How to trace end-to-end connections on the Netscaler Load-balancer

HOW-TO: View Active Sessions End-To-End on the Netscalers

hide

First, the easiest way to see what the source IP's for traffic are is via the ASA firewall logs in syslog.

So to see where ftp connections are coming from, you could use something like

grep [ftp cluster vip] syslog | grep -v ICMP | grep -v [monitoring host's ip] | grep -v local-host

Which greps for the netscaler virtual ip of the ftp-cluster in the syslog file and filters out ICMP and monitoring-host traffic. (As well as connections to itself.)

Additionally, you can see all the active connections on a netscaler by ssh'ing to the CLI and running:

> show connectiontable | grep [ftp cluster vip]

[client ip] 45534 [ftp cluster vip] 21 FTP 7 TIME_WAIT

[client ip] 32570 [ftp cluster vip] 21 FTP 9 ESTABLISHED

That shows you where they're coming from. To find out where they're going to, also, you need to check the persistent connections:

> show persistence

Type SRC-IP DST-IP PORT VSNAME TIMEOUT REF_CNT

SOURCEIP [client ip] [ftp server ip] 21 ftp_cluster 103 1

SOURCEIP [client ip] [ftp server ip] 21 ftp_cluster 0 1

SOURCEIP [client ip] [ftp server ip] 21 ftp_cluster 75 0

SOURCEIP [client ip] [ftp server ip] 21 ftp_cluster 91 0

NOTE: This only works on vservers where persistence is handled by source-ip.

In the case of HTTP traffic, you can add a header to ip with the original ip, in the http traffic that hits the backend services.

There are also a number of Netscaler products allow you to do extensive log analysis.

Enabling Persistent Routes on a Debian Host

1. su to root

2. cd to /etc/network/

3. Copy off the interfaces file to interfaces.DATE (or what have you)

4. Add lines of the following form under the primary network interface definition:

up route add -net 10.1.1.0 netmask 255.255.255.0 gw 10.2.1.1

down route del -net 10.1.1.0 netmask 255.255.255.0

So you should end up with something like this:

iface bond0 inet static

address 10.2.1.5

netmask 255.255.255.0

network 10.2.1.0

gateway 10.2.1.1

up /sbin/ifenslave bond0 eth0

up /sbin/ifenslave bond0 eth2

up route add -net 10.1.1.0 netmask 255.255.255.0 gw 10.2.1.1

down route del -net 10.1.1.0 netmask 255.255.255.0

That creates a route to the 10.1.1.x network for the host with the ip 10.2.1.5 through the 10.2.1.1 router whenever the interface goes up. (It also removes it whenever the interface goes down.)

How to Disable and Clean Netapp Snapshots

To disable snapshots on a netapp volume, you need to disable snapshots on the volume:

vol options volume_name nosnap on

and disable the automatically scheduled snaps

snap sched volume_name 0 0 0

If you need to clear space from the snapshot volume, you can delete the old snaps.

Run

snap list volume_name

to find them, then

snap delete volume_name snap_name

to delete them.

How To Use Netapp SnapMirror

I. To Create a Snapmirror Relationship:

Create source and destination volumes of the same size that have a same-sized aggregate. (This is critical for being able to change the direction of the sync.)

Go into FilerView > Volumes on the DESTINATION and mark the volume OFFLINE.

Go into FilerView > SnapMirror > Add on the DESTINATION and proceed through accepting all the defaults except, obviously, the volume names.

On the SnapMirror > Manage screen, click the Advanced properties of the new job. Inside the job, click "Initialize". It will clean the target volume and begin the first sync. The sync will begin automatically on schedule which, if you used the defaults, is every minute.

II. To mark a Snapmirror RW:

End the SnapMirror relationship with the

snapmirror break

command. This command changes the destination's status from

snapmirrored

to

broken-off

thus making it writable.

When you're ready to resync them, run the

snapmirror resync

command on the DESTINATION. This will change a former destination's status back to snapmirrored and will resynchronize its contents with the source.

(NOTE: When applied to a former source, snapmirror resync can turn it into a mirror of the former destination. In this way, the roles of source and destination can be reversed.)

At any time, you can see the status of all the snapmirrors by running the

snapmirror list

command.

Bookpool is gone!

How terribly, terribly sad!  I noticed their inventory had been pretty lean for a while there, but this was definitely the go-to site for at least half the books in my collection.  

I guess the web giveth and the web taketh away.  

Here's hoping a new store rises from the ashes . . .