Using the NetScaler Appliance in the Use Subnet IP Mode
Article ID: CTX117360
Updated On:
Description
This article contains information about using the NetScaler appliance in the Use Subnet IP (USNIP) mode.
Background
A subnet IP (SNIP) address is used to enable a user to access an Application Switch from an external host that is a member of another subnet. When you add a subnet IP address to the NetScaler appliance, you make a corresponding route entry in the routing table of the appliance. For each subnet you add to the appliance, you need to add an entry in the routing table. This entry corresponds to the first IP address of the subnet.
Contrary to the NetScaler IP (NSIP) and Mapped IP (MIP) addresses, it is not mandatory to add the SNIP address during the initial configuration of the Application Switch.
Using SNIP on a NetScaler Appliance
You can create a multiple subnet topology that has NSIP, MIP, and the IP address of a back end server on different subnets. In such a scenario, you can configure the IP addresses of the various subnets on the Application Switch. The source IP address of a packet sent from the Application Switch is the SNIP address.
Make sure the backend server is in the same subnet as the SNIP.
By default, the SNIP mode is enabled on the NetScaler appliance. Run the following command to disable this mode:
disable ns mode USNIP
To enable the USNIP mode on the NetScaler appliance, run the following command:
enable ns mode USNIP
If you enable the USNIP mode on the NetScaler appliance, the Application Switch uses the SNIP address as the source IP address for all the outgoing packets.
The following diagram shows how the NetScaler appliance uses source IP when the USNIP mode is enabled on the NetScaler appliance:
Comparison Between the SNIP and MIP Addresses
When you enable the USNIP mode on the NetScaler appliance, one of the SNIP address is used to establish a connection to a service. To determine the SNIP to be used when the service is connected through a Layer 3 (L3) router, you must determine the next hop. In case the next hop is the same L3 network as the SNIP address then the Application Switch uses the SNIP address. Otherwise, it uses the MIP address to send the packets.
When a service is directly connected to the Application Switch and if the IP address is in the same L3 network as the SNIP then the SNIP address is used. Otherwise, the Application Switch uses MIP address to send the packets. If there are multiple SNIP addresses in the same subnet, the SNIP with the closest netmask is used. If the netmask is the same then more than one SNIP is pooled for the connections.
Additional Resources
Citrix Documentation - Configure Subnet IP(SNIP) addresses
Issue/Introduction
