Citrix NetScaler日常配置管理指南

1、查看开启的功能特性

   > show feature

       Feature                        Acronym              Status

       -------                        -------              ------

    3)    Load Balancing                 LB                   ON

    4)    Content Switching              CS                   ON

    5)    Cache Redirection              CR                   OFF

   2、查看主备状态

   > show ha node

   1)    Node Ihttps://www.gofarlic.com      0

       IP:         1.1.1.2 (ns2)

       Node State: STAYPRIMARY
Master   State: Primary

       Fail-Safe Mode: OFF

       INC State: DISABLED

       Sync State: ENABLED

       Propagation: ENABLED

       Enabled Interfaces : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 1/2 1/1 0/1 LA/1

       Disabled Interfaces : None

       HA MON ON Interfaces : 1/1 LA/1

       HA HEARTBEAT OFF Interfaces : None

       Interfaces on which heartbeats are not seen : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 0/1 LA/1

       Interfaces causing Partial Failure: None
SSL   Card Status: UP

       Hello Interval: 200 msecs

       Dead Interval: 3 secs

       Node in this Master State for: 88:6:13:51 (days:hrs:min:sec)

   2)    Node Ihttps://www.gofarlic.com      1

       IP:         1.1.1.1

       Node State: STAYSECONDARY

       Master State: Secondary

       Fail-Safe Mode: OFF

       INC State: DISABLED

       Sync State: SUCCESS

       Propagation: ENABLED

       Enabled Interfaces : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 1/2 1/1 0/1 LA/1

       Disabled Interfaces : None

       HA MON ON Interfaces : 1/1 LA/1

       HA HEARTBEAT OFF Interfaces : None

       Interfaces on which heartbeats are not seen : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 0/1 LA/1

       Interfaces causing Partial Failure: None

       SSL Card Status: UP

Local node information:

       Critical Interfaces: 1/1 LA/1

    Done

3、查看端口 信息

   > show interface

   2)    Interface 1/1 (Gig Ethernet 10/100/1000 MBits) #11  

       flags=0xc020 <ENABLED, UP, UP, autoneg, HAMON, HEARTBEAT, 802.1q>

       MTU=1500, native vlan=1, MAC=00:e0:ed:54:83:25, uptime 2118h18m40s

       Requested: media AUTO, speed AUTO, duplex AUTO, fctl OFF,

             throughput 0

       Actual: media UTP, speed 1000, duplex FULL, fctl OFF, throughput 1000

       LLDP Mode: NONE,         LR Priority: 1024

   RX: Pkts(84644566) Bytes(25583735630) Errs(0) Drops(6) Stalls(0)

       TX: Pkts(84972648) Bytes(26403550884) Errs(0) Drops(0) Stalls(0)

       NIC: InDisc(0) OutDisc(0) Fctls(0) Stalls(0) Hangs(0) Muted(0)

       Bandwidth thresholds are not set.

> stat interface

   Interface Summary

   ID             IntfState    IntfAlias Rx Bytes Tx Bytes  Rx Pkts  Tx Pkts

   1/8                   UP                25894M    4816M  199515k 21704880

   1/7                   UP                14553M   16962M  132260k 61343482

   1/2                   UP                25396M   25925M 83528389 83243609

   1/1                   UP                25586M   26406M 84651503 84980359

   LO/1                  UP               425726M  572609M    2951M    5852M

   LA/1                  UP                40448M   21779M  331775k 83048362

   4、查看使用ip列表和接口VLAN信息

   > show ns ip

         Ipaddress        Traffic Domain  Type             Mode     Arp      Icmp     Vserver  State

         ---------        --------------  ----             ----     ---      ----     -------  ------

   1)    1.1.1.2          0               NetScaler IP     Active   Enabled  Enabled  NA       Enabled

   3)    10.100.59.5      0               SNIP             Active   Enabled  Enabled  NA       Enabled   #设备管理IP地址

