This article describes how to set up a high-availability on the NetScaler appliance.
Points to consider:
When configuring a network adapter NetScaler high availability configuration, disable any unused ports. Reference: https://support.citrix.com/article/CTX101810 , detailed list of ports for communication between the secondary device and the primary communication port Citrix NetScaler technique used.
Primary and secondary devices are provided for high availability NetScaler IP address used for communication between devices.
NetScaler IP address of the device to configure NetScaler HA in the following procedure.
When configuring HA, the configuration of the device must have the same nsroot account password.
Details of the high-availability set to consider a detailed list, see the Citrix documentation: https://docs.citrix.com/en-us/netscaler/12/system/high-availability-introduction/points-to-consider-high -availability-setup.html
NetScaler Gateway GUI from the completion of this process, see the Citrix documentation: https://docs.citrix.com/en-us/netscaler-gateway/12/
Description>
Set NetScaler High Availability
Note: Secure Shell (SSH) connection for executing commands in this article.
set ha node -hastatus STAYPRIMARY
2. Log on to the secondary NetScaler device, and run the following command from the CLI:
set ha node -hastatus STAYSECONDARY
3. Run the following commands on the main and auxiliary device NetScaler NetScaler equipment to disable the network is not connected to any network interface:
disable interface <interface_num>
4. In the main apparatus NetScaler, run the following command from the CLI, to specify the ID and auxiliary equipment NetScaler IP (NSIP) Address:
add HA node <id> <ipAddress>
Note: in a high availability arrangement, the maximum node ID of the device 64. It can be any number. For example, you can be the number 2 for the second device. Numeral 64 does not mean that there may be nodes 64 in a high availability arrangement. It's just a variable value. High availability settings are always created by the two devices.
5. Login to the secondary NetScaler equipment, and run the following command in the CLI to specify the ID of the master device and NetScaler IP (NSIP) Address:
add HA node <id> <ipAddress>
6. RpcNode must set a password on both devices. The password must be the same on each device. The master must know the password assistance RpcNode, auxiliary equipment must know the main RpcNode password.
Note: NetScaler nsroot password on each node must be the same. RpcNode not necessarily the same password nsroot password.
NetScaler on the primary gateway device, a command line interface to run the following command:
set ns rpcnode <ipAddress> -password <string>
IP address must be the IP address of the master device
7. Run the same command and specify the IP address of the auxiliary equipment. Use the same password.
8. Repeat NetScaler on the second gateway device and use the same command to specify two RpcNode password.
9. RpcNode specified password on the main and auxiliary equipment, run the following command to check the settings:
show ns rpcnode
10. rpcnode properly set the node and password on both devices, with the following command to verify the status of the node:
show ha node
If the two devices are set correctly RpcNode password, the second state of the device will display correctly. Otherwise, you can get the results of unknown status of the remote node.
a. Node ID: 0
IP: x.x.x.x.x (ns)
Node State: UP
Master State: Primary
INC State: DISABLED
Sync State: ENABLED
Propagation: ENABLED
Enabled Interfaces : 1/1
Disabled Interfaces : 0/1 1/3 1/2 1/4
HA MON ON Interfaces : 1/1
Interfaces on which heartbeats are not seen :
SSL Card Status: UP
Hello Interval: 200 msecs
Dead Interval: 3 secs
b. Node ID: 2
IP: x.x.x.x.x
Node State: UP
Master State: Secondary
INC State: DISABLED
Sync State: SUCCESS
Propagation: ENABLED
Enabled Interfaces : 1/1
Disabled Interfaces : 0/1 1/3 1/2 1/4
HA MON ON Interfaces : 1/1
Interfaces on which heartbeats are not seen :
SSL Card Status: UP
11. Use sync HA files forced synchronization file synchronization command from the master device to the secondary device on the master device. This command synchronizes all SSL certificates, SSL CRL lists and VPN bookmarks. The master is considered to be authoritative, copy the files from the master to the auxiliary equipment, covering all the difference.
sync ha files all
12. To enable the HA setup, run on primary and secondary equipment NetScaler following command:
set ha node -hastatus ENABLED
13. If you add a new device to an existing device to form a HA pair, then go to the new device and remove duplicate default route (0.0.0.0/0). Pairing will add a default route defined on the existing equipment, but does not delete the default routing configuration on the new device.
14. and then synchronize all the secondary communication devices to work between the master unit, the test failover scenarios. The following command completely simulate the event of a failover, wherein the primary and secondary switching devices, auxiliary equipment and complete control of all dedicated traffic between devices becomes the master.
force HA failover
15. When a failover success of highly available, and you want to restore to an original state when the master device, again using the forced recovery failover command.
=======================================================================================
Stay Secondary Appliance
当主设备重新启动并且它们之间的连接中断时,辅助设备自动成为主设备。心跳会停止。当不能作为辅助设备访问主设备时,可以将辅助节点保留为辅助设备。
在某些特定的维护场景中,当辅助设备发生故障并且必须更换时,这可能非常有用。例如,如果替换了辅助设备,则可以设置高可用性设置,但不能同步配置,并且主设备失败或由于任何原因无法访问。如果没有适当的配置,辅助设备就会激活,并在基础设施中造成问题。在某些场景中,如果再次建立了辅助设备和主设备之间的通信,则可能覆盖前面主设备的配置。
从辅助设备上的命令行界面运行以下命令,以使其保持为辅助设备:
set node -hastatus STAYSECONDARY
要删除STAYSECONDARY设置,请运行以下命令:
set node -hastatus ENABLE
==================================================
Hongyuan Liu
来源于:https://support.citrix.com/artice/CTX116748