{"id":6312,"date":"2014-01-08T15:26:29","date_gmt":"2014-01-08T14:26:29","guid":{"rendered":"https:\/\/ingmarverheij.com\/?p=6312"},"modified":"2014-01-10T15:15:09","modified_gmt":"2014-01-10T14:15:09","slug":"citrix-netscaler-dsr-poor-mans-load-balancing-solution","status":"publish","type":"post","link":"https:\/\/ingmarverheij.com\/en\/citrix-netscaler-dsr-poor-mans-load-balancing-solution\/","title":{"rendered":"Citrix NetScaler: DSR, a poor man&#8217;s load balancing solution"},"content":{"rendered":"<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Magic-Quadrant-for-Application-Delivery-Controllers2.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: right; padding-top: 0px; padding-left: 0px; margin: 0px 0px 0px 5px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Magic Quadrant for Application Delivery Controllers\" alt=\"Gartner Magic Quadrant for Application Delivery Controllers 2013\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Magic-Quadrant-for-Application-Delivery-Controllers_thumb2.png\" width=\"154\" height=\"154\" align=\"right\" border=\"0\" \/><\/a>There are occasions where you need a good load balancer but don\u2019t have the budget. Microsoft offers <a href=\"https:\/\/en.wikipedia.org\/wiki\/Network_Load_Balancing_Services\" target=\"_blank\">Network Load Balancing services<\/a> (NLB) as part of their Windows server operating systems, but although we\u2019re looking for a cheap solution we try to avoid problems. This is where the Citrix <strong>NetScaler<\/strong> comes in. Gartner positioned the <a href=\"https:\/\/www.citrix.com\/products\/netscaler-application-delivery-controller\/overview.html\" target=\"_blank\">NetScaler ADC<\/a> in the <strong>leaders<\/strong> quadrant of the <a href=\"https:\/\/www.gartner.com\/technology\/reprints.do?id=1-1MCUHF2&amp;ct=131030&amp;st=sb\" target=\"_blank\">Magic Quadrant for Application Desktop Controllers<\/a> (for the <a href=\"https:\/\/www.citrix.nl\/news\/announcements\/nov-2013\/netscaler-in-gartner-adc-mq.html\" target=\"_blank\">7th consecutive year in 2013<\/a>), proving it to be good solution and a reliable partner. Using <strong>Direct Server Return <\/strong>(DSR) mode we can offer a \u201cpoor man\u2019s solution\u201d.<\/p>\n<p>In this article I\u2019ll explain why you might (not) want to implement Direct Server Return (DSR), how it works and of course how to configure it!<\/p>\n<p><!--more--><\/p>\n<h1>Costs<\/h1>\n<p>As said, sometimes we need a \u201ccheap\u201d solution because the budget isn\u2019t sufficient. The costs of a Citrix NetScaler are determined by a number of factors:<\/p>\n<ul>\n<li><strong>Platform<\/strong> \u2013 Ranges from VPX (virtual appliance) to MPX (hardware appliance to SDX (hardware appliance with advanced virtualization to consolidate up to 40 independently managed NetScalers)<\/li>\n<li><strong>Edition<\/strong> \u2013 Three editions (Standard \/ Enterprise \/ Platinum) are available. Each edition offers a (sub)set of features<\/li>\n<li><strong>Model<\/strong> \u2013 A variety of models exist to suit the most demanding IT and business needs. The model range offers an increasing <strong>throughput <\/strong>and other performance factors. <em>Once you hit your thoughput limit packets are queued, not dropped. If the same NetScaler is used for other purposes \u2013for instance Access Gateway \u2013 this could affect those services.<\/em><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Depending on your needs there\u2019s a NetScaler that fits your need. One of the criteria \u2013 looking at load balancing \u2013 is <strong>throughput<\/strong>. All platforms have different <strong>models<\/strong> which are limited on the throughput they can deliver. The more throughput you need the more expensive model you need. To give you a rough overview on the cost of a NetScaler VPX &#8211;\u00a0 the virtual appliance \u2013 this are the list prices of the <strong>Standard <\/strong>edition (which offers load balancing) .<\/p>\n<table style=\"width: 237px;\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"101\"><strong>Model<\/strong><\/td>\n<td valign=\"top\" width=\"73\"><strong>HTTP <br \/>throughput<\/strong><\/td>\n<td valign=\"top\" width=\"61\"><strong>Standard <br \/>edition<\/strong><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"101\"><em>VPX-Express<\/em><\/td>\n<td valign=\"top\" width=\"73\"><em>\u00a0\u00a0\u00a0\u00a0\u00a0 5 Mbps<\/em><\/td>\n<td valign=\"top\" width=\"61\"><em>$\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/em>0<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"101\">VPX-10<\/td>\n<td valign=\"top\" width=\"73\">\u00a0\u00a0\u00a0 10 Mbps<\/td>\n<td valign=\"top\" width=\"61\">$\u00a0\u00a0 2,000<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"101\">VPX-200<\/td>\n<td valign=\"top\" width=\"73\">\u00a0 200 Mbps<\/td>\n<td valign=\"top\" width=\"61\">$\u00a0\u00a0 5,000<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"101\">VPX-1000<\/td>\n<td valign=\"top\" width=\"73\">\u00a0\u00a0\u00a0\u00a0\u00a0 1 Gbps<\/td>\n<td valign=\"top\" width=\"61\">$ 15,000<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Source<\/strong>: <a href=\"https:\/\/store.citrix.com\/store\/citrixus\/en_US\/pd\/productID.201434800\" target=\"_blank\">Citrix Store \u2013 NetScaler VPX<\/a> \u2013 <em>January 10th 2014<\/em><\/p>\n<h6>\u00a0<\/h6>\n<h6>NetScaler VPX Express<\/h6>\n<p>There is a Citrix NetScaler VPX <strong>Express<\/strong> available for <strong>Free<\/strong>!