   4)    10.100.59.11     0               VIP              Active   Enabled  Enabled  Enabled  Enabled   #用户访问解析到的地址

   > show vlan

   1)    VLAN Ihttps://www.gofarlic.com 1

       Link-local IPv6 addr: fe80::ec4:7aff:fe45:7e5/64

       Interfaces : 1/12 1/11 1/10 1/9 1/6 1/5 1/4 1/3 1/2 1/1 0/1 LO/1

       Channels : LA/1

2)    VLAN Ihttps://www.gofarlic.com 59    VLAN Alias Name:

       Channels : LA/1(T)

       IPs :

            10.100.59.5     Mask: 255.255.255.0

   5、查看license许可情况、

   > show license

       License status:
Web Logging: YES

                       Load Balancing: YES

                              SSL VPN: YES  (Maximum users = 500)  (Maximum ICA users = Unlimited)

                              Rewrite: YES

                            Responder: YES

                      Model Number Ihttps://www.gofarlic.com 8200

                         License Type: Standard License

                       Licensing mode: Local

6、查看service运行情况

   > show service

   1)    lb_svc_web2 (10.105.2.61:80) - HTTP

       State: DOWN

       Last state change was at Thu Jul 18 10:56:18 2019

       Time since last state change: 87 days, 22:15:47.150
Server   Name: 10.105.2.61

       Server ID : None     Monitor Threshold : 0

       Max Conn: 0    Max Req: 0    Max Bandwidth: 0 kbits

       Use Source IP: NO    
Client Keepalive(CKA): NO

       Access Down Service: NO

       TCP Buffering(TCPB): NO

       HTTP Compression(CMP): NO

       Idle timeout: Client: 180 sec    Server: 360 sec

       Client IP: DISABLED

       Cacheable: NO

       SC: OFF

       SP: OFF

       Down state flush: ENABLED

       Monitor Connection Close : NONE

       Appflow logging: ENABLED

       Process Local: DISABLED

       Traffic Domain: 0

7、查看Vserver运行情况

   > show vserver

   6)    M-API (10.100.59.95:80) - HTTP    Type: ADDRESS

       State: UP

       Last state change was at Tue Oct  1 03:59:45 2019

       Time since last state change: 13 days, 05:14:45.590

       Effective State: UP

       Client Idle Timeout: 180 sec

       Down state flush: ENABLED

       Disable Primary Vserver On Down : DISABLED

       Appflow logging: ENABLED

       Port Rewrite : DISABLED

       No. of Bound Services :  2 (Total)      2 (Active)

       Configured Method: LEASTCONNECTION

       Current Method: Round Robin, Reason: Bound service's state changed to UP    BackupMethod: ROUNDROBIN

       Mode: IP

       Persistence: NONE

       Vserver IP and Port insertion: OFF

       Push: DISABLED    Push VServer:

       Push Multi Clients: NO

       Push Label Rule: none

       L2Conn: OFF

       Skip Persistency: None

       Listen Policy: NONE

       IcmpResponse: PASSIVE

       RHIstate: PASSIVE

       New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0

       Mac mode Retain Vlan: DISABLED

       DBS_LB: DISABLED

       Process Local: DISABLED

       Traffic Domain: 0

       TROFS Persistence honored: ENABLED

       Retain Connections on Cluster: NO

   8、查看版本信息

   > show ver

       NetScaler NS11.1: Build 61.7.nc, Date: Jan 31 2019, 03:09:31  

   9、查看硬件运行时间、硬件负载情况

   > stat ns

   System overview

   Up since        Wed Apr 17 07:05:58 2019

   Packet CPU usage (%)                0.20

   Management CPU usage (%)            0.00

   Memory usage (MB)                    369

   InUse Memory (%)                    4.99

   System state                          UP

   Master state                     Primary

   # SSL cards UP                         3

   # SSL cards present                    3

   System Disks                    Used (%) Available

   /flash Used (%)                         2    15094

   /var Used (%)                          14   127491

   10、显示LB Vserver状态信息

   > stat lbvserver

   Virtual Server(s) Summary     vsvrIP        port     Protocol         State     Req/s

   lb_v...slweb                  10.100.59.10   443   SSL_BRIDGE           UP       0/s

