.26/show-ip.asp
Confirm it displays the IP ending in 21.
Enter the following URL:
http://192.168.10.50/show-ip.asp
Confirm it displays the IP ending in 15.
This is because you are connecting directly to the web server from your client, and bypassing the NetScaler. 192.168.10.15 is your client IP address.

Summary
Key
Takeaways
NOTES

The key takeaways for this exercise are:

Creating Network profiles and binding them to Vservers

They can also be bound to a service, service group, and monitor too.
The page used on the webserver is a simple page to display the incoming IP address.
There is another page in the root of the webserver called /all-headers.asp.
This does a complete dump of ALL headers and available server variables a useful
diagnostic troubleshooting page when you want to see what the web server is
receiving from the web server.
There is also a page called /all-headers.php to display the same content.
The source code of these files is located in the files folder on the Win7Client
desktop, and is yours to take away and use.

Page 10

Exercise 3: ICMP based on VServer Health

Overview
In this exercise you will allow the VServer health to decide if the NetScaler responds to ICMP for a
particular IP address.

Step by step guidance

Estimated time to complete this lab: 5 minutes.
Step Action
1.
Navigate to Network IPs and double click the IP 192.168.10.25
2.
Choose ALL_VSERVERS from the ICMP Response drop-down.
Click OK.

3.
4.

5.

Open a command prompt by clicking Start, enter cmd in the searchbox and press
return.
Enter the command:
ping t 192.168.10.25
and press enter.

Navigate to Load Balancing Virtual Servers , click ONCE on Vserver-25, and click
Add. (This is how we can add a new Virtual Server, using an existing entity as a template.)

Page 11

Step
6.

Action
Change the name to VServer-25-8080, change the port to 8080, and make sure to activate
the Service Web1. Click Create and then Close.

7.
8.
9.

You now have two VServers configured on 192.168.10.25 listening for HTTP traffic.
Disable 1 VServer by right clicking it and selecting Disable and clicking Yes.
Check your command prompt you should notice that the VServer is no longer responding
to ICMP. This is because the IP address 192.168.10.25 has a DOWN VServer associated
with it.

10.
11.

Return to the NetScaler configuration utility and expand Networking IPs

Double click the IP 192.168.10.25 and choose ONE_VSERVER & Click OK.

Page 12

Step
12.

Action
Return to the DOS command prompt, and you will see the appliance responding to ICMP
again. This is because ICMP will now respond if at least ONE Vserver associated with the
IP address is UP.

Summary
Key
Takeaways

The key takeaways for this exercise are:

Controlling ICMP behavior based on the health of the VServer.

NOTES

Demonstrating the difference between ONE_VSERVER and

ALL_VSERVER.
When the same functionality is used for ARP what would be the impact of setting
the ARP response to ONE_VSERVER if one of the VServers became unhealthy.
Think in terms of existing traffic, and traffic in 10, 20 or 30 minutes time.

Page 13

Exercise 4: DataStream Responder

Overview
In this exercise we will create a Responder message to respond with an error if someone attempts to send
the drop command through a NetScaler MySQL VServer. You will need to create the MySQL monitor,
MySQL Service, & LB VServer entities yourself. It is very important that you configure the MySQL ECV
monitor correctly as the MySQL engine will start rejecting requests from a client who just performs the
TCP handshake, like the TCP Monitor.

Step by step guidance

Estimated time to complete this lab: 15 minutes.
Step Action
1. Firstly, we are going to add the database user to the NetScaler configuration. Expand the
System node, and click on Database Users.
Create a user called: netscalersql
Use the password : netscaler
for this user.

2. Navigate to Load Balancing Monitors and click Add. Choose MySQL-ECV as

the type (NOT MySQL) and call the monitor MySQL-Custom-Monitor.
Make sure to set the Network Profile on the Monitor. (Subnet-90)
The MySQL DB server only allows connection from the netscalersql user to come from this
IP address.

