Alerts     Sign In
Rate this Article:
You must be signed in to rate again
 Article Feedback Print View
Alternate Languages: N/A

How to Configure Direct Server Return

Document ID: CTX110501   /   Created On: Nov 14, 2006   /   Updated On: Nov 14, 2006
Average Rating: 5

Summary

This article describes how to configure Direct Server Return (DSR).

Background

The concept behind DSR is that the traffic is sourced through the NetScaler, however, the return traffic from the back-end server is sent directly to the router. Below is a sample network diagram:

Requirements

The following features must be configured on the NetScaler:

  • Use Source IP (USIP) mode
  • Media Access Control (MAC)-Based Forwarding (MBF)
  • The server’s default gateway should be that of the router.
  • The client and the server should be on separate networks. That is, the back-end servers should have to go through a router to reach the client.
    Note    : DSR only supports passive FTP mode.

Procedure

  1. Issue the following command:
    enable ns mode mbf
  2. Create the service using the following command (using the ANY protocol type, because you do not want the NetScaler to parse the traffic as any of the known protocols):
    add service srv_ftp 10.200.14.20 ANY * -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip YES -cltTimeout 120 -svrTimeout 120 -CKA NO -TCPB NO -CMP NO
  3. Create the vserver using the following commands (use type MAC, type ANY, and port * to allow any ports, as shown below):
    > add lb vserver vip_ftp ANY 10.200.14.2 * -m MAC

    Note    : The default type is –m IP. However, for the purposes of this example, you must make switching decisions based on the MAC address of the client and send it on the same path it came from without the NetScaler in the return path.

    bind lb vserver vip_ftp srv_ftp -weight 1
    set vserver vip_ftp -cltTimeout 120

Server-side configuration:

Create a loopback interface and configure it with the virtual IP address (VIP). The default gateway of the back-end servers should be that of the router.

More Information

Inbound traffic:

A client-side trace shows the following:

The client IP address (with the client MAC address) and VIP address (MAC address of the NetScaler).

A NetScaler trace shows the following in addition to the above:

The client IP address (because USIP is enabled) with the MAC address of the NetScaler and destination IP address of the actual server (MAC address of the real server).

Outbound return traffic:

A NetScaler trace shows the following:

The server’s IP address (server’s MAC address) destination and the client IP address (MAC address of the router).

The point behind using DSR is that you do not modify any packets. You only perform load balancing. The return traffic is sent to the router, which should know how to route it back to the client.


This document applies to:

  • NetScaler Application Delivery Software 6.1
  • NetScaler Application Delivery Software 6.0
Search
Knowledge Center
Advanced Search
Presentation Server
Presentation Server Clients (ICA)
XenServer
XenDesktop
NetScaler Application Delivery
Access Gateway
EdgeSight
Provisioning Server
WANScaler
Password Manager
>> View All Products
Citrix Developer Community
©1999-2008 Citrix Systems, Inc. All rights reserved.