Configuring Citrix Netscaler VPX load balancers

The following topics provide information about Pod and Container Management (PCM) changes and requirements that support the management of a Citrix Netscaler load balancer using BMC Network Automation as part of a BMC Cloud Lifecycle Management implementation:

The software-based Citrix NetScaler VPX virtual appliance is an easy-to-deploy solution that runs on multiple virtualization platforms. It can be deployed on demand, anywhere in the data center, using off-the-shelf standard servers, such as ESX or ESXi, by using vCentre. The simplicity and flexibility of NetScaler VPX enable you to fully optimize every web application and more effectively integrate networking services with application delivery.

BMC Network Automation manages deployment and undeployment of the Citrix Netscaler VPX VM on vCentre by using an external script action, which calls a vSphere API to perform the deploy and undeploy operations.

Guidelines for creating a pod blueprint

Apply the following guidelines when creating a pod blueprint to use a Citrix Netscaler VPX load balancer.

Licensing a Citrix Netscaler VPX load balancer

Licensing is a manual process that you must do after container creation and before performing any Load Balancer (LB) Pool actions. The license is tightly coupled with the host ID of the VM. Therefore, for high availability (HA), you must install the license on both the active and standby Citrix VMs.

To install the license for a Citrix Netscaler VPX load balancer

  1. Get the host ID of the device by using the lmutil lmhostid -ether command from the shell mode.

  2. Go to www.citrix.com and download the license file by using the host ID.

  3. Transfer this license file by using TFTP to the /nsconfig/license directory.

  4. Reboot the VM.

Note

Ensure that in the BCAN_DATA\Global.properties.imported file, verifySshServer is set to false.

Requirements for a pod blueprint

You deploy the Citrix Netscaler VPX VM when you create a container. Therefore, you do not actually need a pod host node. However, due to the current model requirement, you must define a single pod node in the pod blueprint for LoadBalancer. The Netscaler device selected for the LoadBalancer node in the pod can be simulated or dummy. You must add the device in BMC Network Automation by using SSH as the access mode and 22 as the port. You must define all the required parameters for this node from the Admin tab during pod creation.

Example of a pod node with sample values

For HA, you require the HA ID Integer Pool. Therefore, you must define one integer pool blueprint. Per Citrix, the possible range for an HA ID is from 1 to 64.

Back to top

Limitations of Citrix Netscaler VPX load balancer

When a NIC is removed from a Citrix VPX load balancer, the interface IDs of the existing NICs are reclaculated. For example, consider a container that has a Citrix VPX load balancer and two NIC Segments, NIC1 and NIC2, which are enabled and with interface IDs 1/1 and 1/2. When you disable NIC1, its NIC is removed from Citrix VPX, and the interface ID associated with NIC2 is changed from 1/2 to 1/1. The VLAN and IP address bindings of the existing interface are also removed.

Recommendation

When a NIC segment is disabled, BMC Network Automation removes the appropriate NIC from the Citrix VPX VM. Owing to the above limitation, BMC recommends that you do not toggle a NIC on a Citrix VPX device.

Occasionally, when you perform the following operations on Citrix Netscaler, the VM reboots, and the sshd process fails to start. As a result, BMC Network Automation cannot log on to the device:

  • Provision a container: Deprovision and then provision the container to resolve the issue
  • Toggle the load balancer: Enable the load balancer to resolve the issue
  • Toggle the NIC segments

Back to top

Guidelines for creating a container blueprint

The container blueprint must have one node of containerLoadBalancerHostBlueprint type for the Citrix load balancer, three virtualGuestBlueprints for HA (active/standby), or one virtualGuestBlueprints  for stand-alone mode.

containerLoadBalancerHostBlueprint

The Create Citrix VM configuration action is required in the containerLoadBalancerHostBlueprint tag. This configuration action is of External Script Action type with the required mappings of all the runtime parameters and their values. You can have hard-coded values or substitution parameters for the <value> tags.

machineId1 and machineId2 are runtime parameters defined for passing the IP address, subnet mask, and gateway address. For stand-alone mode, you must define a single runtime parameter, machineId1.