Page 14

Step Action
3. Click on Special Parameters and enter the following information:
Database: imdb
Query: select * from actors where actors.last_name = "Pacino";
Username: netscalersql
Rule: MYSQL.RES.ATLEAST_ROWS_COUNT(1)
Click Create.
How does this monitor decide on the health of the service?

4. Navigate to Load Balancing Virtual Servers. Ensure that you have not clicked on
any of the existing Virtual Servers. Click on Add. Choose MySQL as the protocol, enter
192.168.10.30 as the Virtual Server IP, 3306 for the port, and use the name MySQLVserver for the Vservername.

5. It is important that the MySQL database server receives requests over a specific IP address,
as this is how security grants are administered. Click on the Profiles tab and choose the
profile associated with the subnet IP address ending in 90.

Page 15

Step Action
6. Click the Services tab.
Click on Add at the bottom of this window to create a MySQL Service on the fly.
Choose MySQL as the protocol, enter 192.168.10.13 as the Server, 3306 as the port, and call
it MySQL-Svc.
Bind the monitor MySQL-Custom-Monitor to the service, and click Create.

7. The Service should now be visible and active in the Create VServer window, and the
service should be up. If not, then move to step 9.
Click Create and Close.

8. Navigate to the Services node beneath Load Balancing.

Open the Service and click on the monitor to verify that it has a Success status.

If there is an error, you may need to wait a minute for the service to re-check the health and
report the correct message as indicated above.
Close the Service Window.

Page 16

Step Action
9. Enable the Responder Feature. (Right Click the yellow circle and choose Enable).
Navigate to the Responder Feature Actions. Click on Add.
Give it a name of No-Drop and choose Respond with SQL Error from the drop down.
Enter some text into the Target window along the lines of:
The Drop command is not allowed to be executed through the Load Balanced VServer e.g.
(No quotation marks required)
Click Create and Close.

10. Click on Policies under the Responder feature, and click add.
11. Enter MySQL-Pol-No-Drop as the Responder name.
Choose No-Drop from the Action drop down list.
12. Click once in the expression field, hold down CTRL and press the space bar. Choose
MySQL and double click.

Now press the full stop (period) and use the expression builder to create the following
expression:
MYSQL.REQ.QUERY.COMMAND.EQ("drop")
13. Click Create and Close.
14. Click on the Policy Manager button at the bottom of the window.

15. Choose MySQL from the drop down in the top left hand corner of the Policy Manager
window.

Page 17

Step Action
16. Click on LB Virtual Server, and double click on MySQL-VServer so that the Insert
Policy is activated, like below.

17. Click Insert Policy and choose the Responder policy you just created, MySQL-Pol-NoDrop. There should only be ONE entry in the bind responder policy window. If you added
a second policy by mistake, ensure you remove it before clicking Apply Changes
18. Click Apply Changes and click Close. Choose Yes if prompted to save your changes.

19. The VServer is now ready to receive requests from any MySQL Client.
20. Were going to use a graphical client to connect to the LB VServer.
Click on Start Programs and scroll up to click on HeidiSQL

Page 18

Step Action
21. The Connection settings should be pre-populated. Click on Open

22. You should see a list of available tables. Click on the Query tab:

If Heidi does not connect, then you can check the troubleshooting section at the end of this
exercise.
23. Enter the following text into the text field, and click the blue Play symbol to the upper
right: drop database test;

24. This sends the command to the database. The responder policy should pick this up, and you
should see the response:

25. Click Ok and minimise the HeidiSQL Client, and return to the NetScaler configuration
Utility.

Page 19

Summary
Key Takeaways

The key takeaways for this exercise are:

Using Responder, you can choose to send a response to any MySQL or MSSQL request. You simply need to choose what commands\ strings\
arguments trigger the Responder in the Responder policy

You can choose to respond with an Error or an OK message.