   11、显示service状态信息

   > stat service

   Service(s) Summary    IP           port         Type         State     Req/s

   lb_s...slweb         10.105.2.8     443   SSL_BRIDGE         UP        0/s

12、查看LB对应的后端主机信息

   > show lbvserver M-API

       M-API (10.100.59.95:80) - HTTP    Type: ADDRESS

       State: UP

       Last state change was at Tue Oct  1 03:59:45 2019

       Time since last state change: 13 days, 05:54:16.20

       Effective State: UP

       Client Idle Timeout: 180 sec

       Down state flush: ENABLED

       Disable Primary Vserver On Down : DISABLED

       Appflow logging: ENABLED

       Port Rewrite : DISABLED

       No. of Bound Services :  2 (Total)      2 (Active)

       Configured Method: LEASTCONNECTION

       Current Method: Round Robin, Reason: Bound service's state changed to UP    BackupMethod: ROUNDROBIN

       Mode: IP

       Persistence: NONE

       Vserver IP and Port insertion: OFF

       Push: DISABLED    Push VServer:

       Push Multi Clients: NO

       Push Label Rule: none

       L2Conn: OFF

       Skip Persistency: None

       Listen Policy: NONE

       IcmpResponse: PASSIVE

       RHIstate: PASSIVE

       New Service Startup Request Rate: 0 PER_SECOND, Increment Interval: 0

       Mac mode Retain Vlan: DISABLED

       DBS_LB: DISABLED

       Process Local: DISABLED

       Traffic Domain: 0

       TROFS Persistence honored: ENABLED

       Retain Connections on Cluster: NO

Bound Service Groups:

   1)    Group Name: M-API

       1) M-API (10.100.63.151: 80) - HTTP State: UP    Weight: 1

           2) M-API (10.100.63.152: 80) - HTTP State: UP    Weight: 1

    Done

> show serviceGroup M-API

       M-API - HTTP

       State: ENABLED    Effective State: UP    Monitor Threshold : 0

       Max Conn: 0    Max Req: 0    Max Bandwidth: 0 kbits

       Use Source IP: NO    

       Client Keepalive(CKA): NO

       TCP Buffering(TCPB): NO

       HTTP Compression(CMP): NO

       Idle timeout: Client: 180 sec    Server: 360 sec

       Client IP: ENABLED X-Forwarded-For

       Cacheable: NO

       SC: OFF

       SP: OFF

       Down state flush: ENABLED

       Monitor Connection Close : NONE

       Appflow logging: ENABLED

       Process Local: DISABLED

       Traffic Domain: 0

   1)   10.100.63.151:80    State: UP    Server Name: 10.100.63.151    Server Ihttps://www.gofarlic.com None    Weight: 1

            Last state change was at Tue Oct  1 03:59:45 2019

            Time since last state change: 13 days, 05:56:04.710

       Monitor Name: tcp-default     State: UP    Passive: 0

           Probes: 603623    Failed [Total: 28 Current: 0]

           Last response: Success - TCP syn+ack received.

   2)   10.100.63.152:80    State: UP    Server Name: 10.100.63.152    Server Ihttps://www.gofarlic.com None    Weight: 1

            Last state change was at Tue Oct  1 04:00:33 2019

            Time since last state change: 13 days, 05:55:16.640

       Monitor Name: tcp-default     State: UP    Passive: 0

           Probes: 604830    Failed [Total: 29 Current: 0]

           Last response: Success - TCP syn+ack received.