Set <haFlag> to true for active/standby mode and false for stand-alone mode. portProfileName and portProfile2Name are used to map appropriate port groups to NIC 1/0 and NIC 1/1. If your deployment has more NIC, you must define additional runtime properties.

 Click here to view the Create Citrix VM action for the Load Balancer Host Node.
Sample Load Balancer Host Node
<nodeBlueprint xsi:type="containerLoadBalancerHostBlueprint" xmlns:xsi="http://www.w3.org/2001/
XMLSchema-instance">
  <addressBlueprints /> 
  <category>7</category> 
  <configureActionInfoBlueprints>
    <configureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>5F09E1A8-8679-4D7F-B775-137B347AB898</guid> 
      <name>Create Citrix VM</name> 
      <condition>-EXISTS- container.nodes['Netscaler-VLB']</condition> 
      <runtimeProps>
        <item>
          <key>vCentreURL</key> 
          <value>${pod.node.params[vCenter Address]}</value> 
        </item>
        <item>
          <key>vCentreUser</key> 
          <value>${pod.node.params[vCenter Admin Username]}</value> 
        </item>
        <item>
          <key>vCentreUserPassword</key> 
          <value>${pod.node.params[vCenter Admin Password]}</value> 
        </item>
        <item>
          <key>datacenter</key> 
          <value>${pod.node.params[ESX Data Center]}</value> 
        </item>
        <item>
          <key>esxCluster</key> 
          <value>${pod.node.params[ESX Cluster]}</value> 
        </item>
        <item>
          <key>primaryVmName</key> 
          <value>${container.nodes[Netscaler-VLB-primary].device.name}</value> 
        </item>
        <item>
          <key>secondaryVmName</key> 
          <value>${container.nodes[Netscaler-VLB-secondary].device.name}</value> 
       </item>
       <item> 
          <key>portProfile1Name</key> 
          <value>${pod.node.params[Nic 0 Port Profile]}</value>
       </item>
       <item>
          <key>haFlag</key> 
          <value>true</value> 
        </item>
        <item>
          <key>ovfFileName</key> 
          <value>${pod.node.params[OVA File Location]}</value> 
        </item>
        <item>
          <key>machineId1</key> 
          <value>"ip=${container.nodes[Netscaler-VLB-primary].addresses[Management-primary]}
&netmask=${container.nodes[Netscaler-VLB-primary].addresses[Management-primary].subnetMask}
&gateway=${pod.addressPools[Management].gatewayAddress}"</value> 
        </item>
        <item>
          <key>machineId2</key> 
          <value>"ip=${container.nodes[Netscaler-VLB-secondary].addresses[Management-secondary]}
&netmask=${container.nodes[Netscaler-VLB-primary].addresses[Management-primary].subnetMask}
&gateway=${pod.addressPools[Management].gatewayAddress}"</value> 
        </item>
      </runtimeProps>
    </configureActionInfoBlueprint>
  </configureActionInfoBlueprints>

The CreateVm utility removes the extra NICs except the Management NIC from the deployed VM.

You deploy the Citrix Netscaler VM by using a single NIC. The default NIC is used for Management Network. To add additional Customer Network NIC Segments, the administrator must add the NICs to the Citrix Netscaler VM. To manage NICs dynamically, you must add or delete NICs to or from the Citrix Netscaler VM.

The Add NIC for Customer Network 1 VM Primary configuration action adds a NIC to the Citrix Netscaler VM to support Customer Network 1 NIC Segment. If Customer Network 1 NIC Segment and Netscaler-VLB are enabled, the configuration action triggers the Add NIC to VM external script action. This script action adds one NIC of the defined type to the Citrix Netscaler VM and maps it to the respective port profile defined in <networkName>.

<condition> defines the trigger condition.

The Citrix Netscaler VM must be powered off when adding or deleting a NIC. Setting <powerOffRequired> to true powers off the VM before adding a NIC.