Troubleshooting If you bind a TCP monitor to a MySQL service, there is a good chance that the
NOTES
MySQL server will blacklist that IP address. MySQL does not like receiving a TCP
handshake, and then no data. So if the monitor on the service is not coming up,
and you DID bind a TCP monitor by mistake, then you will need to reboot the
MySQL server once the correct monitor is bound. There is a way to do this using
the MySQL command prompt, but rebooting the MySQL1 server from XenCenter
is by far the fastest way to reset it. (It should only take about 30-40 seconds).
We have noticed that many people experienced issues with this lab because they
chose MSSQL as the protocol in either the VServer, Service or Monitor. You must
use MySQL. MSSQL is a totally different protocol, and they are not interchangeable.
If you need to change a service or VServer protocol, you will have to remove the
entity and add it again.

Page 20

Exercise 5: DataStream Caching

Overview
In this exercise you will configure a Cache Selector (mandatory for DataStream caching),a Cache Content
Group, and a Cache Policy. There is a contrived query that we will run on the database which can take up
to 1 minute to complete. Once we cache this response on the appliance, the time taken drops to less than
1 second. There is a web application designed to run this query against the database and display the results,
along with the response time and the query used. You may use the HeidiSQL client as well if you want to
by-pass the web application.

Step by step guidance

Estimated time to complete this lab: 10 minutes.
Step Action
1.
Firstly, open a new tab in the web browser and go to http://192.168.10.26/.
Click on the MySQL lab link at the bottom of the page:

2.

3.

4.

5.

You will see a page where you can submit an IP address. This is set to the MySQL VServer
IP configured earlier by default. You can change the IP by entering a new one and clicking
Submit but there is no need to do so if youve used the suggested IP addresses in
previous labs. This IP address will be used as the Database Server IP address that the web
application will send a MySQL query to.
Once you are satisfied that your NetScaler MySQL VServer is up and listening for requests,
click the link to execute the long query. If the page displays the message MySQL Server has
gone away please hold down Shift and press F5. If it continues to display the error
message, check the status of the monitor bound to the service and call over one of the
facilitators.
Look at the bottom of the browser to check if the page is loading. If you see:
and
then you know that the page is
loading, please have patience! It will take approximately 1-2 minutes to run. You can
continue with the lab while you are waiting (step 6), but check back after a minute to make
sure there are no errors.
Once the page has full loaded you will see the table, along with the query used, and the
execution time. This value is taken using PHP which starts a counter before the query, and
after the last byte of response is received from the MySQL VServer.
Page 21

Step
6.
7.

8.

Action
Now we will set up the caching configuration. This is one of the few features we choose to
leave DISabled while we configure it. (See why in the notes at the end of this lab.)
Unlike HTTP a cache selector is mandatory for Database Response caching. In the
NetScaler configuration, browse to Integrated Caching and drill down to Cache
Selectors. Click Add.
Give it a name of DB-Query, and choose the following expression:
MYSQL.REQ.QUERY.TEXT

Click Add and then click Create, and then click Close.

9.
10.
11.

Next we will create our Content Group. Expand "Content Groups and click Add.
Choose MySQL as the type, and give it a name like MySQL-Cache.
Choose Expire Content After - 500 seconds.

12.

Click on the Paramaterization tab and choose the Hit Selector you just created from the
drop down.

Page 22

Step
13.

14.
15.

Action
Click on the Memory tab and enter 2000 for the Do Not Cache if size Exceeds value.

Click Create and click Close.

Click on Policies, and click on Add.
Give it a name like : Cache-MySQL-Reqs, choose your newly created content group from
the drop down, and enter the following expression:
MYSQL.REQ.QUERY.COMMAND.CONTAINS("SELECT")
Click Create and then click Close.

16.

Click once on the Integrated Cache feature on the left hand side. In the right hand pane,
you should see the global settings for this feature.
Click Change Cache Settings and set the Memory Usage Limit to 100.
Click OK.

17.

Right click the yellow circle beside Integrated Cache and choose Enable Feature.

Page 23

Step
18.

19.

