How to Configure a CloudConnector Between Two NetScaler VPX Appliances Using a Wizard

book

Article ID: CTX137072

calendar_today

Updated On:

Description

This article describes how to configure a CloudConnector between two NetScaler VPX appliances on different data centers- Data Center A and Data Center B using a wizard.

Background

CloudConnector is a feature used to build a cloud-extended data center. You can create bridges to connect one or more Virtual Private Clouds (VPCs) to the network, without reconfiguring the enterprise data center. Cloud-hosted applications appear as though they are running on one contiguous enterprise network. CloudConnector enables you to create seamless connectivity between the existing data center and applications hosted in the private cloud infrastructure or between the two cloud frameworks.

The term CloudConnector can also refer to the connection that you create between the two private networks by using CloudConnector appliances or instances. Networks connected by a CloudConnector functions like a single network transparent to the user.

To configure a CloudConnector, complete the following procedure:

Create a network bridge.
Create an IPSec profile.
Create a GRE tunnel with the IPSec profile.
Bind the tunnel to the network bridge.

You can deploy CloudConnector for seamless connectivity between the following entities:

CloudConnector VPX instances in the data center and Amazon Web Services (AWS).

Cloud to Cloud.

Data center to data center.

Requirements

Use NetScaler software release 9.3 48.6 nCore and later with NetScaler VPX or MPX appliances.
Use NetScaler VPX or MPX appliances with one of the following licenses:
- A Platinum Edition license, this includes the CloudConnector feature.
- A CloudConnector VPX stand-alone license.
Both NetScaler VPX appliances must be able to access the NetScaler IP addresses of the other appliance when using the wizard.
MIP and SNIP addresses on both the NetScaler VPX appliances must be accessible to each other to establish a peer connection.
Note: Data Center A and Data Center B can reach each other internally.
If you have a firewall, then ensure that the following ports are open:
- Any ESP (IP Protocol number 50) packets.
- Any IP Protocol number 51 packets.
- Any UDP packets for port 500.
- If using NAT-T, the FW must also allow any UDP packets for port 4500.

Network Topology

User-added image

These sites or data centers are internally accessible to each other by using VPN or an intranet network.

The wizard is usually used when connecting a data center to a cloud service provider, such as, Amazon Web Services or between cloud to cloud environments.

Instructions

To configure a CloudConnector implementation between two NetScaler VPX appliances using the CloudConnector wizard, complete the following procedure:

Select System > Settings > Configure Advanced Features > CloudBridge, to enable the CloudBridge option on both NetScaler VPX appliances.
On one of the appliances, select Cloud Bridge > Create/Monitor CloudBridge.
Click Get Started, as shown in the following screen shot:
Select NetScaler.
Note: This will be the CloudBridge configuration between the two data centers.

The CloudBridge Setup Window appears, as shown in the following screen shot:
Enter the internal NSIP address of the remote NetScaler VPX appliance and its nsroot administrator credentials. In this example, the two data centers are internally accessible.
Enter the public NSIP address of the remote NetScaler VPX appliance and its nsroot administrator credentials. In this example, the two data centers are publicly accessible.

The CloudBridge Setting Window appears, as shown in the following screen shot:
Enter the following information when the two data centers are internally accessible:
- Select the Local SNIP address.
- Select the Remote SNIP address.
- Select an Encryption Algorithm.
- Select a Hash Algorithm.
- Select either, Auto Generate Key or Specify Key.
Note: In this example, the Specify Key option is selected and the Pre Shared Security Key value entered is secretkey.
Enter the following information when the two data centers are publicly accessible:
- Select the Local SNIP address.
- Select the NetScaler Behind NAT option and enter the Public IP Address of the local SNIP.
- Select the Remote SNIP address.
- Select the NetScaler Behind NAT option and enter the Public IP Address of the remote SNIP.
- Select an Encryption Algorithm.
- Select a Hash Algorithm.
- Select either- Auto Generate Key or Specify Key.
Note: In this example, Specify Key is selected and the Pre Shared Security Key value entered was is secretkey.

The following screen appears indicating that the bridge is established.

Configuration on Both Appliances

After you complete the wizard on one of the appliance, the CloudBridge configuration is automatically available on both NetScaler VPX appliances.

Data Center A Appliance

Network Bridge Tab

User-added image

Tunnels Tab

User-added image

IPSec Profile Tab

User-added image

Data Center B Appliance

Bridge Tab

User-added image

Tunnels Tab

User-added image

IPSec Profle Tab

User-added image

Routing

A bridge can be of type- Layer2 (L2) or Layer3 (L3).

If you are using L2, then you can extend the broadcast domain of one side into the other; requirement for this to work is that the back end local subnets on each site must be the same.

If using L3, then disjoint networks can be used on each side of the bridge and you have to configure the routing to enable traffic to go over the bridge. Static route or PBR can be used to achieve this. In this example, static routes are configured.

The topology depicted in this article has disjoint networks so that you can configure an L3 routing:

Configure an SNIP address on both appliances on the same subnet (Bridge SNIP):

Data Center A

Data Center B
Configure two static routes to enable traffic destined to the remote subnet to pass through the bridge by using the remote bridge SNIP address:

In Data Center A, you can configure a route to reach Data Center B subnet through the bridge SNIP in Data Center B 192.168.100.12.

In Data Center B, you can configure a route to reach Data Center A subnet through the bridge SNIP address in Data Center A 192.168.100.11.
Run the following command to confirm the ARP entries on each appliance:
show arp

Data Center A

Data Center B
From Data Center A ping the bridge SNIP address in Data Center B.

Data Center A
From Data Center B ping the bridge SNIP address in Data Center A.

Data Center B
Run the following command to confirm the ARP entries on each appliance. A new ARP entry appears showing the tunnel interface to the remote peer appliance:
show arp

Data Center A

Data Center B

Issue/Introduction

This article describes how to configure a CloudConnector between two NetScaler VPX appliances on different data centers- Data Center A and Data Center B using a wizard.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"