The unconfigureActionInfoBlueprint tag triggers the Remove NIC from VM external script action and deletes the corresponding NIC from the Citrix Netscaler VM. For newly added interfaces, where configuration is required, you have to define configure or unconfigure actions of type mergeActionInfoBlueprint with the same trigger condition as that defined in the virtualGuestBlueprint tag. If multiple NICs are added, you must define multiple configure and unconfigure actions.

Back to top

virtualGuestBlueprint

For HA (active/standby) mode, you must deploy two Citrix Netscaler VPX VMs. First, deploy the primary guest device, and then the secondary guest device. containerLoadBalancerHostBlueprint must have primaryVirtualGuestBlueprint, secondaryVirtualGuestBlueprint, and virtualGuestBlueprint tags. You must add the primary and secondary virtual guests in the BMC Network Automation database by using individual guest addresses.

 Click here to view the primaryVirtualGuestBlueprint.
Sample primaryVirtualGuestBlueprint
<primaryVirtualGuestBlueprint xsi:type="containerVlbBlueprint">
  <configureActionInfoBlueprints>
    <configureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/2001/
XMLSchema-instance">
      <condition>-EXISTS- container.nodes['Netscaler-VLB']</condition> 
      <description>Merge Action Info</description> 
      <name>Configure LB1</name> 
      <templateGroups>
        <item>ConfigureLB1</item> 
      </templateGroups>
    </configureActionInfoBlueprint>
    <configureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>5F09E1A8-8679-4D7F-B775-137B347AB898</guid> 
      <name>Add NIC for Customer Network 1 VM Primary</name>     
      <condition>(-EXISTS- container.zones['Zone 1'].nicSegments['Customer Network 1']) -AND- 
(-EXISTS- container.nodes['Netscaler-VLB'])</condition>
      <runtimeProps>
        <item>
          <key>vCentreURL</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Address]}</value> 
        </item>
        <item>
          <key>vCentreUser</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Username]}</value> 
        </item>
        <item>
          <key>vCentreUserPassword</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Password]}</value> 
        </item>
        <item>
          <key>vmName</key>
          <value>${container.name}-VLB-primary</value>
        </item>
        <item>
          <key>networkName</key>
          <value>Customer-${container.nodes[Access].portTypes[Customer Port Type 1].vlan}</value>
        </item>
        <item>
          <key>networkAdapter</key>         
          <value>E1000</value>
        </item>
        <item>                     
          <key>powerOffRequired</key>                      
          <value>true</value>
        </item>
      </runtimeProps>
    </configureActionInfoBlueprint>
    <configureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>5F09E1A8-8679-4D7F-B775-137B347AB898</guid> 
      <name>Add NIC for Customer Network 2 VM Secondary</name>     
      <condition>(-EXISTS- container.zones['Zone 1'].nicSegments['Customer Network 2']) -AND- 
(-EXISTS- container.nodes['Netscaler-VLB'])</condition>
      <runtimeProps>
        <item>
          <key>vCentreURL</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Address]}</value> 
        </item>
        <item>
          <key>vCentreUser</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Username]}</value> 
        </item>
        <item>
          <key>vCentreUserPassword</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Password]}</value> 
        </item>
        <item>
          <key>vmName</key>
          <value>${container.name}-VLB-secondary</value>
        </item>
        <item>
          <key>networkName</key>
          <value>Customer-${container.nodes[Access].portTypes[Customer Port Type 1].vlan}</value>
        </item>
        <item>
          <key>networkAdapter</key>         
          <value>E1000</value>
        </item>
        <item>                     
          <key>powerOffRequired</key>                      
          <value>true</value>
        </item>
      </runtimeProps>
    </configureActionInfoBlueprint>
  </configureActionInfoBlueprints>
  <unconfigureActionInfoBlueprints>
    <unconfigureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>6F62565F-4196-4C58-8ACC-ABC30CEC8F56</guid> 
      <name>Add NIC for Customer Network 1 VM Primary</name> 
    </unconfigureActionInfoBlueprint>
    <unconfigureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>6F62565F-4196-4C58-8ACC-ABC30CEC8F56</guid> 
      <name>Add NIC for Customer Network 2 VM Primary</name> 
    </unconfigureActionInfoBlueprint>
    <unconfigureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <name>Configure LB1</name> 
      <templateGroups>
        <item>UnconfigureLB1</item> 
      </templateGroups>
    </unconfigureActionInfoBlueprint>
  </unconfigureActionInfoBlueprints>
  <guestAuthenticationBlueprint>
    <guestDspName /> 
    <guestLoginUserName>nsroot</guestLoginUserName> 
    <guestLoginPassword>nsroot</guestLoginPassword> 
    <guestPrivilegedUserName>nsroot</guestPrivilegedUserName> 
    <guestPrivilegedPassword>nsroot</guestPrivilegedPassword> 
  </guestAuthenticationBlueprint>
  <guestAddressBlueprints>
    <guestAddressBlueprint xsi:type="addressBlueprint">
      <addressName>Management-primary</addressName> 
      <gatewayFlag>false</gatewayFlag> 
      <addressPoolName>Management</addressPoolName> 
    </guestAddressBlueprint>
  </guestAddressBlueprints>
  <operativeFlag>false</operativeFlag> 
  <guestAddressName>Management-primary</guestAddressName> 
  <guestDeviceName>${container.name}-VLB-primary</guestDeviceName> 
  <guestDeviceTypeGuid>CF125B1F-C976-A1E5-61EF-56540C0DDC03</guestDeviceTypeGuid> 
  <useExistingGuestDeviceFlag>false</useExistingGuestDeviceFlag> 
  <guestNodeName>Netscaler-VLB-primary</guestNodeName> 
  <sharesVirtualDevice>false</sharesVirtualDevice> 
  <defaultEnabledFlag>true</defaultEnabledFlag> 
  <lockedFlag>false</lockedFlag> 
</primaryVirtualGuestBlueprint>