\u00a0 The Express edition is limited to <a href=\"https:\/\/blogs.citrix.com\/2011\/02\/28\/netscaler-vpx-express-sets-your-networks-even-free-er-than-before\/\" target=\"_blank\">5 Mbps<\/a> throughput but offers full NetScaler <strong>Standard <\/strong>functionality. It even includes <strong>five <\/strong>free Access Gateway Enterprise edition Concurrent licenses!\u00a0 The Express edition does <strong>not <\/strong>entitle you to file a <strong>tech support <\/strong>case, you need a retail NetScaler VPX license. Therefor it is <strong>not recommended<\/strong> for production use \ud83d\ude09<\/p>\n<p>More information can be found in the NetScaler <a href=\"https:\/\/support.citrix.com\/servlet\/KbServlet\/download\/20334-102-696697\/CTX121291_v2.pdf\" target=\"_blank\">VPX Express FAQ<\/a> and <a href=\"https:\/\/blogs.citrix.com\/2011\/02\/28\/netscaler-vpx-express-sets-your-networks-even-free-er-than-before\/\" target=\"_blank\">Citrix Blogs<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h1>Throughput<\/h1>\n<p>As you can see throughput equals money, so with less throughput we can use a less expensive model (or platform). One way of lowering the throughput is by using Direct Server Return (DSR) mode.<\/p>\n<p>In a normal scenario where a client communicates with a server via a load balancer the following steps are involved.<\/p>\n<ol>\n<li>The client requests a file from the load balancer<\/li>\n<li>The load balancer forwards the request to the server<\/li>\n<li>The server sends the file to the load balancer<\/li>\n<li>The load balancer sends the file to the client<\/li>\n<\/ol>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-Normal-mode1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; margin-right: auto; border-width: 0px;\" title=\"Client - Server - Normal mode\" alt=\"Client - Server - Normal mode\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-Normal-mode_thumb1.png\" width=\"500\" height=\"94\" border=\"0\" \/><\/a><\/p>\n<p>In a Direct Server Return (DSR) mode the server doesn\u2019t answer the load balancer but returns the file to the client directly, resulting in the following steps:<\/p>\n<ol>\n<li>The client requests a file from the load balancer<\/li>\n<li>The load balancer forwards the request to the server<\/li>\n<li>The server sends the file to the client<\/li>\n<\/ol>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-DSR-mode1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; margin-right: auto; border-width: 0px;\" title=\"Client - Server - DSR mode\" alt=\"Client - Server - DSR mode\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-DSR-mode_thumb1.png\" width=\"500\" height=\"121\" border=\"0\" \/><\/a><\/p>\n<p>As a result the file returned by the server no longer travels <strong>through<\/strong> the NetScaler and less throughput is required. This &#8211; of course &#8211; only works if the returned data is the <strong>big data<\/strong> since all requests are made at the load balancer. In case you\u2019re uploading large files from the client to a server the Direct Server Return (DSR) mode won\u2019t help you here.<\/p>\n<p>&nbsp;<\/p>\n<h1>Applications<\/h1>\n<p>So when could Direct Server Return (DSR) mode be beneficial for you?\u00a0 If you need to load balancing client \u2013 server traffic where the response causes the majority of the throughput and you need a good load balancer that monitors the health of the servers, the Citrix NetScaler is a good option. If you don\u2019t want to let all traffic flow back through the load balancer, due to throughput limitations DSR could be a solution.