Home Page Icon
Home Page
Table of Contents for
Table of Contents
Close
Table of Contents
by Raghu Varma Tirumalaraju
Troubleshooting NetScaler
Troubleshooting NetScaler
Table of Contents
Troubleshooting NetScaler
Credits
Notice
About the Author
About the Reviewers
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. NetScaler Concepts at a Glance
The NetScaler filesystem
Folders on /flash
Folders on /var
A brief look at NetScaler address types
NetScaler IP
Virtual IP
Mapped IP
Subnet IP
GSLB Site IP
Request Switching and Connection Multiplexing
User interface options
GUI
CLI
Console
Shell
Nitro
SFTP
NetScaler modes
Endpoint and Nonend point mode
ANY, L4, or L7 modes
The mode switches on the NetScaler
Modes that are enabled by default
Fast Ramp
Edge Configuration
Using Subnet IP
The Layer 3 mode
Path MTU Discovery
Modes that are disabled by default
Summary
2. Traffic Management Features
Load balancing
Considerations
Startup RR factor
To USIP or not to USIP
Choosing a VIP type
Special considerations for load balancing Firewalls or CloudBridge appliances
Prefer Direct Route
vServer specific MAC – when daisy chaining FW VIPs or CloudBridge appliances
Services or ServiceGroups
Common LB issues
Troubleshooting – unable to access a newly created VIP
Troubleshooting application failures where VIP is UP
Troubleshooting VIP performance issues
Troubleshooting VIP distribution issues
Why is the table empty when I configure cookie persistency?
What is the difference between established and open established?
Troubleshooting intermittent issues
SSL
SSL deployment considerations
Certificates
Using Wireshark to examine the handshake
SSL handshake
A session-reused handshake
Session reuse and troubleshooting
Decrypting a trace using Wireshark
What if I needed to share this key with the Citrix tech support for troubleshooting?
Troubleshooting SSL issues
Wireshark troubleshooting for SSL failures
SSL card failures
SSL security concerns
Engaging with Citrix
Content switching
Troubleshooting service unavailable errors
Content switching timeout errors
Global Server Load Balancing
GSLB flow
Metric Exchange Protocol
MEP versus monitors
RPC considerations
Troubleshooting GSLB
DNS caching and GSLB
MEP down issues
RPC related issues
Troubleshooting proximity-based methods
Summary
3. Integrated Caching and Compression
Integrated Caching
Understanding HTTP headers as they relate to caching
Evaluating cache policies
A sample cache response
What kind of content should I cache and not cache?
NetScaler's default caching behavior
Handling dynamic content
Considerations for caching dynamic content
How's my cache doing?
Getting a closer look at objects in the cache
Flushing versus expiring an object
Flash cache
Troubleshooting caching issues
Compression
The NetScaler's default compression behavior
Impact of using Compression
Verifying and monitoring Compression
Understanding the packet flow
Troubleshooting considerations
Summary
4. AAA for Traffic Management
Lightweight Directory Access Protocol
Authentication flow
Troubleshooting LDAP
RADIUS protocol
Authentication flow
Troubleshooting RADIUS authentication
Client Certificate Based Authentication protocol
Client versus Server Certificates
Authentication Flow when using Client Certificates
NTLM SSO (401 Based Authentication)
NTLM Authentication flow
Troubleshooting NTLM
Form-based Authentication
Authentication flow
Kerberos authentication
Kerberos parties
Configuration checklist
Kerberos deployment options
Authentication flow
Kerberos authentication with Protocol Transition
Troubleshooting Kerberos
Security Assertion Markup Language
Certificates in SAML
Canonicalization in SAML
SP Initiated SSO
IDP initiated SSO
Verifying a successful exchange using counters
Troubleshooting
Summary
5. High Availability and Networking
High Availability
Ports used for High Availability
Configurations kept independent in High Availability
HA pairing requirements
Setting up and verifying High Availability
Troubleshooting HA Failovers
HA Node state issues
Heartbeats not being seen
Identifying Failovers in events
VLAN issues causing heartbeat failures
New primary doesn't take over traffic after Failover
ARP issues
Stay secondary being set
Both nodes unhealthy
Split brain issues
Synchronization and propagation issues
Networking issues
NetScaler packet handling
Error conditions that contribute to packet drops
NIC buffer issues
Network loops
VLAN issues
Unsupported SFPs
Link aggregation issues
USIP networking issues
Network issues from blocked source IPs
Summary
6. Application Firewall
Deployment considerations
HTTP changes that occur when using AppFirewall
Configuring logging
Application attacks and AppFirewall protections
Cross-site scripting
To protect against XSS attacks
SQL injection
To protect against SQL injection attacks
Forceful browsing attacks
To protect against forceful browsing
Attacks based on Parameter tampering
Cookie tampering
To protect against cookie tampering
Hidden field tampering
To protect against hidden field tampering
Buffer overflow attacks via long URLs and queries
To protect against buffer overflow attacks