Back to top

The secondary guest acts as a worker node and does not participate in the Load Balancer Pool action.

 Click here to view the secondaryVirtualGuestBlueprint.
Sample secondaryVirtualGuestBlueprint
<secondaryVirtualGuestBlueprint xsi:type="containerVlbBlueprint">
  <configureActionInfoBlueprints>
    <configureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <condition>-EXISTS- container.nodes['Netscaler-VLB']</condition> 
      <description>Merge Action Info</description> 
      <name>Configure LB2</name> 
      <templateGroups>
        <item>ConfigureLB2</item> 
      </templateGroups>
  </configureActionInfoBlueprint>
  <configureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>5F09E1A8-8679-4D7F-B775-137B347AB898</guid> 
      <name>Add NIC for Customer Network 1 VM Secondary</name>     
      <condition>(-EXISTS- container.zones['Zone 1'].nicSegments['Customer Network 1']) -AND- 
(-EXISTS- container.nodes['Netscaler-VLB'])</condition>
      <runtimeProps>
        <item>
          <key>vCentreURL</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Address]}</value> 
        </item>
        <item>
          <key>vCentreUser</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Username]}</value> 
        </item>
        <item>
          <key>vCentreUserPassword</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Password]}</value> 
        </item>
        <item>
          <key>vmName</key>
          <value>${container.name}-VLB-secondary</value>
        </item>
        <item>
          <key>networkName</key>
          <value>Customer-${container.nodes[Access].portTypes[Customer Port Type 1].vlan}</value>
        </item>
        <item>
          <key>networkAdapter</key>         
          <value>E1000</value>
        </item>
        <item>                     
          <key>powerOffRequired</key>                      
          <value>true</value>
        </item>
      </runtimeProps>
    </configureActionInfoBlueprint>
    <configureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>5F09E1A8-8679-4D7F-B775-137B347AB898</guid> 
      <name>Add NIC for Customer Network 2 VM Secondary</name>     
      <condition>(-EXISTS- container.zones['Zone 1'].nicSegments['Customer Network 2']) -AND- 
(-EXISTS- container.nodes['Netscaler-VLB'])</condition>
      <runtimeProps>
        <item>
          <key>vCentreURL</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Address]}</value> 
        </item>
        <item>
          <key>vCentreUser</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Username]}</value> 
        </item>
        <item>
          <key>vCentreUserPassword</key> 
          <value>${pod.nodes[LoadBalancer].params[vCenter Admin Password]}</value> 
        </item>
        <item>
          <key>vmName</key>
          <value>${container.name}-VLB-secondary</value>
        </item>
        <item>
          <key>networkName</key>
          <value>Customer-${container.nodes[Access].portTypes[Customer Port Type 1].vlan}</value>
        </item>
        <item>
          <key>networkAdapter</key>         
          <value>E1000</value>
        </item>
        <item>                     
          <key>powerOffRequired</key>                      
          <value>true</value>
        </item>
      </runtimeProps>
    </configureActionInfoBlueprint>
  <configureActionInfoBlueprints>
  <unconfigureActionInfoBlueprints>
    <unconfigureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>6F62565F-4196-4C58-8ACC-ABC30CEC8F56</guid> 
      <name>Add NIC for Customer Network 1 VM Secondary</name> 
    </unconfigureActionInfoBlueprint>
    <unconfigureActionInfoBlueprint xsi:type="externalScriptActionInfoBlueprint">
      <guid>6F62565F-4196-4C58-8ACC-ABC30CEC8F56</guid> 
      <name>Add NIC for Customer Network 2 VM Secondary</name> 
    </unconfigureActionInfoBlueprint>
   <unconfigureActionInfoBlueprints>
    <unconfigureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <name>Configure LB2</name> 
      <templateGroups>
        <item>UnconfigureLB2</item> 
      </templateGroups>
    </unconfigureActionInfoBlueprint>
  </unconfigureActionInfoBlueprints>
  <guestAuthenticationBlueprint>
    <guestDspName /> 
    <guestLoginUserName>nsroot</guestLoginUserName> 
    <guestLoginPassword>nsroot</guestLoginPassword> 
    <guestPrivilegedUserName>nsroot</guestPrivilegedUserName> 
    <guestPrivilegedPassword>nsroot</guestPrivilegedPassword> 
  </guestAuthenticationBlueprint>
  <guestAddressBlueprints>
    <guestAddressBlueprint xsi:type="addressBlueprint">
      <addressName>Management-secondary</addressName> 
      <gatewayFlag>false</gatewayFlag> 
      <addressPoolName>Management</addressPoolName> 
    </guestAddressBlueprint>
  </guestAddressBlueprints>
  <operativeFlag>false</operativeFlag> 
  <guestAddressName>Management-secondary</guestAddressName> 
  <guestDeviceName>${container.name}-VLB-secondary</guestDeviceName> 
  <guestDeviceTypeGuid>CF125B1F-C976-A1E5-61EF-56540C0DDC03</guestDeviceTypeGuid> 
  <useExistingGuestDeviceFlag>false</useExistingGuestDeviceFlag> 
  <guestNodeName>Netscaler-VLB-secondary</guestNodeName> 
  <sharesVirtualDevice>false</sharesVirtualDevice> 
  <defaultEnabledFlag>true</defaultEnabledFlag> 
  <lockedFlag>false</lockedFlag> 
</secondaryVirtualGuestBlueprint>

Back to top

virtualGuestBlueprint, the third guest node, is the actual virtual load balancer (VLB). The virtualGuestBlueprint node has the definition for the poolTypeBlueprint and load balancer (LB) custom actions GUIDs. This guest is added in the BMC Network Automation database by using a floating IP configured on the primary and secondary guest nodes.