<\/p>\n<p>Examples are:<\/p>\n<ul>\n<li><a href=\"https:\/\/nl.wikipedia.org\/wiki\/Trivial_File_Transfer_Protocol\" target=\"_blank\">Trivial File Tranfer Protocol (TFP)<\/a> \u2013 For instance for <a href=\"https:\/\/ingmarverheij.com\/en\/who-needs-pxe-for-citrix-provisioning-services\/\" target=\"_blank\">Citrix Provisioning Services (PVS)<\/a><\/li>\n<li>Microsoft App-V <a href=\"https:\/\/ingmarverheij.com\/en\/microsoft-app-v-5-0-streaming-via-http\/\" target=\"_blank\">streaming\u00a0 via HTTP<\/a>\u00a0<\/li>\n<li>Web server offering large downloads (like bigfile.iso in the example above)<\/li>\n<\/ul>\n<p>PS: Microsoft App V.4x streaming via RTSP and DSR mode does not seem to work according to <a href=\"https:\/\/www.barryschiffer.com\" target=\"_blank\">Barry Schiffer<\/a>. Apparently this has to do with the way Microsoft implemented the <a href=\"https:\/\/blogs.technet.com\/b\/appv\/archive\/2011\/06\/08\/app-v-fix-streaming-rtsp-may-fail-with-the-citrix-netscaler-load-balancer.aspx\" target=\"_blank\">RTSP protocol<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h1>Considerations<\/h1>\n<p>Before you start reading how you can configure your environment to use Direct Server Return (DSR) mode there are some things to consider. To achieve the aforementioned functionality a number of tricks are applied that might not work or break existing functionality. <em>More information about features and limitations can be found in the <\/em><a href=\"https:\/\/support.citrix.com\/proddocs\/topic\/netscaler-load-balancing-93\/ns-lb-usecases-dsrmode-con.html\" target=\"_blank\"><em>Citrix eDocs<\/em><\/a><em>.<\/em><\/p>\n<p>&nbsp;<\/p>\n<h6>Changes on load balancer AND server<\/h6>\n<p>implementing Direct Server Return (DSR) mode requires you not only change the load balancer but also the server. In other words, you required administrative access to the load balanced servers and need to make system changes. Not just the load balancer.<\/p>\n<h6>Packet Processing Flow<\/h6>\n<p>A Citrix NetScaler processes packets in a pre-defined order. When traffic flows through a NetScaler it evaluates its feature sets, logging matching policy actions.<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Packet-Processing-Flow-Diagram-Normal-mode.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; margin-right: auto; border-width: 0px;\" title=\"Packet Processing Flow Diagram - Normal mode\" alt=\"Packet Processing Flow Diagram - Normal mode\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Packet-Processing-Flow-Diagram-Normal-mode_thumb.png\" width=\"500\" height=\"144\" border=\"0\" \/><\/a><\/p>\n<p>As can be seen in the diagram a packet is evaluated when it travels from the client to the server and again when it travels back from the client to the server. When Direct Server Return (DSR) mode is used the packet never travels back through the NetScaler, as a result the a number of actions are never applied: Using Direct Server Return (DSR) mode the NetScaler can offer less functionality.<\/p>\n<ul>\n<li>CF + CMP + CKA<\/li>\n<li>Response Rewrite<\/li>\n<li>Apply Rewrite<\/li>\n<li>NS Body Transformer<\/li>\n<li>Caching \u2013 <em>Read more about <a href=\"https:\/\/ingmarverheij.com\/en\/citrix-netscaler-cache-microsoft-app-v-sequences\/\" target=\"_blank\">Integrated Caching here<\/a><\/em><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Packet-Processing-Flow-Diagram-DSR-mode.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; margin-right: auto; border-width: 0px;\" title=\"Packet Processing Flow Diagram - DSR mode\" alt=\"Packet Processing Flow Diagram - DSR mode\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Packet-Processing-Flow-Diagram-DSR-mode_thumb.png\" width=\"500\" height=\"144\" border=\"0\" \/><\/a><\/p>\n<h6><br clear=\"all\" \/>Firewall and routing<\/h6>\n<p>Instead of changing the destination IP the destination MAC is changed (see paragraph \u201cHow it works\u201d for details) the SNIP must reside in the same routing subnet as the VIP of the virtual server. If for example the VIP and SNIP are in 10.0.0.x and the server in 192.16.0.x then the packet is never routed . The SNIP sent outs a package from the 10.0.0.x subnet and therefore should not be routed, as a result no server picks up the packet (the NIC with the provided MAC listens on the 192.168.0.x subnet).<\/p>\n<h6>Incomplete SYN<\/h6>\n<p><em>From eDocs<\/em>: Because the appliance does not proxy TCP connections (that is it does not send SYN-ACK to the client), it does not completely shut out SYN attacks. By using the SYN packet rate filter, you can control the rate of SYNs to the server. To control the rate of SYNs, set a threshold for the rate of SYNs. To get protection from SYN attacks, you must configure the appliance to proxy TCP connections. However, that requires the reverse traffic to flow through the appliance.<\/p>\n<p>Because there\u2019s an incomplete SYN Intrusion Detection \/ Protection Systems (IDS \/ IPS) could mark the traffic as malicious and therefore break it.<\/p>\n<h6>Monitors<\/h6>\n<p>Not all monitors can be used to monitor the health of services. This is is due to the fact that the NetScaler forwards packets using the server MAC address instead of the destination server IP. The following monitors are affected: <em>Citrix-WI-Extended\u00a0 &#8211; FTP\u00a0 &#8211;\u00a0 LDAP \u2013 MySQL \u2013 NNTP \u2013 POP3 \u2013 Radius \u2013 SMTP \u2013 SNMP &#8211; USER (Custom Perl Script). More information (and a solution) can be read in <\/em><a href=\"https:\/\/support.citrix.com\/article\/CTX138969\" target=\"_blank\"><em>CTX138969<\/em><\/a><em>.