SUM307: NetScaler VPX Implementation and Troubleshooting Harvey Miller – Senior Escalation EngineerMay 11, 2010

• Introduction to NetScaler VPX• Installation and Licensing• Troubleshooting• Use Cases

Citrix Confidential - Do Not Distribute

Agenda

Introduction to NetScaler VPX

App delivery without the expensive tin

- Maxwell Cooter, TechWorld

Citrix Confidential - Do Not Distribute

• Virtual NetScaler appliance• Hardware requirements• Hypervisors Supported• Differences between VPX and hardware

Citrix Confidential - Do Not Distribute

Introduction to NetScaler VPX

• XenServer• XenCenter• XenConvert

Citrix Confidential - Do Not Distribute

XenServer components

XenServer Architecture

Xen HypervisorDomUDom0NS VPXLinux

Drivers PV Drivers

Client ServerL2 /L3

eth1 eth0

L2/L3

DomU

Guest OS

Citrix XenServer

Citrix Confidential - Do Not Distribute

VM MechanismBinary Translation – Sensitive/Privileged CPU Instructions are replaced with

hypervisor code or calls “on the fly”• Advantages: Unmodified Guest OS, No special hardware• Disadvantages: Performance

Paravirtualization – The Guest OS is modified so that privileged/sensitive instructions are replaced with calls to the hypervisor

• Advantages: Performance, no special hardware required, relatively easy for hypervisor• Disadvantages: Guest OS must be modified

Hardware assisted – Sensitive/Privileged CPU Instructions executed by the Guest OS trap out to the hypervisor

• Each processor vendor brands and implements this differently.• Intel: “VT-x”• AMD: “AMD-V”

• Advantages: Unmodified Guest OS, Relatively easy for hypervisor• Disadvantages: Special hardware required

Hypervisor Architecture - XenServer

Xen Hypervisor

DomainU DomainUDomain0

XenCenterClient

GuestOS2NS VPXLinux

Xen daemon(s)

DriversPV Drivers

Xen Tools

• Bare metal. • Managed by “Domain0”• Domain 0 manages network and storage I/O of guest VMs• Hardware drivers run in Domain0• Paravirtualized Guest OS or hardware assist VMs only – no Binary Translation

Citrix Confidential - Do Not Distribute

Xen Hypervisor

NS VPX: Internals

Dom0 (Linux) DomU (NS VPX )

CPU Scheduler Memory

PV Front endDrivers

Real Drivers

Back-endDrivers Virtual CPU Virtual CPU

Virtual Memory Virtual Memory

Xen Tools

Xen daemon(s)

Citrix Confidential - Do Not Distribute

• Virtual hardware assist• CPUs• Memory• NIC

Citrix Confidential - Do Not Distribute

Hardware requirements

Differences between VPX and hardware

Features of VPX Features of Hardware

Citrix Confidential - Do Not Distribute

• Tagged VLANs not supported

• No LACP

• No hardware assists

• No nCore support (yet)

• Only version 9.1 & up

• Full L2 support

• Hardware assists

• nCore with MPX models

• All versions compatible with hardware

Installation and Licensing

Setting the VM memory and VCPUs for the NetScaler VPX

Citrix Confidential - Do Not Distribute

Installation

Citrix Confidential - Do Not Distribute

Identifying the VPX from the CLI and GUI

• 1 Mbps• 20 Mbps• 1000 Mbps• Standard• Enterprise• Platinum• http://support.citrix.com/article/ctx122426

Citrix Confidential - Do Not Distribute

NetScaler VPX

• Free license

• Unlimited VMs• XenConvert (P2V and V2V)• Centralized multi-server manangement console• Live motion• Virtual infrastructure patch management• Intelligent server maintenance mode

Citrix Confidential - Do Not Distribute

XenServer licenses

• Citrix Essentials

• High Availability• Advanced server virtualization management• Intelligent workload placement• Rapid provisioning of new VMs

Citrix Confidential - Do Not Distribute

XenServer licenses (continued)

Troubleshooting

• Issues dealing with Networking• Tracing• Log file locations

Citrix Confidential - Do Not Distribute

TroubleShooting VPX

• CPU from XenCenter is 100%• VPX shows lower values• Which is right?

Citrix Confidential - Do Not Distribute

Why is my CPU so high?

Citrix Confidential - Do Not Distribute

XenCenter View

Citrix Confidential - Do Not Distribute

NetScaler VPX view

Lack of proper license while adding SSL certificates

NetScaler VPX missing a valid license

Some examples of problems with the license file(s)The shell command `cat /var/log/license.log` reveals a missing license:

The shell command `cat /var/log/license.log` reveals an invalid license:

The shell command `cat /var/log/license.log` reveals an expired license:

Using Tagged VLANs With the NetScaler VPX

Citrix Confidential - Do Not Distribute

XenServer Host (Dom0)

Virtual Machines (DomU)

Trunk Port(tagged VLANs)

ExternalSwitch

Virtual Switches

Vlan 1Vlan 53Vlan 128

NetScaler VPX

UntaggedVLANs

1/2 1/3 1/4 Virtual Interfaces

Identifying the NetScaler VPX interfaces

Reboot messages in the logs

Citrix Confidential - Do Not Distribute

Reboot messages in the logs

Citrix Confidential - Do Not Distribute

Reboot messages in the logs

Citrix Confidential - Do Not Distribute

Use Cases

• Lab Environment• Proof of Concept• Separation of traffic• Real world simulation

Citrix Confidential - Do Not Distribute

Use Cases

Real World Simulation

Citrix Confidential - Do Not Distribute

Virtual NetScalersVirtual Server

Virtual Router

North America

Europe

Asia

Africa

HyperVisor Real World

• NetScaler Licensing: CTX122426• NetScaler VPX 9.1 FAQ CTX12191• NetScaler setup and configuring CTX124306• How to video: importing and configuring CTX122721• Importing VPX on ESX CTX123683• Support.citrix.com (search for VPX)• Forums

Citrix Confidential - Do Not Distribute

Additional Resources

Before you leave…• Session surveys are available online at www.citrixsummit.com

starting Thursday, May 13• Provide your feedback and pick up your complimentary Starbucks or iTunes giftcard at the

registration desk

• Download presentations starting Friday, May 21, from your My Schedule Tool located in your My Synergy Microsite event account

Questions/Comments?

Citrix Confidential - Do Not Distribute