 Click here to view the sample virtualGuestBlueprint.
Sample VirtualGuestBlueprint
<virtualGuestBlueprint xsi:type="containerVlbBlueprint">
  <configureActionInfoBlueprints> 
    <configureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <condition>-EXISTS- container.nodes['Netscaler-VLB']</condition> 
      <description>Merge Action Info</description> 
      <name>Configure LB</name> 
      <templateGroups>
        <item>Configure LB</item> 
      </templateGroups>
    </configureActionInfoBlueprint>
    <configureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <condition>(-EXISTS- container.zones['Zone 1'].nicSegments['Customer Network 1']) 
      -AND- (-EXISTS- container.nodes['Netscaler-VLB'])</condition> 
      <description>Merge Action Info</description> 
      <name>Configure LB Customer Network 1</name> 
      <templateGroups>
        <item>Configure LB Customer Network 1</item> 
      </templateGroups>
    </configureActionInfoBlueprint>
    <configureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <condition>(-EXISTS- container.zones['Zone 1'].nicSegments['Customer Network 2']) 
      -AND- (-EXISTS- container.nodes['Netscaler-VLB'])</condition> 
      <description>Merge Action Info</description> 
      <name>Configure LB Customer Network 2</name> 
      <templateGroups>
        <item>Configure LB Customer Network 2</item> 
      </templateGroups>
    </configureActionInfoBlueprint>
  </configureActionInfoBlueprints>
  <guestAddressBlueprints>
    <guestAddressBlueprint xsi:type="addressBlueprint">
      <addressName>ManagementFloating</addressName> 
      <gatewayFlag>false</gatewayFlag> 
      <addressPoolName>Management</addressPoolName> 
    </guestAddressBlueprint>
    <guestAddressBlueprint xsi:type="addressBlueprint">
      <addressName>C_SelfAddress1-1</addressName> 
      <gatewayFlag>false</gatewayFlag> 
      <addressPoolName>Customer Network 1</addressPoolName> 
   </guestAddressBlueprint>
   <guestAddressBlueprint xsi:type="addressBlueprint">
      <addressName>C_SelfAddress1-2</addressName> 
      <gatewayFlag>false</gatewayFlag> 
      <addressPoolName>Customer Network 2</addressPoolName> 
   </guestAddressBlueprint>
 </guestAddressBlueprints>
  <guestAddressName>ManagementFloating</guestAddressName> 
  <guestDeviceName>${container.name}-VLB</guestDeviceName> 
  <guestDeviceTypeGuid>CF125B1F-C976-A1E5-61EF-56540C0DDC03</guestDeviceTypeGuid> 
  <useExistingGuestDeviceFlag>false</useExistingGuestDeviceFlag> 
  <guestNodeName>Netscaler-VLB</guestNodeName> 
  <sharesVirtualDevice>false</sharesVirtualDevice> 