Action
Expand Load Balancing Virtual Servers and open the MySQL Virtual server by double
clicking it. Click on the Policies tab, and choose Cache (Request). Click Insert Policy,
and choose the MySQL Cache policy that you just created.
Click Ok

Now, return to your Web Application and

refresh the page once. It should take
approximately 1 minute again to retrieve
the data. Now click Refresh once more,
and the load time should reduce
dramatically.

Page 24

Summary
Key
Takeaways

The key takeaways for this exercise are:

Configuring Integrated Cache to cache database responses requires 4 main

configuration points:
1. Cache Selector
2. Content Group
3. Policy
4. Policy Binding

NOTES

Global Cache settings (Cache Memory Allocation) must be set to a value

otherwise the object will never enter then cache, but the cache policy will
register a hit.
Caching is configured with the feature disabled because objects may go into the
cache while you are configuring the feature. You might add configuration to not
cache those objects, and it will not retrospectively view objects in the cache. Results
of this are not predictable the worst case scenario being that objects you dont
want to cache DO get cached. When changing a cache configuration, it is
recommended to disable the feature, make the change, flush all cache objects, and
re-enable the feature again.
Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If
this happens, please switch to Chrome, where the issue should not occur.

Page 25

Exercise 6: Action Analytics

Overview
In this exercise we will use real time streaming stats to impact the configuration on the appliance, allowing
it to dynamically choose the most efficient configuration. We will use the Integrated Cache feature to
demonstrate this. NetScaler 10 comes bundled with some sample analytics which we will use for this lab.

Step by step guidance

Estimated time to complete this lab: 10 minutes.
Step Action
1.
Click on App Expert Action Analytics Selectors
We will use the Selector called Top_URL.
2.
Click on Stream Identifiers below. We will use the Identifier Top_URL.
3.
Navigate to Responder Policies and note the Top_URL policy. It has an action of
: No Operation.
4.
Browse to Integrated Cache and disable the feature. Click on Content Groups and click
on Add.
5.
Call it ActionAnalytics and set the Expire Content After value to 60 seconds. Click
Create. (This is a HTTP Content Group.)

6.
7.
8.
9.

Click on Policies under Integrated Cache. Click on Add. Give it a name like AnalyticsCache-Pol. Choose the group you just created from the drop down.
In the Expression window, enter the following expression:
ANALYTICS.STREAM("Top_URL").IS_TOP(5)
Click Create and then Close.
Right click Integrated Cache and Enable the feature once more.

Page 26

Step
10.

11.
12.
13.

Action
Navigate to Load Balancing Virtual Servers. Open the HTTP LB Server that is UP and
open it. Click on the policies tab:

14.

Click on Cache (Request), choose Insert Policy and add the Analytics-Cache-Pol
Click on Responder, choose Insert Policy, and add the Top_URL policy.
Open a new tab on FireFox and enter the IP of the Vserver to which you bound the last
two policies. E.g. http://192.168.10.26/
Click on Tools HttpFox Toggle HttpFox

15.

Click on Start in this tool.

Click on the following link at the bottom of the page:

16.

Click on the NetScaler 10 word until you reach Page 5, and stop.

Page 27

Step
17.

18.
19.
20.
21.
22.

23.
24.
25.
26.
27.
28.

Action
Now click on one of the rows in HttpFox, and look at the response headers:

Note the Via Header inserted by the NetScaler as it serves the object from the cache.
Click Stop in HttpFox and close the plugin by clicking the red X in the top right hand
corner of the HttpFox window.
Return to the NetScaler administration window, and Navigate to App Expert Action
Analytics Stream Identifiers.
Click on Top_URL and click on the button Stream Sessions at the bottom of the window
to view the objects in graphical format.
Navigate to Integrated Caching and click on Cache Objects. (It takes a second to load
as this information is still accessed via java.) If the browser fails to display the content, you
could try loading the NetScaler configuration utility in Chrome, and viewing it from there.
Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If this
happens, please switch to Chrome, where the issue should not occur.
Alternatively, see Step 27 for the CLI command to view the exact same data.
From the NetScaler CLI, enter the following command:
stat stream identifier Top_URL
Now enter the command:
clear stream session Top_URL
Return to the page in your browser Citrix NetScaler 10 Page 5 and click the next 5 links.
From the NetScaler CLI, enter the following command:
stat stream identifier Top_URL
Confirm that the new requests are in the cache by executing the following CLI command:
show cache objects
View the indepth details of the cache object by executing the following command:
show cache show cache object locator xxxxxxxxxxxxxxxx
Replace the xxxxxxxxs with the locator string shown in the output of show cache object.
Pay special attention to the Expiry field.
An example of the above command would be:
show cache object -locator 0x0000000e4d2900000043