12、查看集群状态信息

   > stat HA node

   HA Summary

   High Availability                                YES  #集群关键指标

   System state                                      UP

   Master state                                 Primary

   Last Transition time        Thu Jul 18 02:47:41 2019

   Heartbeats received                        155602381

   Heartbeats sent                            193215666

13、故障日志收集

   #show techsupport命令收集日志

   14、配置信息查看

   show server server-1

   show lb vserver Vserver-zg-test

   show service Service-HTTP-1

   show service bindings Service-HTTP-1

   stat lb vserver server-1

   stat service Service-HTTP-1

案例一：基本负载均衡的配置

   1、添加后端主机的别名

   add server zg-test-4.38 10.105.4.38

   add server zg-test-4.39 10.105.4.39

2、为后端服务器添加服务、端口及属性

   add service Server-HTTP-zg-test-1 zg-test-4.38 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES

   add service Server-HTTP-zg-test-2 zg-test-4.39 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES

   参数说明：

   1）maxclinet：netscaler向后端发送打开的连接数的最大值。

   2）manxReq：netscaler向后端发送服务器一个连接可以发送的最大请求数量。

   3）cip：是否在HTTP中启用传递客户端的IP地址

   4）usip：默认使用代理，即以本机的MIP作为源IP想后端服务器发起TCP请求，在某些业务中，可以使用转发的方式，即不改变源IP地址，以客户端作为源IP不变。

   5）useproxyport：在启用了usip时，是否以客户端的TCP端口作为源端口。

   6）sp：浪涌保护，一般建议关闭。

   7）cltTimeout，svrTimeout：关闭不活跃的TCP连接，（分别是客户端和服务器端）保持时间。

3、创建虚拟机服务，定义VIP地址等

   add lb vserver Vserver-zg-test HTTP 10.100.59.20 80 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -cltTimeout 10

   参数说明：

   1）lbMethod：负载均衡的算法，如轮询，最小连接

   2）persistenceType：会话保持的方法，可以使用cookieinsert，源地址会话保持。

   3）persistenceTypeBackup：如果第一种方法失败，使用第2中种。

   4）cltTimeout：客户端超时时间。

4、service和vserver做个绑定

   bind lb vserver Vserver-zg-test Server-HTTP-zg-test-1

   bind lb vserver Vserver-zg-test Server-HTTP-zg-test-2

   案例二：基本内容交换的负载均衡配置

   1、添加一个内容交换的策略

   add cs policy zg-cs-test-host-bbs.fr.sdo.com -rule "REQ.HTTP.HEADER Host == bbs.fr.sdo.com"

2、添加后端主机的别名

   add server zg-test-4.38 10.105.4.38

   add server zg-test-4.39 10.105.4.39

3、为后端服务器添加服务、端口及属性

   add service Server-HTTP-zg-test-1 zg-test-4.38 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES

   add service Server-HTTP-zg-test-2 zg-test-4.39 HTTP 80 -gslb NONE -maxClient 1000 -maxReq 1000 -cip ENABLED REALIP -usip NO -useproxyport YES -sp OFF -cltTimeout 10 -svrTimeout 20 -CKA YES -TCPB NO -CMP YES

4、添加2个Vserver，作为内部转发使用

   add lb vserver Vserver-zg-test-9001 HTTP 10.100.59.20 9001 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -cltTimeout 10

   add lb vserver Vserver-zg-test-9002 HTTP 10.100.59.20 9002 -lbMethod ROUNDROBIN -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -cltTimeout 10

5、绑定vserver与service

   bind lb vserver Vserver-zg-test-9001 Server-HTTP-zg-test-1

   bind lb vserver Vserver-zg-test-9002 Server-HTTP-zg-test-2

6、再添加一个内容交换的Vserver。

   add cs vserver Vserver-zg-test HTTP 10.100.59.20 80 -cltTimeout 10

7、绑定交换内容Vserver通过策略分发到负载均衡的vserver

   bind cs vserver Vserver-zg-test Vserver-zg-test-9001 -policyName cs-cs-test-host-bbs.fr.sdo.com -priority 100

   bind cs vserver Vserver-zg-test Vserver-zg-test-9002

免责声明：本文系网络转载或改编，未找到原创作者，版权归原作者所有。如涉及版权，请联系删