Jump to content


Photo

How to view client IP when you have userIP disable

Started by eduardo vargas , 10 March 2017 - 04:30 PM
6 replies to this topic

eduardo vargas Members

eduardo vargas
  • 3 posts

Posted 10 March 2017 - 04:30 PM

Hi all,

 

I have netscaler 5500 with 9.3 ns firmware.

 

I have virtual server created with server1 and server2, and I use round robing to balance the traffic. I have a client with the IP 1.1.1.1

 

netscaler mapped IP is 3.3.3.3.

 

Client with IP 1.1.1.1 is connected to the IP of the virtual server 2.2.2.2 

 

Server1   IP 4.4.4.4 server2  IP 5.5.5.5

 

I have disable USERIP feature and when I write nsconnectiontable, to determine in wat physical server is the client connected (server 1 or server 2), in source IP I watch the IP 3.3.3.3(netscaler IP)

 

¿How can I know on wich physical server is connected client with ip 1.1.1.1?



Carl Stalhood CTP Member

Carl Stalhood
  • 12,277 posts

Posted 10 March 2017 - 04:37 PM

When I go to System > Diagnostics > TCP/IP Connections, there's a checkbox for "Client Server Link Mapping". 



eduardo vargas Members

eduardo vargas
  • 3 posts

Posted 10 March 2017 - 04:44 PM

Thanks Carl ¡¡¡

 

In all the connections to the servers I watch the source IP of the netscaler and not the IP of the client.... I want to watch the IP of the client



Paul Blitz Members

Paul Blitz
  • 4,004 posts

Posted 10 March 2017 - 08:28 PM

By default, Netscaler Load Balancing is a proxy, and as such, the netscaler will use its MIP or SNIP to talk to the backend server

 

If you enable USIP mode globally, and ensure USIP is also enabled in your services / service group, then Netscaler will present the Client IP to the backend server. However, you will also now need to set the netscaler's MIP/SNIP to be the server's default gateway, otherwise the return packet will fail.



Ross Bender Members

Ross Bender
  • 142 posts

Posted 10 March 2017 - 09:47 PM

You can attach the client IP as a head (industry standard is X-Forwarded-For) and on the backend server configure the logs to use the value of the header instead of the IP address (which will always be the mapped IP of the NS if traffic is proxied).



eduardo vargas Members

eduardo vargas
  • 3 posts

Posted 16 March 2017 - 11:57 AM

Thanks all for your answers,

 

With UIP activated:

 

 

Do you know any command to be able to view the netscaler NAT translations?

 

or...

 

Do you know any command to be able to view the client's IP that connected to the physical servers?

 

Best regards.



Shalu Verma Citrix Employees

Shalu Verma
  • 37 posts

Posted 16 March 2017 - 04:32 PM

Hi Eduardo,

 

This article might help you to see the NAT translations:

 

https://docs.citrix.com/en-us/netscaler/11/networking/ip-addressing/configuring-network-address-translation/configuring-rnat.html