<\/em><\/p>\n<p>&nbsp;<\/p>\n<h1>How it works<\/h1>\n<p>In short Direct Server Return (DSR) mode works by replacing the MAC addresses of the sender to the MAC address of the load balancer server (MAC based forwarding) and by providing the source IP of the client instead of the NetScaler (Use Source IP \u2013 USIP).<\/p>\n<p>Let\u2019s see how the the packets are changed in an <strong>example<\/strong>. Let\u2019s assume the following fictitious IP and MAC addresses are used:<\/p>\n<table style=\"width: 329px;\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"116\">\u00a0<\/td>\n<td valign=\"top\" width=\"88\"><strong>IP<\/strong><\/td>\n<td valign=\"top\" width=\"123\"><strong>MAC<\/strong><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"116\"><strong>Client<\/strong><\/td>\n<td valign=\"top\" width=\"88\">10.0.0.1<\/td>\n<td valign=\"top\" width=\"123\">00:01:aa:bb:cc:dd:01<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"116\"><strong>NetScaler \u2013 VIP<\/strong><\/td>\n<td valign=\"top\" width=\"88\">10.0.0.10<\/td>\n<td valign=\"top\" width=\"123\">00:01:aa:bb:cc:dd:0a<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"116\"><strong>NetScaler \u2013 SNIP<\/strong><\/td>\n<td valign=\"top\" width=\"88\">10.0.0.11<\/td>\n<td valign=\"top\" width=\"123\">00:01:aa:bb:cc:dd:0b<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"116\"><strong>Server<\/strong><\/td>\n<td valign=\"top\" width=\"88\">10.0.0.100<\/td>\n<td valign=\"top\" width=\"123\">00:01:aa:bb:cc:dd:64<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>If we look at the previous example, in normal mode four packets are sent (simplified):<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-Normal-mode2.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; margin-right: auto; border-width: 0px;\" title=\"Client - Server - Normal mode\" alt=\"Client - Server - Normal mode\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-Normal-mode_thumb2.png\" width=\"500\" height=\"94\" border=\"0\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<table style=\"width: 577px;\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"113\"><strong>Step<\/strong><\/td>\n<td valign=\"top\" width=\"110\"><strong>Source <br \/>IP<\/strong><\/td>\n<td valign=\"top\" width=\"124\"><strong>Source <br \/>MAC<\/strong><\/td>\n<td valign=\"top\" width=\"107\"><strong>Destination <br \/>IP<\/strong><\/td>\n<td valign=\"top\" width=\"121\"><strong>Destination <br \/>MAC<\/strong><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"118\"><strong>1<\/strong><\/td>\n<td valign=\"top\" width=\"113\">10.0.0.1<\/td>\n<td valign=\"top\" width=\"128\">00:01:aa:bb:cc:dd:01<\/td>\n<td valign=\"top\" width=\"109\">10.0.0.10<\/td>\n<td valign=\"top\" width=\"125\">00:01:aa:bb:cc:dd:0a<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"116\"><strong>2<\/strong><\/td>\n<td valign=\"top\" width=\"113\">10.0.0.11<\/td>\n<td valign=\"top\" width=\"131\">00:01:aa:bb:cc:dd:0b<\/td>\n<td valign=\"top\" width=\"109\">10.0.0.100<\/td>\n<td valign=\"top\" width=\"128\">00:01:aa:bb:cc:dd:64<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"113\"><strong>3<\/strong><\/td>\n<td valign=\"top\" width=\"112\">10.0.0100<\/td>\n<td valign=\"top\" width=\"133\">00:01:aa:bb:cc:dd:64<\/td>\n<td valign=\"top\" width=\"108\">10.0.0.11<\/td>\n<td valign=\"top\" width=\"131\">00:01:aa:bb:cc:dd:0b<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"112\"><strong>4<\/strong><\/td>\n<td valign=\"top\" width=\"110\">10.0.0.10<\/td>\n<td valign=\"top\" width=\"135\">00:01:aa:bb:cc:dd:0a<\/td>\n<td valign=\"top\" width=\"108\">10.0.0.1<\/td>\n<td valign=\"top\" width=\"133\">00:01:aa:bb:cc:dd:01<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>When using Direct Server Return (DSR) mode only three packets are sent (simplified):<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-DSR-mode2.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; margin-right: auto; border-width: 0px;\" title=\"Client - Server - DSR mode\" alt=\"Client - Server - DSR mode\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Client-Server-DSR-mode_thumb2.png\" width=\"500\" height=\"121\" border=\"0\" \/><\/a><\/p>\n<table style=\"width: 577px;\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"113\"><strong>Step<\/strong><\/td>\n<td valign=\"top\" width=\"110\"><strong>Source <br \/>IP<\/strong><\/td>\n<td valign=\"top\" width=\"124\"><strong>Source <br \/>MAC<\/strong><\/td>\n<td valign=\"top\" width=\"107\"><strong>Destination <br \/>IP<\/strong><\/td>\n<td valign=\"top\" width=\"121\"><strong>Destination <br \/>MAC<\/strong><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"118\"><strong>1<\/strong><\/td>\n<td valign=\"top\" width=\"113\">10.0.0.1<\/td>\n<td