NetScaler CPX部署、配置与使用

发表于 更新于 分类于

About NetScaler CPX

May 13, 2016

Citrix NetScaler CPX is a container-based application delivery controller that can be provisioned on a Docker host. NetScaler CPX enables customers to leverage Docker engine capabilities and use NetScaler load balancing and traffic management features for container-based applications. You can deploy one or more NetScaler CPX instances as standalone instances on a Docker host.

A NetScaler CPX instance provides throughput of up to 1 Gbps.

部署

  1. 安装docker
    https://docs.docker.com/engine/installation/linux/centos/

  2. 使用cpx的容器镜像生成cpx
    从以下地址获取cpx的容器镜像cpx-11.1-48.10.gz

    1
    https://www.microloadbalancer.com/get-it-now

    执行以下操作

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    [root@netscaler ~]# docker load -i cpx-11.1-48.10.gz

    [root@netscaler ~]# docker images
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    cpx                 11.1-48.10          9c5a5e94c333        5 months ago        605.4 MB

    [root@netscaler ~]# docker run -dt -p 22 -p 80 -p 161/udp --ulimit core=-1 --privileged=true 9c5a5e94c333
    786ccae5253fe35023ea18c10ade1b66780e28c558bee849fec700c18dd9dd58

    [root@netscaler ~]# docker ps
    CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                           NAMES
    786ccae5253f        9c5a5e94c333        "/bin/sh -c 'bash -C "   6 seconds ago       Up 3 seconds        443/tcp, 0.0.0.0:32769->22/tcp, 0.0.0.0:32768->80/tcp, 0.0.0.0:32768->161/udp   kickass_euclid

    根据所给出的ssh端口登录cpx,默认登录口令为root/linux。

配置

进入cpx后,执行命令需要加载cpx的client脚本,cli_script.sh,即:

1
# cli_script.sh "show ns feature"

开启ns的lb特性

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
root@786ccae5253f:~# cli_script.sh "enable ns feature LoadBalancing"
exec: enable ns feature LoadBalancing
Done

exec: show ns feature

	Feature                        Acronym              Status
	-------                        -------              ------
 1)	Web Logging                    WL                   OFF
 2)	Surge Protection               SP                   OFF
 3)	Load Balancing                 LB                   ON
 4)	Content Switching              CS                   OFF
 5)	Cache Redirection              CR                   OFF
 6)	Sure Connect                   SC                   OFF
 7)	Compression Control            CMP                  OFF
 8)	Priority Queuing               PQ                   OFF
 9)	SSL Offloading                 SSL                  ON
 10)	Global Server Load Balancing   GSLB                 OFF
 11)	Http DoS Protection            HDOSP                OFF
 12)	Content Filtering              CF                   OFF
 13)	Integrated Caching             IC                   OFF
 14)	SSL VPN                        SSLVPN               OFF
 15)	AAA                            AAA                  OFF
 16)	OSPF Routing                   OSPF                 OFF
 17)	RIP Routing                    RIP                  OFF
 18)	BGP Routing                    BGP                  OFF
 19)	Rewrite                        REWRITE              OFF
 20)	IPv6 protocol translation      IPv6PT               OFF
 21)	Application Firewall           AppFw                OFF
 22)	Responder                      RESPONDER            OFF
 23)	HTML Injection                 HTMLInjection        OFF
 24)	NetScaler Push                 push                 OFF
 25)	AppFlow                        AppFlow              OFF
 26)	CloudBridge                    CloudBridge          OFF
 27)	ISIS Routing                   ISIS                 OFF
 28)	CallHome                       CH                   OFF
 29)	AppQoE                         AppQoE               OFF
 30)	vPath                          vPath                OFF
 31)	Content Accelerator            ContentAccelerator   OFF
 32)	RISE                           RISE                 OFF
 33)	Front End Optimization         FEO                  OFF
 34)	Large Scale NAT                LSN                  OFF
 35)	RDP Proxy                      RDPProxy             OFF
 36)	Reputation                     Rep                  OFF
Done

创建一个service

1
add service <name> <serverName> <serviceType> <port>

serverName表示地址
serviceType有HTTP、SSL、FTP、TCP、SSL_TCP、UDP、SSL_BRIDGE、NNTP、DNS、ANY、SIP-UDP、DNS-TCP、RTSP、DHCPRA、DIAMETER、SSL_DIAMETER

示例:

1
add service Service-HTTP-1 192.0.2.5 HTTP 80

创建一个virtual server

1
add lb vserver <name> <serviceType> <ip> <port>

示例:

1
add lb vserver Vserver-LB-1 HTTP 10.102.29.60 80

绑定virtual server与services

1
bind lb vserver <name> <serviceName>

示例:

1
bind lb vserver Vserver-LB-1 Service-HTTP-1

除了client,cpx还提供了可用于配置、使用的api,访问地址为:http://:<80_port>/nitro/v1/config,认证方式为nsroot/nsroo

举个栗子

本栗中,NetScaler CPX与Openstack结合,虽然并没有对应的cpx的driver,仅尝试与虚拟机手动绑定,使用cpx作两个虚拟机的ssh负载均衡器:

  1. 使用openstack创建两个虚拟机,ip地址分别为30.0.0.8、30.0.0.9

  2. 为这两个虚拟机绑定浮动ip

    1
    2
    30.0.0.8 - 172.14.0.4
    30.0.0.9 - 172.14.0.5

  3. 在cpx中创建两个services

    1
    2
    add service SERVER_A 172.14.0.4 TCP 22
    add service SERVER_B 172.14.0.5 TCP 22

  4. 创建一个ssh的lb

    1
    add lb vserver LB_SSH TCP 172.14.0.10 22

  5. 绑定这个lb与两个虚拟机

    1
    2
    bind lb vserver LB_SSH SERVER_A
    bind lb vserver LB_SSH SERVER_B