Cross Site Request Forgery
To protect against CSRF attacks
XML protections
Signatures
Troubleshooting
Identifying application Firewall blocks
Users reporting XXXX patterns in web pages
Performance issues when enabling AppFirewall
Ruling out AppFirewall as a potential cause
Summary
7. NetScaler Gateway™
Basic and Smart Access Modes
Basic mode
Smart Access mode
NetScaler Gateway™ VPNs
Examining VPN session launch using Wireshark
Phase 1 – The EPA exchange
Phase 2 – The authentication exchange
Phase 3 – Post-login exchange
Troubleshooting NetScaler Gateway™ VPNs
Collecting debug logs from the client's PC
Diagnosing EPA failures
Using aaad.debug for authentication issues
Using ns.log to see authorization and session information
Using the pol_hits counter to examine policy hits
Seeing and managing the users who are logged in
Capturing traces for troubleshooting
NetScaler Gateway™ Integration with XenApp® and XenDesktop®
Published application/desktop launch process
Phase 1 – steps involved in desktop enumeration
Phase 2 – Steps leading to the launch of the published desktop
Troubleshooting XenApp® and XenDesktop® launch issues
NetScaler Gateway™ integration with XenMobile®
XenMobile components
XenMobile launch process with NetScaler Gateway
Phase 1 – Authentication and discovery
Phase 2 – App enumeration and Launch
Troubleshooting XenMobile® and NetScaler integration
Using the wizard for configuration
Using the connectivity checks
Knowing where the logs are
Common integration issue areas
Licenses
Network settings for the application
Account services address
Persistence issues when Load Balancing XenMobile servers
ShareFile SSO issues
Summary
8. System-Level Issues
Licensing issues
NTP issues
Troubleshooting NTP synchronization
SNMP issues
Troubleshooting SNMP on a NetScaler
CPU and memory issues
Types of NetScaler CPU
Exploring high memory issues
Troubleshooting high memory issues
Disk issues
Crash and hang issues
Understanding crashes
Working with crashes
Working with hang issues
Dumping a core on a VPX/MPX when console is available
Dumping a core when NetScaler is completely unresponsive
Understanding NetScaler Build names
Summary
9. Troubleshooting Tools
The nsconmsg utility
nsconmsg syntax and options
Using nstrace to capture a packet trace
Steps to run a trace
The Showtechsupport utility
Running the utility
What does it contain?
The shell directory
The var directory
The nsconfig directory
Dashboard and Reporting tabs
Web-based analysis with Citrix Insight® Services
Citrix Command Center
Troubleshooting tips
Insight center
Troubleshooting insight center
Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Troubleshooting NetScaler
Table of Contents
Troubleshooting NetScaler
Credits
Notice
About the Author
About the Reviewers
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. NetScaler Concepts at a Glance
The NetScaler filesystem
Folders on /flash
Folders on /var
A brief look at NetScaler address types
NetScaler IP
Virtual IP
Mapped IP
Subnet IP
GSLB Site IP
Request Switching and Connection Multiplexing
User interface options
GUI
CLI
Console
Shell
Nitro
SFTP
NetScaler modes
Endpoint and Nonend point mode
ANY, L4, or L7 modes
The mode switches on the NetScaler
Modes that are enabled by default
Fast Ramp
Edge Configuration
Using Subnet IP
The Layer 3 mode
Path MTU Discovery
Modes that are disabled by default
Summary
2. Traffic Management Features
Load balancing
Considerations
Startup RR factor
To USIP or not to USIP
Choosing a VIP type
Special considerations for load balancing Firewalls or CloudBridge appliances
Prefer Direct Route
vServer specific MAC – when daisy chaining FW VIPs or CloudBridge appliances
Services or ServiceGroups
Common LB issues
Troubleshooting – unable to access a newly created VIP
Troubleshooting application failures where VIP is UP
Troubleshooting VIP performance issues
Troubleshooting VIP distribution issues
Why is the table empty when I configure cookie persistency?
What is the difference between established and open established?
Troubleshooting intermittent issues
SSL
SSL deployment considerations
Certificates
Using Wireshark to examine the handshake
SSL handshake
A session-reused handshake
Session reuse and troubleshooting
Decrypting a trace using Wireshark
What if I needed to share this key with the Citrix tech support for troubleshooting?
Troubleshooting SSL issues
Wireshark troubleshooting for SSL failures
SSL card failures
SSL security concerns
Engaging with Citrix
Content switching
Troubleshooting service unavailable errors
Content switching timeout errors
Global Server Load Balancing
GSLB flow
Metric Exchange Protocol
MEP versus monitors
RPC considerations
Troubleshooting GSLB
DNS caching and GSLB
MEP down issues
RPC related issues
Troubleshooting proximity-based methods
Summary
3. Integrated Caching and Compression
Integrated Caching
Understanding HTTP headers as they relate to caching
Evaluating cache policies
A sample cache response
What kind of content should I cache and not cache?
NetScaler's default caching behavior
Handling dynamic content
Considerations for caching dynamic content
How's my cache doing?