valign=\"top\" width=\"128\">00:01:aa:bb:cc:dd:01<\/td>\n<td valign=\"top\" width=\"109\">10.0.0.10<\/td>\n<td valign=\"top\" width=\"125\">00:01:aa:bb:cc:dd:0a<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"116\"><strong>2<\/strong><\/td>\n<td valign=\"top\" width=\"113\"><span style=\"background-color: #ffff00;\">10.0.0.1<\/span><\/td>\n<td valign=\"top\" width=\"131\"><span style=\"background-color: #ffff00;\">00:01:aa:bb:cc:dd:01<\/span><\/td>\n<td valign=\"top\" width=\"109\"><span style=\"background-color: #00ff00;\">10.0.0.10<\/span><\/td>\n<td valign=\"top\" width=\"128\"><span style=\"background-color: #00ff00;\">00:01:aa:bb:cc:dd:64<\/span><\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"113\"><strong>3<\/strong><\/td>\n<td valign=\"top\" width=\"112\">10.0.010<\/td>\n<td valign=\"top\" width=\"133\">00:01:aa:bb:cc:dd:64<\/td>\n<td valign=\"top\" width=\"108\">10.0.0.1<\/td>\n<td valign=\"top\" width=\"131\">00:01:aa:bb:cc:dd:01<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>As you can see the \u201cmagic happens\u201d in the <strong>second<\/strong> step when the NetScaler requests the file at the server. <span style=\"background-color: #00ff00;\">Mac Based Forwarding<\/span>: Instead of changing the destination IP to the IP of the server (10.0.0.100) the VIP is used (10.0.10), to ensure the packet is delivered at the correct server the MAC of the destination server is in the packet. <br clear=\"all\" \/><span style=\"background-color: #ffff00;\">Use Source IP (USIP): <\/span>Now the server needs to answer the client instead of the SNIP of the NetScaler. Instead of providing the SNIP as the source IP and MAC the IP and MAC of the client are provided in the packet.<\/p>\n<p>Now the server receives a packet with an IP it doesn\u2019t own (it receives a packet with IP 10.0.0.10 while it only owns 10.0.0.100). To prevent that the packet is dropped a <strong>loopback<\/strong> interface is created on the server with the IP of the VIP (10.0.0.10).\u00a0 To avoid problems with the ARP table the loopback interface is configured as a <strong>non-arping interface<\/strong> (for an example see below).<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h1>How to configure Direct Server Return (DSR) mode<\/h1>\n<p>Finally! Here\u2019s the part where I describe the steps that are needed to get Direct Server Return (DSR) mode working <img decoding=\"async\" class=\"wlEmoticon wlEmoticon-smile\" style=\"border-style: none;\" alt=\"Smile\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/wlEmoticon-smile.png\" \/>. Configuring Direct Server Return (DSR) mode requires you to configure both the NetScaler and the server.<\/p>\n<p>&nbsp;<\/p>\n<h3>NetScaler<\/h3>\n<h6>Modes<\/h6>\n<p>Since we use MAC based forwarding this mode needs to be enabled, by default it\u2019s disabled. In the <strong>Configuration<\/strong> tab go to <strong>System<\/strong>&gt; <strong>Settings<\/strong> and click on <strong>Configure modes. <\/strong>Select the <strong>MAC based forwarding<\/strong> mode and click <strong>OK.<\/strong><\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-System-Settings-1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Configuration - System - Settings \" alt=\"Configuration - System - Settings \" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-System-Settings-_thumb1.png\" width=\"254\" height=\"180\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configure-Modes-MAC-based-forwarding.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Configure Modes - MAC based forwarding\" alt=\"Configure Modes - MAC based forwarding\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configure-Modes-MAC-based-forwarding_thumb.png\" width=\"141\" height=\"180\" border=\"0\" \/><\/a><\/p>\n<p>Or via CLI<\/p>\n<pre>enable ns mode mbf<\/pre>\n<p>&nbsp;<\/p>\n<h6>\u00a0<\/h6>\n<h6>Basic features<\/h6>\n<p>Of course the load balancing feature needs to be enabled, this is disabled by default. In the <strong>Configuration<\/strong> tab go to <strong>System<\/strong>&gt; <strong>Settings<\/strong> and click on <strong>Configure modes. <\/strong>Select the <strong>MAC based forwarding<\/strong> mode and click <strong>OK.<\/strong><\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-System-Settings-Configure-basic-features.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Configuration - System - Settings - Configure basic features\" alt=\"Configuration - System - Settings - Configure basic features\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-System-Settings-Configure-basic-features_thumb.png\" width=\"254\" height=\"180\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configure-Basic-Features-Load-Balancing.