Professional Documents
Culture Documents
5 For
Technical Decision Makers
10 June, 2014
Overview
ᵒ Load Balancing
ᵒ Cisco Technologies
© 2014 Citrix
New Licensed Features
* Note: Only RISE or vPath can be enabled at one time per NetScaler instance
* Available as an a-la-cart feature
© 2014 Citrix
NetScaler MobileStream™
Front End Optimization (FEO)
Importance Of Mobile User Acceleration
© 2014 Citrix
How NetScaler Optimizes The Front-End
Domain Sharding
• Change embedded URLs to use sub-domains and trick the browser to open more connections
Image Optimization
• JPG optimize, Convert GIF to PNG, Image Lazy load, Image shrink to display attributes of the user-device
© 2014 Citrix
Core
Conversion from Java to HTML5
© 2014 Citrix
Core Feature
• Policy Variables
ᵒ Store a token (data) from the request or response in a system variable
ᵒ Reference stored data for
• Fully customized session persistence
• Internal computation
• Policy processing
Watch This
© 2014 Citrix
LLDP Support
© 2014 Citrix
Ethernet jumbo frames
Big Payloads
Fewer Packets
Reduced
Reduced
Protocol
Network I/O
Processing Less Packet
switching
Increased
Throughput Lowered CPU
and Goodput Usage
© 2014 Citrix
Traffic Domains
• Inter-Domain Routing
ᵒ Internally communicate across traffic domains. Virtual server and services can now be in different traffic
domain
• Rate Limiting per traffic domain
ᵒ Limit the …
Number of requests per second from clients
Number of Active Client Connections
Maximum Bandwidth
• Rates can be
• SMOOTH - # of requests in a given interval of time spread evenly across the time slice
• BURSTY - # of permitted requests allowed to exceed the quota within the time slice
• Policies can be combined with others to create complex policy sets
• VMAC Support
ᵒ Map Traffic Domain by destination MAC instead of incoming VLAN
ᵒ VLANs can be shared across traffic domains
© 2014 Citrix
Dynamic Routing
• BGP
ᵒ Local-AS command, ECMP routes
ᵒ Address-prefix ORF based on RFC 5291 and RFC 5292.
• OSPFv2
ᵒ LSA Throttling
• OSPFv3
ᵒ NSSA & Link LSA Suppression (RFC 5340)
ᵒ Multiple address families (RFC 5838)
ᵒ Distance, Summary address, distribute-list commands
• ISIS
ᵒ ISIS manual area expansion feature improved from 3 to 254
ᵒ Priority-driven convergence (RFC 5130)
ᵒ Restart signaling (RFC 5306), pre-route calculation
© 2014 Citrix
How it works?
Link Redundancy Switch Switch Switch
X Y Z
At any point of time
only one channel will Key 1 Key 2 Key 3
be active.
• LR Trigger for LACP channels
ᵒ Set a minimum bandwidth for dynamic LCAP Key 4
ᵒ Fail to another channel (to a redundant hit, we select a Key 1 Key 2 Key 3
subchannel with
switch) when threshold reached high throughout and
make it active by LCAP Key 4
reseting all other
interfaces
© 2014 Citrix
Orchestration
• NITRO API SDK in Python for better server side scripting. Python SDK will be
Python SDK available and supported with python 2.7 and 3+.
Dynamic • NITRO API support for routing protocols. Changes sync to all peers.
Routing
File • NITRO APIs for Upload, Download, Write and Read methods. Key functional
Operations requirements like SSL certkey will be able to get the benefits.
© 2014 Citrix
Service Supporting Features
• Content Switching
ᵒ Multi-port CS
• Configure a CS vserver on a combination of ports
ᵒ DNS_TCP Support
• DNS_TCP protocol is now supported with a Content Switching Vserver
• Audit Logging
ᵒ Ability to distinguish whether the command is executed from CLI or the GUI
• AAA Session Stickiness
ᵒ LDAP, RADIUS, & TACACS: We now stick to the server where last session was
successful.
© 2014 Citrix
Service Supporting Features (cont)
• AAA-TM
ᵒ Custom error strings
ᵒ Backend HTTP Web-Form Authentication
ᵒ Strong Encryption Support in KCD/Kerberos (AES-256, RC4-HMAC)
• OWA Force Session Timeout
ᵒ Forced timeout on long-lived connections that are open for monitoring
• Client Certificate Pass-through
ᵒ In XenMobile deployments, a client-certificate is required to be passed to Storefront.
Now send the client-certificate any Application server. No configuration needed.
• Forms Based SSO – Relative URLs
ᵒ NS can take relative URL and processed for Form based SSO
© 2014 Citrix
SDX SVM Manageability & 3rd Party Software
• CLI Support
• File management via NITRO
• AAA Support
ᵒ Use LDAP/TACACS/RADIUS for
SVM access
ᵒ Authorization & Audit log support
ᵒ Password expiration support
ᵒ For more details refer : AAA edocs
• Ethernet Jumbo Frames Support
with SR-IOV Open service delivery
platform for
• Central SSL Cert & Key 3 party services
rd
Management
© 2014 Citrix
Load Balancing
TM & DNS
DNS: NAPTR
• NAPTR support on NS along with SRV records.