Getting a closer look at objects in the cache
Flushing versus expiring an object
Flash cache
Troubleshooting caching issues
Compression
The NetScaler's default compression behavior
Impact of using Compression
Verifying and monitoring Compression
Understanding the packet flow
Troubleshooting considerations
Summary
4. AAA for Traffic Management
Lightweight Directory Access Protocol
Authentication flow
Troubleshooting LDAP
RADIUS protocol
Authentication flow
Troubleshooting RADIUS authentication
Client Certificate Based Authentication protocol
Client versus Server Certificates
Authentication Flow when using Client Certificates
NTLM SSO (401 Based Authentication)
NTLM Authentication flow
Troubleshooting NTLM
Form-based Authentication
Authentication flow
Kerberos authentication
Kerberos parties
Configuration checklist
Kerberos deployment options
Authentication flow
Kerberos authentication with Protocol Transition
Troubleshooting Kerberos
Security Assertion Markup Language
Certificates in SAML
Canonicalization in SAML
SP Initiated SSO
IDP initiated SSO
Verifying a successful exchange using counters
Troubleshooting
Summary
5. High Availability and Networking
High Availability
Ports used for High Availability
Configurations kept independent in High Availability
HA pairing requirements
Setting up and verifying High Availability
Troubleshooting HA Failovers
HA Node state issues
Heartbeats not being seen
Identifying Failovers in events
VLAN issues causing heartbeat failures
New primary doesn't take over traffic after Failover
ARP issues
Stay secondary being set
Both nodes unhealthy
Split brain issues
Synchronization and propagation issues
Networking issues
NetScaler packet handling
Error conditions that contribute to packet drops
NIC buffer issues
Network loops
VLAN issues
Unsupported SFPs
Link aggregation issues
USIP networking issues
Network issues from blocked source IPs
Summary
6. Application Firewall
Deployment considerations
HTTP changes that occur when using AppFirewall
Configuring logging
Application attacks and AppFirewall protections
Cross-site scripting
To protect against XSS attacks
SQL injection
To protect against SQL injection attacks
Forceful browsing attacks
To protect against forceful browsing
Attacks based on Parameter tampering
Cookie tampering
To protect against cookie tampering
Hidden field tampering
To protect against hidden field tampering
Buffer overflow attacks via long URLs and queries
To protect against buffer overflow attacks
Cross Site Request Forgery
To protect against CSRF attacks
XML protections
Signatures
Troubleshooting
Identifying application Firewall blocks
Users reporting XXXX patterns in web pages
Performance issues when enabling AppFirewall
Ruling out AppFirewall as a potential cause
Summary
7. NetScaler Gateway™
Basic and Smart Access Modes
Basic mode
Smart Access mode
NetScaler Gateway™ VPNs
Examining VPN session launch using Wireshark
Phase 1 – The EPA exchange
Phase 2 – The authentication exchange
Phase 3 – Post-login exchange
Troubleshooting NetScaler Gateway™ VPNs
Collecting debug logs from the client's PC
Diagnosing EPA failures
Using aaad.debug for authentication issues
Using ns.log to see authorization and session information
Using the pol_hits counter to examine policy hits
Seeing and managing the users who are logged in
Capturing traces for troubleshooting
NetScaler Gateway™ Integration with XenApp® and XenDesktop®
Published application/desktop launch process
Phase 1 – steps involved in desktop enumeration
Phase 2 – Steps leading to the launch of the published desktop
Troubleshooting XenApp® and XenDesktop® launch issues
NetScaler Gateway™ integration with XenMobile®
XenMobile components
XenMobile launch process with NetScaler Gateway
Phase 1 – Authentication and discovery
Phase 2 – App enumeration and Launch
Troubleshooting XenMobile® and NetScaler integration
Using the wizard for configuration
Using the connectivity checks
Knowing where the logs are
Common integration issue areas
Licenses
Network settings for the application
Account services address
Persistence issues when Load Balancing XenMobile servers
ShareFile SSO issues
Summary
8. System-Level Issues
Licensing issues
NTP issues
Troubleshooting NTP synchronization
SNMP issues
Troubleshooting SNMP on a NetScaler
CPU and memory issues
Types of NetScaler CPU
Exploring high memory issues
Troubleshooting high memory issues
Disk issues
Crash and hang issues
Understanding crashes
Working with crashes
Working with hang issues
Dumping a core on a VPX/MPX when console is available
Dumping a core when NetScaler is completely unresponsive
Understanding NetScaler Build names
Summary
9. Troubleshooting Tools
The nsconmsg utility
nsconmsg syntax and options
Using nstrace to capture a packet trace
Steps to run a trace
The Showtechsupport utility
Running the utility
What does it contain?
The shell directory
The var directory
The nsconfig directory
Dashboard and Reporting tabs
Web-based analysis with Citrix Insight® Services
Citrix Command Center
Troubleshooting tips
Insight center
Troubleshooting insight center
Summary
Index
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset