NetScaler Policy Based Routing

NetScaler Policy Based Routing

book

Article ID: CTX124716

calendar_today

Updated On:

Description

This article contains information about NetScaler Policy Based Routing (PBR) for incoming and outgoing network traffic.

Policy Based Routing

PBR is a concept that closely relates to Access Control List (ACL) on a NetScaler appliance. PBR can be leveraged to take routing decision (next hop router) based on certain criteria such as Source IP, Source Port, Destination IP, Destination Port, Protocol, Interface, VLAN and Source MAC.

PBR - Incoming Traffic

User-added image

 

PBR - Outgoing Traffic

User-added image

 

PBR is similar to ACL based rule matching. However, PBR can make decision based on any of the following criteria:

  • Source IP

  • Destination IP

  • Source Port

  • Destination Port

  • Interface

  • VLAN

  • Protocol

Using PBR, a NetScaler appliance can either ALLOW or DENY access to network packets. In scenarios where a PBR policy evaluates as True and the preferred action is ALLOW, the appliance forwards the packet to the next hop router. In scenarios where a PBR policy evaluates as False, normal routing rules apply, as shown in the following image.
User-added image

Run the following command from the command line interface to add a PBR:

add ns pbr <name> <action> [-srcIP [<operator>] <srcIPVal>] [-srcPort
      [<operator>] <srcPortVal>] [-destIP [<operator>] <destIPVal>]
      [-destPort [<operator>] <destPortVal>] [-nextHop <nextHopVal>] [-srcMac
      <mac_addr>] [-protocol <protocol> | -protocolNumber <positive_integer>]
      [-vlan <positive_integer>] [-interface <interface_name>] [-priority
      <positive_integer>] [-msr ( ENABLED | DISABLED ) [-monitor <string>]]
      [-state ( ENABLED | DISABLED )]

Example 1

Run the following command to forward all packets from VLAN 230 to next hop router 10.217.145.128:
add ns pbr VLAN_230 ALLOW -nextHop 10.217.145.128 -vlan 230 -priority 1 -kernelstate SFAPPLIED61

Example 2

Run the following command to forward all packets destined from 10.217.146.1 to 10.217.145.128:
add ns pbr DEST_IP ALLOW -destIP = 10.217.146.1 -nextHop 10.217.145.128 -priority 2 -kernelstate SFAPPLIED61

Note: The next hop router should be directly connected.

After PBR is created and enabled, it should be explicitly applied. Run the following command from the command line interface of the appliance to apply the PBR:
apply ns pbrs

 

Issue/Introduction

This article contains information about NetScaler Policy Based Routing (PBR) for incoming and outgoing network traffic.

Additional Information

Citrix Documentation - Configuring a Policy-Based Routes (PBR) for IPv4 Traffic
Powered by Wolken Software