Netscaler VPX 10 High Availability Setup

Loadbalancers are used to balance traffic over multiple application servers to implove performance and stability in a scalable application. Although, a single loadbalancer would be a single point of failure. A solution to this issue is to configure a high availability (HA) Netscaler VPX pair. Configuring an HA pair will require two Netscaler VPX servers. The secondary HA pair steps in to action to continue loadbalancing should the primary HA pair fail. This stand by back up is what makes the HA pair more resilent than having a single Netscaler VPX loadbalancer.

When ordering there are some considerations to configure the HA pair correctly. To understand this, there are some basic terms for the configuration. The SNIP ( Subnet IP) is the IP that will be seen by the loadbalanced servers as the source IP of the requests (connections) made to the VIP (Virtual IP) of the Netscaler VPX. Normally in an HA pair setup the SNIP doesn't change, but it is possible for it to change during a failover event. When the two Netscalers are in the same subnet, it's then trivial for the SNIP of the secondary Netscaler VPX to change to the SNIP originally used by the primary Netscaler VPX, and this will not cause any confusion for the servers handling the request.

Thus to start, both Netscalers will need to be in the same VLAN, and both netscalers should be on the same subnet to simplify the HA configuration.

Next, check that the following prerequisit considerations :

  1. If the pair will be configured active-active, any VIP subnets added to the instances must be of type "Routed to VLAN".
  2. If the pair will be configured active-passive, any VIP subnets added to the instances must be of either type "Routed to VLAN" or "Secondary routed to IP", routed to the public IP address of the primary node.

Note: For the above subnet types, please review this article about subnets available.

After ordering the two Netscaler VPX servers in the needed VLAN, and ordering the VIP and SNIP subnets to meet prerequisits for your HA pair configuration then you can proceed with the following:

1. Open two browser windows, and login to the advanced interface on both netscalers. On the secondary netscaler, go to system->users and set the root password to the same as the primary Netscaler, and then update the password on file in the softlayer portal on the device details page to match the password set for the secondary.

2. On the VPX you want to be secondary, click on System > High Availability and right click the first line, and click "Open..". Select Stay Secondary on the HA status config drop-down box and hit OK.

3. Select Add. Enter the system IP address of the other VPX (this is located in the high availability tab on the primary), and enter the root login details at the bottom. Leave the INC box unchecked. Hit ok. if you get an error at this point claiming that the IPs are not in the same subnet, it is possible both VPX are not in the same VLAN. If this worked you should now be able to hop onto the primary, hit the refresh button on high availability and see both servers. The new netscaler management IP for the secondary should now be one IP address lower then what it was previously. If at this point you can't get any access to the secondary VPX at all whatsoever you can remove the high availability from the command line using:

To list the ha:
sh ha node

To remove what would most likely be the ha node:
rm ha node 1

4. On the primary VPX you should see that the remote VPX is now syncing.

5. Go back to the secondary and check the Network > IPs configuration. You should see the Primary's VIP and other IPs sitting there as passive.

6. Go back to the System > High Availability on the secondary and click "Open..", select ENABLED in the drop-down box and hit OK.

7. Force a failover to test. Refresh the screen and watch the IPs addresses become active on the secondary. Failover again and watch them go passive. Ping the IPs to make sure they work.

8. The primary should now be primary and the secondary should say it has a synchronization state of success.

9. Task complete.