  <unconfigureActionInfoBlueprints>
    <unconfigureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <name>Configure LB Customer Network 1</name> 
      <templateGroups>
        <item>Unconfigure LB Customer Network 1</item> 
      </templateGroups>
    </unconfigureActionInfoBlueprint>
    <unconfigureActionInfoBlueprint xsi:type="mergeActionInfoBlueprint" xmlns:xsi="http://www.w3.org/
2001/XMLSchema-instance">
      <name>Configure LB Customer Network 2</name> 
      <templateGroups>
        <item>Unconfigure LB Customer Network 2</item> 
      </templateGroups>
    </unconfigureActionInfoBlueprint>
  </unconfigureActionInfoBlueprints>
  <defaultEnabledFlag>true</defaultEnabledFlag> 
  <guestClientVlanName>Customer Network 1</guestClientVlanName> 
  <lockedFlag>false</lockedFlag> 
  <guestAuthenticationBlueprint>
    <guestDspName /> 
    <guestLoginUserName>nsroot</guestLoginUserName> 
    <guestLoginPassword>nsroot</guestLoginPassword> 
    <guestPrivilegedUserName>nsroot</guestPrivilegedUserName> 
    <guestPrivilegedPassword>nsroot</guestPrivilegedPassword> 
  </guestAuthenticationBlueprint>
  <addEntryGuid>496CCF7E-2B44-4960-A237-18F1385F9B63</addEntryGuid> 
  <addPoolGuid>5A179751-7105-4196-9C69-E5BAE8FB22B0</addPoolGuid> 
  <disableEntryGuid>4898741D-8F1C-41AA-AC28-70071A13692A</disableEntryGuid> 
  <enableEntryGuid>0979322B-EB98-4D57-80DB-3415836CFDA0</enableEntryGuid> 
  <poolTypeBlueprints>
    <poolTypeBlueprint>
      <name>Customer Network 1</name> 
      <routeDomainIds /> 
      <serverVlanName>Customer Network 1</serverVlanName> 
      <servicedNicSegmentNames>
        <servicedNicSegmentName>Customer Network 1</servicedNicSegmentName> 
      </servicedNicSegmentNames>
      <snatBlockSize>1</snatBlockSize> 
      <snatPoolName>Customer Network 1</snatPoolName> 
      <vipSegmentName>VIPS Customer Network 1</vipSegmentName> 
    </poolTypeBlueprint>
    <poolTypeBlueprint>
      <name>Customer Network 2</name> 
      <routeDomainIds /> 
      <serverVlanName>Customer Network 2</serverVlanName> 
      <servicedNicSegmentNames>
        <servicedNicSegmentName>Customer Network 2</servicedNicSegmentName> 
      </servicedNicSegmentNames>
      <snatBlockSize>1</snatBlockSize> 
      <snatPoolName>Customer Network 2</snatPoolName> 
      <vipSegmentName>VIPS Customer Network 2</vipSegmentName> 
    </poolTypeBlueprint>
  </poolTypeBlueprints>
  <removeEntryGuid>C7F73F2C-0BC4-48E3-B13A-A0BA43C52A50</removeEntryGuid> 
  <removePoolGuid>EEFEE310-C517-4D48-8697-4207007F9CE6</removePoolGuid> 
</virtualGuestBlueprint>