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Configure Basic Features - Load Balancing\" alt=\"Configure Basic Features - Load Balancing\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configure-Basic-Features-Load-Balancing_thumb.png\" width=\"201\" height=\"180\" border=\"0\" \/><\/a><\/p>\n<p>Or via CLI<\/p>\n<pre>enable ns feature lb<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h6>Server<\/h6>\n<p>For each load balanced server a Server-object needs to be created. Nothing special here, just add a normal server. In the <strong>Configuration <\/strong>tab go to <strong>Traffic Management<\/strong> &gt; <strong>Load Balancing <\/strong>&gt; <strong>Servers<\/strong> and click on <strong>Add<\/strong>.<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-Traffic-Management-Load-Balancing-Servers-Add.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Configuration - Traffic Management - Load Balancing - Servers - Add\" alt=\"Configuration - Traffic Management - Load Balancing - Servers - Add\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-Traffic-Management-Load-Balancing-Servers-Add_thumb.png\" width=\"254\" height=\"128\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Server-Server-1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Create Server - Server 1\" alt=\"Create Server - Server 1\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Server-Server-1_thumb.png\" width=\"181\" height=\"128\" border=\"0\" \/><\/a><\/p>\n<p>Or via CLI<\/p>\n<pre>add server Server1 10.0.0.100<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h6>Service<\/h6>\n<p>Each service offers one or more services (like HTTP, DNS, MySQL, etc.). A NetScaler load balances traffic across services, not across servers. We need to create a service with the protocol <strong>ANY<\/strong>, a basic <strong>monitor <\/strong>(as said earlier, not all monitors work with DSR\u2013 <a href=\"https:\/\/support.citrix.com\/article\/CTX138969\" target=\"_blank\">CTX138969<\/a>) and <strong>Use Source IP (USIP<\/strong>) needs to be enabled. Of course the service needs to be bound to a server on a specific port, in the example port 80 (HTTP). In the <strong>Configuration <\/strong>tab go to <strong>Traffic Management<\/strong> &gt; <strong>Load Balancing <\/strong>&gt; <strong>Services <\/strong>and click on <strong>Add<\/strong>.<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-Traffic-Management-Load-Balancing-Services-Add.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Configuration - Traffic Management - Load Balancing - Services - Add\" alt=\"Configuration - Traffic Management - Load Balancing - Services - Add\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-Traffic-Management-Load-Balancing-Services-Add_thumb.png\" width=\"254\" height=\"158\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Service-Monitors.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Create Service - Monitors\" alt=\"Create Service - Monitors\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Service-Monitors_thumb.png\" width=\"165\" height=\"129\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Service-Advanced.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Create Service - Advanced\" alt=\"Create Service - Advanced\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Service-Advanced_thumb.png\" width=\"165\" height=\"129\" border=\"0\" \/><\/a><\/p>\n<p>Or via CLI<\/p>\n<pre>add service service_Server1_ANY server1 ANY 80 -usip Yes<\/pre>\n<p>&nbsp;<\/p>\n<h6>\u00a0<\/h6>\n<h6>Virtual Server<\/h6>\n<p>Last we need a virtual server that load balances traffic to one or more virtual service. What\u2019s important is that protocol is <strong>ANY <\/strong>(just like the service), the load balancing method is <strong>Source IP Hash<\/strong> and the redirection mode is <strong>MAC based<\/strong> (aka MAC based forwarding). Since no return traffic passes the NetScaler is makes no sense to keep track of sessions, therefor it is recommended to make the virtual server <strong>Sessionless<\/strong>. In the <strong>Configuration <\/strong>tab go to <strong>Traffic Management<\/strong> &gt; <strong>Load Balancing <\/strong>&gt; <strong>Virtual Servers <\/strong>and click on <strong>Add<\/strong>.<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-Traffic-Management-Load-Balancing-Virtual-Servers-Add.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Configuration - Traffic Management - Load Balancing - Virtual Servers - Add\" alt=\"Configuration - Traffic Management - Load Balancing - Virtual Servers - Add\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Configuration-Traffic-Management-Load-Balancing-Virtual-Servers-Add_thumb.png\" width=\"254\" height=\"150\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Virtual-Server-Load-Balancing-Services.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Create Virtual Server (Load Balancing) - Services\" alt=\"Create Virtual Server (Load Balancing) - Services\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Virtual-Server-Load-Balancing-Services_thumb.png\" width=\"211\" height=\"150\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Virtual-Server-Load-Balancing-Method-and-Persistence.