© 2014 Citrix
Diameter Support
• Content Switching
ᵒ Diameter expressions on NS will help with content
parsing and CS policies would do the evaluation and
routing of messages through different LB path
© 2014 Citrix
SSL
© 2014 Citrix
Database Deployment Support
MSSQL
• AlwaysOn HA: 1 service can join now 2 MYSQL
groups and be primary in one and • Transparent Deployment Mode: Audit log,
secondary in the other AppFlow, & stream analytics
• Special Query Handling: queries can transparently for DB connections
change either global or local properties of • Database-Specific LB: A database can be
the server or connection. “use db” can online or offline independent of others on
be changed by NetScaler to reduce the same server. New monitor enables
server-side connections. DB state awareness.
© 2014 Citrix
Cisco Technologies
RISE, vPath, ACI Integration, + Management (DCNM)
Citrix NetScaler – Preferred ADC for Cisco Nexus
27 © 2014 Citrix
NetScaler 1000V in the Virtualized Data Center
Virtualized/Cloud Tenant A
Data Center ASA 1000V Cisco Virtual Cloud
Cloud Security Services
Physical Infrastructure Firewall Gateway Router
NetScaler 1000v vWAAS 1000V
Zone A
WAN Zone B
Router Switches Servers
CSR 1000
Nexus 1000V vWAAS ASA 1000V VSG (Cloud Router) NetScaler 1000V
• Citrix NetScaler
• VM-level Application
• Distributed switch • WAN optimization • Edge firewall, VPN • WAN L3 gateway
controls Delivery Controller
• NX-OS consistency • Application traffic • Protocol Inspection • Routing and VPN • Citrix NetScaler
• Zone-based FW
Web App. Firewall
28 © 2014 Citrix NetScaler is the ADC for Nexus 1000V Virtual Networking
Key Advantages for NetScaler with vPath
Web
• Dynamic NetScaler deployments in Multi-Tenant environment
vWAAS
• NetScaler gets benefits of intelligent service chaining
with no worrying about VLAN stitching in dynamic
ASA 1000V virtual environments
Cloud Firewall
• Preserve Client IP; No Source NAT or PBR required to send
NetScaler 1000v server return traffic to NetScaler
• No disruption to east-west / distributed services, that would
Virtual Security
Gateway normally happen with Source NAT
vPath
VM VM VM
© 2014 Citrix
vPath Service Chaining – Virtual Network Overlay
Policy based traffic steering through virtualized network services
Cisco VSG
VM VM VM VM VM VM VM VM
VM VM VM VM VM VM VM
5 4
Cisco Nexus 1000V Cisco vPath
Distributed Virtual Switch
1 2
Citrix NetScaler
vPath Encapsulation
© 2014 Citrix NetScaler ADC supports Nexus 1000V vPath
Logical packet flow
Service Integration Challenges within Data Centers
NetScaler
RISE provides best
of both worlds!
© 2014 Citrix
Cisco Prime Network Services Controller
Configure NetScaler VPX from Prime NSC using Openstack Integration
Cisco and Third-Party Management Ecosystem
Cisco Intelligent Automation BMC CLM Other
for Cloud
Operation Cisco UCS Director OpenStack CloudStack Hybrid
Management Cloud
Single API
MultiService
MultiHypervisor
© 2014 Citrix
RISE Automated Policy Based Routing
• NS adds redirection rules as per configuration
ᵒ Sends the list of servers and the next hop 1. Client VIP 8. VIP Client
interface
Internet
• N7K applies to rules for its local servers and
propagates the rules for servers attached to
the neighboring N7K 2. Client VIP
© 2014 Citrix
Automated Routing Updates – RHI
Automated Routing
• Allows NetScaler ADC to advertise (add or delete) Updates
© 2014 Citrix
RISE Integration Feature Summary
© 2014 Citrix
Auto-Discovery/Bootstrap of NetScaler by N7K
Directly Attached NS to Nexus7000 Line Card Ports
Four Simple Steps to Getting
Connected
Virtual Slot ID assigned
Data & Control Channels Established 1. Create port-channel
333 2 Netscaler NA ok
N7K SUP can attach a RISE module and access NetScaler CLI via SSH from N7K:
© 2014 Citrix
Fill in and Apply, Now or Later!
© 2014 Citrix
More RISE / DCNM Integration to Come Co Not
m Ye
m t
itt
ed
© 2014 Citrix
CISCO ACI - Application Centric Infrastructure
Nexus 9500
APIC
Hypervisors
Physical L4–L7 Multi DC
and Virtual Compute Storage
Networking Services WAN and Cloud
Networking
Nexus 7K
Integrated
Nexus 2K WAN Edge
© 2014 Citrix