Troubleshooting NetScaler电子书

Troubleshooting NetScaler

Table of Contents

Troubleshooting NetScaler

Credits

Notice

About the Author

About the Reviewers

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. NetScaler Concepts at a Glance

The NetScaler filesystem

Folders on /flash

Folders on /var

A brief look at NetScaler address types

NetScaler IP

Virtual IP

Mapped IP

Subnet IP

GSLB Site IP

Request Switching and Connection Multiplexing

User interface options

GUI

CLI

Console

Shell

Nitro

SFTP

NetScaler modes

Endpoint and Nonend point mode

ANY, L4, or L7 modes

The mode switches on the NetScaler

Modes that are enabled by default

Fast Ramp

Edge Configuration

Using Subnet IP

The Layer 3 mode

Path MTU Discovery

Modes that are disabled by default

Summary

2. Traffic Management Features

Load balancing

Considerations

Startup RR factor

To USIP or not to USIP

Choosing a VIP type

Special considerations for load balancing Firewalls or CloudBridge appliances

Prefer Direct Route

vServer specific MAC – when daisy chaining FW VIPs or CloudBridge appliances

Services or ServiceGroups

Common LB issues

Troubleshooting – unable to access a newly created VIP

Troubleshooting application failures where VIP is UP

Troubleshooting VIP performance issues

Troubleshooting VIP distribution issues

Why is the table empty when I configure cookie persistency?

What is the difference between established and open established?

Troubleshooting intermittent issues

SSL

SSL deployment considerations

Certificates

Using Wireshark to examine the handshake

SSL handshake

A session-reused handshake

Session reuse and troubleshooting

Decrypting a trace using Wireshark

What if I needed to share this key with the Citrix tech support for troubleshooting?

Troubleshooting SSL issues

Wireshark troubleshooting for SSL failures

SSL card failures

SSL security concerns

Engaging with Citrix

Content switching

Troubleshooting service unavailable errors

Content switching timeout errors

Global Server Load Balancing

GSLB flow

Metric Exchange Protocol

MEP versus monitors

RPC considerations

Troubleshooting GSLB

DNS caching and GSLB

MEP down issues

RPC related issues

Troubleshooting proximity-based methods

Summary

3. Integrated Caching and Compression

Integrated Caching

Understanding HTTP headers as they relate to caching

Evaluating cache policies

A sample cache response

What kind of content should I cache and not cache?

NetScaler's default caching behavior

Handling dynamic content

Considerations for caching dynamic content

How's my cache doing?

Getting a closer look at objects in the cache

Flushing versus expiring an object

Flash cache

Troubleshooting caching issues

Compression

The NetScaler's default compression behavior

Impact of using Compression

Verifying and monitoring Compression

Understanding the packet flow

Troubleshooting considerations

Summary

4. AAA for Traffic Management

Lightweight Directory Access Protocol

Authentication flow

Troubleshooting LDAP

RADIUS protocol

Authentication flow

Troubleshooting RADIUS authentication

Client Certificate Based Authentication protocol

Client versus Server Certificates

Authentication Flow when using Client Certificates

NTLM SSO (401 Based Authentication)

NTLM Authentication flow

Troubleshooting NTLM

Form-based Authentication

Authentication flow

Kerberos authentication

Kerberos parties

Configuration checklist

Kerberos deployment options

Authentication flow

Kerberos authentication with Protocol Transition

Troubleshooting Kerberos

Security Assertion Markup Language

Certificates in SAML

Canonicalization in SAML

SP Initiated SSO

IDP initiated SSO

Verifying a successful exchange using counters

Troubleshooting

Summary

5. High Availability and Networking

High Availability

Ports used for High Availability

Configurations kept independent in High Availability

HA pairing requirements

Setting up and verifying High Availability

Troubleshooting HA Failovers

HA Node state issues

Heartbeats not being seen

Identifying Failovers in events

VLAN issues causing heartbeat failures

New primary doesn't take over traffic after Failover

ARP issues

Stay secondary being set

Both nodes unhealthy

Split brain issues

Synchronization and propagation issues

Networking issues

NetScaler packet handling

Error conditions that contribute to packet drops

NIC buffer issues

Network loops

VLAN issues

Unsupported SFPs

Link aggregation issues

USIP networking issues

Network issues from blocked source IPs

Summary

6. Application Firewall

Deployment considerations

HTTP changes that occur when using AppFirewall

Configuring logging

Application attacks and AppFirewall protections

Cross-site scripting

To protect against XSS attacks

SQL injection

To protect against SQL injection attacks

Forceful browsing attacks

To protect against forceful browsing

Attacks based on Parameter tampering

Cookie tampering

To protect against cookie tampering

Hidden field tampering

To protect against hidden field tampering

Buffer overflow attacks via long URLs and queries

To protect against buffer overflow attacks

Cross Site Request Forgery

To protect against CSRF attacks

XML protections

Signatures

Troubleshooting

Identifying application Firewall blocks

Users reporting XXXX patterns in web pages

Performance issues when enabling AppFirewall

Ruling out AppFirewall as a potential cause

Summary

7. NetScaler Gateway™

Basic and Smart Access Modes

Basic mode

Smart Access mode

NetScaler Gateway™ VPNs

Examining VPN session launch using Wireshark

Phase 1 – The EPA exchange

Phase 2 – The authentication exchange

Phase 3 – Post-login exchange

Troubleshooting NetScaler Gateway™ VPNs

Collecting debug logs from the client's PC

Diagnosing EPA failures

Using aaad.debug for authentication issues

Using ns.log to see authorization and session information

Using the pol_hits counter to examine policy hits

Seeing and managing the users who are logged in

Capturing traces for troubleshooting

NetScaler Gateway™ Integration with XenApp® and XenDesktop®

Published application/desktop launch process

Phase 1 – steps involved in desktop enumeration

Phase 2 – Steps leading to the launch of the published desktop

Troubleshooting XenApp® and XenDesktop® launch issues

NetScaler Gateway™ integration with XenMobile®

XenMobile components

XenMobile launch process with NetScaler Gateway

Phase 1 – Authentication and discovery

Phase 2 – App enumeration and Launch

Troubleshooting XenMobile® and NetScaler integration

Using the wizard for configuration

Using the connectivity checks

Knowing where the logs are

Common integration issue areas

Licenses

Network settings for the application

Account services address

Persistence issues when Load Balancing XenMobile servers

ShareFile SSO issues

Summary

8. System-Level Issues

Licensing issues

NTP issues

Troubleshooting NTP synchronization

SNMP issues

Troubleshooting SNMP on a NetScaler

CPU and memory issues

Types of NetScaler CPU

Exploring high memory issues

Troubleshooting high memory issues

Disk issues

Crash and hang issues

Understanding crashes

Working with crashes

Working with hang issues

Dumping a core on a VPX/MPX when console is available

Dumping a core when NetScaler is completely unresponsive

Understanding NetScaler Build names

Summary

9. Troubleshooting Tools

The nsconmsg utility

nsconmsg syntax and options

Using nstrace to capture a packet trace

Steps to run a trace

The Showtechsupport utility

Running the utility

What does it contain?

The shell directory

The var directory

The nsconfig directory

Dashboard and Reporting tabs

Web-based analysis with Citrix Insight® Services

Citrix Command Center

Troubleshooting tips

Insight center

Troubleshooting insight center

Summary

Index