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Create Virtual Server (Load Balancing) - Method and Persistence\" alt=\"Create Virtual Server (Load Balancing) - Method and Persistence\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Virtual-Server-Load-Balancing-Method-and-Persistence_thumb.png\" width=\"211\" height=\"150\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Virtual-Server-Load-Balancing-Advanced.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Create Virtual Server (Load Balancing) - Advanced\" alt=\"Create Virtual Server (Load Balancing) - Advanced\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Create-Virtual-Server-Load-Balancing-Advanced_thumb.png\" width=\"211\" height=\"150\" border=\"0\" \/><\/a><\/p>\n<p>Or vla CLI<\/p>\n<pre>add lb vserver vserver_DSR ANY 10.0.0.11 80 -lbmethod SOURCEIPHASH -m MAC -sessionless ENABLED\r\nbind lb vserver vserver_DSR service_Server1_ANY<\/pre>\n<p>PS: For certain services (such as FTP) you need to enable connection failover: stateless<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h3>Server<\/h3>\n<h6>Loopback interface<\/h6>\n<p>One each load balanced server a loopback interface is created with the IP of the virtual server VIP. This ensures that the server doesn\u2019t drop the packet when it enters the IP stack.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Windows<br \/> <br clear=\"all\" \/><\/strong>In Windows you can add a Loopback interface using the <strong>Add Hardware Wizard<\/strong> (hdwwiz.exe).\u00a0 In Windows Server 2012 the loopback interface is renamed to <strong>Microsoft KM-TEST Loopback Adapter<\/strong>.<\/p>\n<p><strong><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Add Hardware Wizard - 1\" alt=\"Add Hardware Wizard - 1\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-1_thumb.png\" width=\"174\" height=\"129\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-2.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Add Hardware Wizard - 2\" alt=\"Add Hardware Wizard - 2\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-2_thumb.png\" width=\"174\" height=\"129\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-3.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Add Hardware Wizard - 3\" alt=\"Add Hardware Wizard - 3\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-3_thumb.png\" width=\"174\" height=\"129\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-4.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Add Hardware Wizard - 4\" alt=\"Add Hardware Wizard - 4\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-4_thumb.png\" width=\"174\" height=\"129\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-5.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Add Hardware Wizard - 5\" alt=\"Add Hardware Wizard - 5\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-5_thumb.png\" width=\"174\" height=\"129\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-6.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Add Hardware Wizard - 6\" alt=\"Add Hardware Wizard - 6\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Add-Hardware-Wizard-6_thumb.png\" width=\"174\" height=\"129\" border=\"0\" \/><\/a><\/strong><\/p>\n<p><strong>Rename<\/strong> the new loopback network to \u201cLoopback\u201d in <strong>Control Panel <\/strong>&gt; <strong>Network and Internet <\/strong>&gt; <strong>Network Connections<\/strong>.<\/p>\n<p><strong><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Control-Panel-Network-and-Internet-Network-connections.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; float: none; padding-top: 0px; padding-left: 0px; margin-left: auto; display: block; padding-right: 0px; margin-right: auto; border-width: 0px;\" title=\"Control Panel - Network and Internet - Network connections\" alt=\"Control Panel - Network and Internet - Network connections\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Control-Panel-Network-and-Internet-Network-connections_thumb.png\" width=\"354\" height=\"87\" border=\"0\" \/><\/a><\/strong><\/p>\n<p>Open the properties of the Loopback adapter and disable all services except <strong>Internet Protocl Version 4 (TCP\/IPv4)<\/strong> and specify the IP address of the <strong>virtual server VIP<\/strong> (10.0.0.100 in the example from above). The same subnet should <strong>be 255.255.255.255 <\/strong>(limitiing it to just this IP) , <span style=\"text-decoration: underline;\">do not<\/span> specify a gateway!\u00a0 Important as well is to <strong>disable DNS registration<\/strong> and <strong>NetBIOS<\/strong> <strong>over TCP\/IP<\/strong> in the Advanced tab.<\/p>\n<p><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Loopback-Properties1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Loopback Properties\" alt=\"Loopback Properties\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Loopback-Properties_thumb1.png\" width=\"123\" height=\"154\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Internet-Protocol-Version-4-TCP-IPv4-Properties1.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Internet Protocol Version 4 (TCP-IPv4) Properties\" alt=\"Internet Protocol Version 4 (TCP-IPv4) Properties\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Internet-Protocol-Version-4-TCP-IPv4-Properties_thumb1.png\" width=\"138\" height=\"154\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Advanced-TCPIP-Settings-DNS.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Advanced TCPIP Settings - DNS\" alt=\"Advanced TCPIP Settings - DNS\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Advanced-TCPIP-Settings-DNS_thumb.png\" width=\"130\" height=\"154\" border=\"0\" \/><\/a><a href=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Advanced-TCPIP-Settings-WINS.png\"><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" title=\"Advanced TCPIP Settings - WINS\" alt=\"Advanced TCPIP Settings - WINS\" src=\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2014\/01\/Advanced-TCPIP-Settings-WINS_thumb.png\" width=\"130\" height=\"154\" border=\"0\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Linux<br \/> <br clear=\"all\" \/><\/strong>In Linux you can add a loopback interface via CLI<\/p>\n<pre>ifconfig dummy0 up\r\nifconfig dummy0:0 inet 10.0.0.10 netmask 255.255.255.255 up<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h6>Non-arping interface<\/h6>\n<p>To avoid problems with the ARP table the loopback interface is configured as a <strong>non-arping interface<\/strong>.<\/p>\n<p><strong>Windows<br \/> <br clear=\"all\" \/><\/strong>Open a command\u00a0 prompt and enable weak host receiving and sending on the loopback interface. Also enable weak host receiving on the production interface\u00a0 (bound to 10.0.0.100 in the example).<\/p>\n<pre>netsh int ipv4 set int \"Loopback\" weakhostreceive=enabled weakhostsend=enabled \r\nnetsh int ipv4 set int \"Ethernet\" weakhostreceive=enabled <\/pre>\n<p>It very well could be that your machine already cached some arp data. You could wait until the cache is invalidated or clear the cache by issuing the command<\/p>\n<pre>arp -d *<\/pre>\n<p>&nbsp;<\/p>\n<p><em>More information about strong and weak host models can be found at <\/em><a href=\"https:\/\/technet.microsoft.com\/nl-nl\/magazine\/2007.09.cableguy(en-us).aspx\" target=\"_blank\"><em>TechNet Magazine \u2013 The Cable Guy.<\/em><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Linux<br \/> <br clear=\"all\" \/><\/strong>In Linux the loopback interface can be confiured as non-arping by issueing the following commands:<\/p>\n<pre>echo 1 &gt; \/proc\/sys\/net\/ipv4\/conf\/dummy0\/arp_ignore\r\necho 2 &gt; \/proc\/sys\/net\/ipv4\/conf\/dummy0\/arp_announce<\/pre>\n<p><em>More information about arp annound \/ arp ignore to disable ARP can be read at the <\/em><a href=\"https:\/\/Using arp announce\/arp ignore to disable ARP\" target=\"_blank\"><em>WIKI of Linux Virtual Server<\/em><\/a>. <em>For more information see <\/em><a href=\"https:\/\/support.citrix.com\/proddocs\/topic\/netscaler-load-balancing-93\/ns-lb-usecases-dsrmode-linux-tsk.html\" target=\"_blank\"><em>Configuring LINUX Servers in DSR Mode<\/em><\/a><em> on Citrix eDocs<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>.<\/p>","protected":false},"excerpt":{"rendered":"<p>There are occasions where you need a good load balancer but don\u2019t have the budget. Microsoft offers Network Load Balancing services (NLB) as part of their Windows server operating systems, but although we\u2019re looking for a cheap solution we try to avoid problems. This is where the Citrix NetScaler comes in. Gartner positioned the NetScaler [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[502],"tags":[640,641,639,503,534],"class_list":["post-6312","post","type-post","status-publish","format-standard","hentry","category-netscaler","tag-direct-server-return","tag-dsr","tag-load-balancing","tag-netscaler-2","tag-vpx"],"_links":{"self":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/6312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/comments?post=6312"}],"version-history":[{"count":13,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/6312\/revisions"}],"predecessor-version":[{"id":6406,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/6312\/revisions\/6406"}],"wp:attachment":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/media?parent=6312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/categories?post=6312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/tags?post=6312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}