Note

The active/active mode is not supported.

Back to top

To configure templates

Make the following changes in the primary and secondary guest devices:

  1. Add a NetScaler IP Address (NSIP) of Subnet IP Addresses (SNIP) type, using the following command:

    add ns ip ${container.nodes[Netscaler-VLB-primary].addresses[C_SelfAddress1-1]}
    ${container.nodes[Netscaler-VLB-primary].addresses[C_SelfAddress1-1].subnetMask}
    -type snip

  2. (For HA mode) Configure a common floating IP address:

    add ns ip ${container.nodes[Netscaler-VLB].addresses[ManagementFloating]}
    ${container.nodes[Netscaler-VLB].addresses[ManagementFloating].subnetMask}
    -type snip -mgmtAccess ENABLED

  3. (For HA mode) Configure the HA node with the HA ID:

    add ha node ${container.integers[HA ID]} ${container.nodes[Netscaler-VLB-primary]
    .addresses[Management-primary]}

  4. Add a Customer Network VLAN:
    add vlan ${container.vlans[Customer Network 1]}

  5. Bind the Customer Network VLAN to interface 1/1:
    bind vlan ${container.vlans[Customer Network 1]} -ifnum 1/1

  6. Save the configuration.
    save ns config

The following code is an excerpt of <templates>:

<contents>add ns ip ${container.nodes[Netscaler-VLB-secondary].addresses[C_SelfAddress1-2]}
 ${container.nodes[Netscaler-VLB-secondary].addresses[C_SelfAddress1-2].subnetMask} -type snip
add
 ns ip ${container.nodes[Netscaler-VLB].addresses[ManagementFloating]} 
${container.nodes[Netscaler-VLB].addresses[ManagementFloating].subnetMask}
 -type snip -mgmtAccess ENABLED
add ha node ${container.integers[HA ID]} ${container.nodes[Netscaler-VLB-primary].addresses
[Management-primary]}
add vlan ${container.vlans[Customer Network 1]}
bind vlan ${container.vlans[Customer Network 1]} -ifnum 1/1
save ns config</contents>

Note

In some deployment environments, occasionally, a Citrix Netscaler container provisioning job fails with an authentication failure error message because BMC Network Automation cannot get the login prompt as soon as the SSH session is established with the device.

You must perform the following steps to resolve the problem:

  1. Find out the amount of time it takes for the login prompt to show up after the VM is reachable via the ping command.
  2. Add an external script action that has a batch script, which introduces "sleeps" for the appropriate amount of time.

By introducing this delay, the VM gets sufficient time to boot up and display the login prompt. As a result, consecutive actions, which need an SSH connection with the device can be executed.

Back to top

Custom actions

The load balancer pool in Citrix Netscaler is called vServer. The BMC Network Automation Create Pool custom action adds a vServer by using a virtual IP (VIP) address and a default load balancing method.