Page 28

Summary
Key
Takeaways

The key takeaways for this exercise are:

How to invoke the built in Stream Selectors and Identifiers using a

Responder policy with No-Op Action

NOTES

How to use Analytics in a NetScaler feature, e.g. Integrated Cache, and view
the analytic results graphically in the NetScaler Configuration Utility.
There are several CLI examples in this lab to demonstrate how to view additional
information. It is sometimes easier to go to the CLI to view this information as we
can grep the results.

Page 29

Exercise 7: DNS Response Rewriting

Overview
In this exercise we will examine how to load balance DNS servers, how to view the cached responses, and
how to rewrite Non-Existent Domain responses. We will also learn how to demonstrate DNS
functionality through a NetScaler appliance.

Step by step guidance

Estimated time to complete this lab: 10 minutes.
Step Action
1.
The first thing we need to do is configure the NetScaler so it can resolve DNS requests.
This can be done in two ways quick and with a single point of failure, or redundant with
health checks and logging. We will configure the latter.
2.
Navigate to DNS and click on Name Servers. Click Add. Choose DNS Virtual Server
and click the New button.

3.
4.
5.
6.
7.
8.
9.
10.

This opens a Create Virtual Server dialog box. Give it a name of DNS-LB-Vserver
Use the IP address 192.168.10.30. The default port is pre-selected as 53.
The Services tab is displayed by default, click Add.
Enter DNS-SVC as the service name, and enter 192.168.10.11 into the server field.
Do not choose the default DNS monitor type.
Choose DNS from the protocol dropdown box, and click Create.
The Add Service window should close and the DNS-SVC service should be activated in
your Create Vserver dialog box. Click Create. This will close the window.
You have now returned to the Create Name Server box, and your DNS LB VServer is in
the drop down box. Click Create and click Close.
Verify that your DNS LB Vserver is enabled and has an Effective State of Up.

Page 30

Step
11.

Action
You can test your DNS LB Vserver by following these steps:
a. Open a DOS Command prompt box. (Start Type cmd in the search box, and
click the link cmd.exe.)
b. Type nslookup and press enter
c. Type server 192.168.10.30 and press enter
d. Type www.citrix.com and press enter.

12.

Return to the NetScaler configuration, and browse to DNS Records Click on

Address Records and scroll down. You should see the www.gslb.citrix.com record cached
on the appliance (this is different to Integrated Cache) with a TTL of 60 seconds.
Now type www.netscaler10rocks.com into nslookup - you should receive a response
saying:
*** [192.168.10.30] can't find www.netscaler10rocks.com: Non-existent domain
In the NetScaler configuration, navigate to: DNS Actions Click Add.
Give the action a name, e.g. DNS-Replace-Response
Choose Rewrite Response as the action type.
Enter 40.30.20.10 in the IP Address field, and click Add

13.

14.
15.
16.
17.

18.
19.
20.

Now click Create, and click Close.

Click on DNS Policies and click Add. Ensure that your newly created action is
selected.
Call the Policy Always-respond-to-NetScaler-host

Page 31

Step
21.

22.
23.
24.
25.

Action
In the Expression field, enter the following expression:
DNS.RES.QUESTION.DOMAIN.CONTAINS("training.lab").NOT &&
DNS.RES.HEADER.RCODE.EQ(NXDOMAIN) &&
DNS.RES.QUESTION.DOMAIN.CONTAINS("netscaler")

Click Create and click Close.

