This describes how to configure the Direct Server Return (DSR) feature on the NetScaler appliance.
When you configure the DSR feature on the NetScaler appliance, the client request passes through the NetScaler appliance. However, the response from the backend server is sent directly to the client bypassing the NetScaler appliance. The following is a simplified diagram illustrating the described functionality:
You must configure the following on the NetScaler appliance:
Enable Media Access Control (MAC) Based Forwarding (MBF) on the appliance at a global level.
Enable Use Source IP (USIP) mode on the services.
Enable “-m mac” on the virtual server.
For some connection types, enable “-connfailover STATELESS” on the virtual server.
Ensure that the default gateway of the servers is the router interface to ensure that the responses from the servers bypass the appliance.
You must configure a non_arping loopback interface with the same IP address as that of the virtual server on the servers.
If the monitors associated with the service are Perl scripts such as, FTP, LDAP, MySQL, SMTP, NTLM, RDP, SNMP, or any USER script, then you must also configure a Ping or TCP monitor. Ideally configure the monitors with a longer interval between probes, so that the MAC address of the servers can be properly learned. See Configuring Load Balancing in Direct Server Return Mode for more information.
To configure the Direct Server Return (DSR) feature on the NetScaler appliance, complete the following procedure from the command line interface of the appliance:
Run the following command to enable the MBF (Mac Based Forwarding) mode:
enable ns mode mbf
Run the following command to create the service:
Note: Using the ANY protocol type ensures that the NetScaler appliance does not parse the traffic as any of the known protocols.
Run the following command to create the Load Balancing VServer:
add lb vserver
The default type is –m IP. However, for DSR to work properly, you must make switching decisions based on the MAC address of the client and send it on the same path it came from excluding the NetScaler appliance from the return path.
The optional configuration “-connfailover STATELESS” ensures that the appliance does not track the TCP states. Else, some communications, such as ‘active FTP’ connections, do not work.
Run the following command to bind the service to the virtual server:
bind lb vserver
Create a non-arping loopback interface on the servers and configure it with the virtual server IP (VIP) address. It is critical that the server does not reply to the ARP requests for this IP address.
Refer to the server software documentation for instruction to add this interface.
In some scenarios, you must enable persistence on the virtual server to ensure that the subsequent client requests are sent to the same server. Run the following command enable the Source IP persistence on the virtual server:
set lb vserver