Note

To add a load balancer pool with HTTPS, the Citrix VM must have an SSL certificate installed by specifying the name of the certificate and private-key pair. For example,

add ssl certKey default-certificate-key-1 -cert "/nsconfig/ssl/ns-root.cert" -key "/nsconfig/ssl/ns-root.key".

To create the pool

  1. Add a vServer with multiple settings according to your requirements.

  2. Configure the following runtime parameters:

    Runtime parameterDescription
    protocolName

    Specifies the base protocol that you can use from different applications to block or permit traffic on Citrix Netscaler

    Valid values for protocl number : protocol name:

    6 : TCP

    19 : UDP

    icmpVsrResponse
    Specifies the criteria for responding to PING requests sent to the Citrix Netscaler VPX. If ACTIVE, respond only if the virtual server is available. If PASSIVE, respond even if the virtual server is not available.

    Valid values: PASSIVE, ACTIVE
    cltTimeout
    Specifies the timeout value, in seconds, after which to terminate an idle client connection. Maximum value: 31536000
    persistenceType
    Controls how long a status audit trail is maintained for each instance of persistenceType . Pass this parameter from BMC Cloud Lifecycle Management.

    Valid values: 

    NONE (default)

    SOURCEIP

    COOKIEINSERT

    SSLSESSION

    URLPASSIVE

    CUSTOMSERVERID

    RULE

    SRCIPDESTIP

    DESTIP

    CALLID

    RTSPID

  3. Set Secure Network Address Translation (SNAT).

  4. If an SNAT pool is defined in the poolTypeBlueprint:

    1. Add a network profile and bind it to the IPSET.
    2. Add IPSET.
    3. Bind the IPSET to the SNAT Pool ID.
  5. Associate the vServer to the network profile.

  6. Add a monitor with a protocol type.

The following code block contains the custom actions required to create a pool:

add lb vserver %runtime.poolName% %runtime.protocolName% %runtime.virtualIPaddress% 
%runtime.serverPort% -icmpVsrResponse %runtime.icmpVsrResponse% -cltTimeout 
%runtime.cltTimeout% -state ENABLED
set lb vserver %runtime.poolName% -persistenceType %runtime.persistenceType%
add ipset ipset-%runtime.snatPoolId%
add ns ip %loop.snatPoolAddress% %runtime.snatPoolMask% -type SNIP
bind ipset ipset-%runtime.snatPoolId% %loop.snatPoolAddress%
add netprofile netprofile-%runtime.snatPoolId% -srcIp ipset-%runtime.snatPoolId%
set lb vserver %runtime.poolNmae% -netprofile netprofile-%runtime.snatPoolId%
add monitor monitor-%runtime.poolNmae% %cmd.protocolName%

Back to top

To add pool entries

  1. Add the server.

  2. Add the service.

  3. Bind the service to the monitor that was created in step 6 when creating a pool.

  4. Bind the vServer to the service.

The following code block contains the custom actions required to add pool entries:

add server server-%runtime.serverAddress% %runtime.serverAddress% -state ENABLED
add service service-%runtime.serverAddress% server-%runtime.serverAddress% %cmd.protocolName% %runtime.firstServerPort
bind service service-%runtime.serverAddress% -monitorName monitor-%runtime.firstPoolName% -monState ENABLED
bind lb vserver %runtime.poolName% service-%runtime.serverAddress%

Back to top

The following code block contains the custom actions required to enable and disable entries:

enable server server-%runtime.serverAddress% 
disable service service-%runtime.serverAddress% 

Note

For different requirements or specific settings, you can modify these custom actions so that you can pass additional runtime parameters from BMC Cloud Lifecycle Management.

Back to top

Sample pod and container blueprints

You can find sample pod and container blueprints and related templates in the BCAN_HOME\public\bmc\bca-networks\csm\samples\sampleWithCitrixNetscaler directory on the BMC Network Automation application server. For additional information about the sample pod and container blueprints for use with a Citrix Netscaler VPX load balancer, see Pod model and Container model.

Back to top

Was this page helpful? Yes No Submitting... Thank you

Comments