Jump to content


Photo

Integration with Spectrum and Splunk.

Started by sagar Phadatare , 17 March 2017 - 10:06 AM
10 replies to this topic

sagar Phadatare Members

sagar Phadatare
  • 21 posts

Posted 17 March 2017 - 10:06 AM

Hi Everyone,

 

10.125.195.45 is my NSIP. I have configured NSVLAN 202 and bound NSIP and interface to it.  

 

VLAN ID: 202    VLAN Alias Name:
Interfaces : 0/1
IPs :
10.125.195.45      Mask: 255.255.255.224
 

I have also defined SNIP for same subnet i.e. 10.125.195.46. 

 

Now I want to integrate Netsaler with Spectrum and Splunk.

What would be my source IP when Ill be connecting to Splunk and Spectrum? SNIP(10.125.195.45) or SNIP(10.125.195.46)?



Carl Stalhood CTP Member

Carl Stalhood
  • 11,444 posts

Posted 17 March 2017 - 10:54 AM

SYSLOG? If so, it's NSIP.

You can run nstcpdump.sh host <SplunkIP> to see what IP address NetScaler is using.

sagar Phadatare Members

sagar Phadatare
  • 21 posts

Posted 17 March 2017 - 11:18 AM

And what about spectrum (SNMP) ? 



Carl Stalhood CTP Member

Carl Stalhood
  • 11,444 posts

Posted 17 March 2017 - 11:22 AM

SNMP also uses NSIP.

 

In NetScaler CLI, run shell. Then run nstcpdump.sh host <Destination> and you can see the IP that NetScaler uses.



Paul Blitz Members

Paul Blitz
  • 3,695 posts

Posted 17 March 2017 - 11:27 AM

Generally, the SNIP is used for live traffic (eg loadbalanced) and most monitors, the NSIP is used for "management traffic", so logging, authentication etc.



Johannes Norz Members

Johannes Norz
  • 566 posts

Posted 17 March 2017 - 11:31 AM

A general rule would be: BSD can only use the NSIP while NetScaler uses the SNIP. So every BSD based subystem (authentication, syslog, ...) will use the NSIP

BUT: if you load balance the target, NSIP will communicate to the VIP and the SNIP to the backend system, as this is normal load balancing traffic ...



Srikanth Challa Citrix Employees

Srikanth Challa
  • 8 posts

Posted 20 March 2017 - 03:32 AM

Kindly note NSIP will not communicate with VIP if it is loadbalanced. The client communication is initiated to VIP and the backend communication with SNIP. As mentioned above if SYSLOG is configured NSIP will be used for communication with the servers. 



sagar Phadatare Members

sagar Phadatare
  • 21 posts

Posted 22 March 2017 - 11:56 AM

A general rule would be: BSD can only use the NSIP while NetScaler uses the SNIP. So every BSD based subystem (authentication, syslog, ...) will use the NSIP

BUT: if you load balance the target, NSIP will communicate to the VIP and the SNIP to the backend system, as this is normal load balancing traffic ...

But if I define, SNIP for NSIP subnet (incase of NSVLAN) then what would be used to communicate?



Carl Stalhood CTP Member

Carl Stalhood
  • 11,444 posts

Posted 22 March 2017 - 12:11 PM

No. 

 

For BSD processes, you can force them to use a SNIP by sending the BSD traffic through a LB VIP on the same appliance. Or maybe RNAT.

 

Run nstcpdump.sh host <DestIP> to see what source IP NetScaler is using.



sagar Phadatare Members
  • #10

sagar Phadatare
  • 21 posts

Posted 22 March 2017 - 01:55 PM

Even if I force BSD traffic to go from separate interface, it uses that particular interface's SNIP as a source IP. 



Carl Stalhood CTP Member
  • #11

Carl Stalhood
  • 11,444 posts

Posted 22 March 2017 - 02:50 PM

Run nstcpdump.sh host <DestIP> to see what source IP NetScaler is using.