In the DNS Policies window, click Global Bindings.
Click Insert Policy, choose your newly created DNS Policy, and click OK.
Return to the DOS Prompt and NSLOOKUP again. Send the same DNS request
www.netscaler10rocks.com and verify that you now get a positive response with an IP
address.

Page 32

Summary
Key
Takeaways

NOTES

The key takeaways for this exercise are:

Creating a load balancing VServer for NetScaler based name resolution (i.e.
so the NetScaler itself can resolve host records)

Testing this configuration using nslookup and pointing it at the NetScaler

LB Vserver, and viewing cached records on the appliance.

Creating a granular (i.e. based on the hostname of the request) DNS rewrite
action to replace negative responses with positive responses and an IP
address.

Q. Why do we have to include the expression DNS.RES.QUESTION.DOMAIN.

CONTAINS("training.lab").NOT in the policy expression?
A. Sometimes, depending on the client, it can include the local host prefix to DNS
requests e.g. www.netscaler10rocks.com.training.lab. Only local client traces will
reveal this client DNS behavior. This would not be an issue for requests coming
from the internet, as the local DNS (LDNS) would respond to these accordingly,
before going to the internet name servers to resolve www.netscaler10rocks.com.
Now try typing www.netscaler.com . . . what is the result?

Page 33

Exercise 8: AutoScale Domain Based Service

Overview
In this exercise you will create a service group using a single hostname, which will auto-populate the
servicegroup with members, based on the response to the hostname IP resolution.

Step by step guidance

Estimated time to complete this lab: 10 minutes.
Step Action
1.
Open a DOS command prompt box and type NSLOOKUP.
2.
Enter the hostname dnsgroup and press enter. This list of IP addresses will be used by
the NetScaler appliance to autoscale a service group.
3.
In the NetScaler configuration utility, navigate to Load Balancing Servers (note: not
services).
4.
Click Add. Enter dbs in the Server Name field, and enter dnsgroup.training.lab in
the Domain Name field. Click Create and click Close.

5.
6.
7.
8.

Click on Load Balancing Service Groups and click on Add.

Enter DBS-autoscale for the service group name.
Select the Server Based radio button in the Specify Members section.
Click on dbs from the list, enter 80 in the port field, and leave the protocol on HTTP.

Page 34

Step
9.

10.

Action
Click on the Advanced tab, and in the bottom right, set the Auto Scale Mode to DNS.
Click Create and then Close.

The GUI will not display the service IPs immediately, as they are being resolved. The
results, IP addresses, and state will be available in the CLI if you execute the command:
sho servicegroup DBS-Autoscale
where the service group name is DBS-Autoscale. Future builds should resolve this issue.

Summary
Key
Takeaways

The key takeaways for this exercise are:

How to validate that the host record will result in an AutoScaled

servicegroup.

Configuring an AutoScaled Service group the AutoScale option is not

available (greyed out) until you select a host based server object.

NOTES

Page 35

Revision History
Revision
1.0

Change Description

Updated By

Original Version

Rnn OBrien

Date
October 2012

About Citrix
Citrix Systems, Inc. designs, develops and markets technology solutions that enable information technology (IT)
services. The Enterprise division and the Online Services division constitute its two segments. Its revenues are
derived from sales of Enterprise division products, which include its Desktop Solutions, Datacenter and Cloud
Solutions, Cloud-based Data Solutions and related technical services and from its Online Services division's Web
collaboration, remote access and support services. It markets and licenses its products directly to enterprise
customers, over the Web, and through systems integrators (Sis) in addition to indirectly through value-added
resellers (VARs), value-added distributors (VADs) and original equipment manufacturers (OEMs). In July 2012, the
Company acquired Bytemobile, provider of data and video optimization solutions for mobile network operators.
http://www.citrix.com

2012 Citrix Systems, Inc. All rights reserved.

Page 36