NetScaler is a popular load-balancing product from Citrix, and has been rated a market leader by Gartner in 2014. NetScaler has done exceedingly well in Data Center (DC) environments due to its ease of use, and feature richness that goes beyond basic load-balancing, and focuses on high availability and application delivery.
However, due to some inherent AWS networking limitations, the NetScaler AMIs available on AWS Marketplace lack some key functionality such as L2 networking, IPV6, Gratuitous ARP, VLAN tags, Dynamic Routing, and Virtual MACs. This has been a pain-point for many network architects that rely on these features to design their deployments. As a result, they have been unable to reuse an existing network design when they moved to AWS for upgrade testing and dev/test etc. But thanks to nested virtualization platforms with software defined networking overlay - such as Ravello - now they have the option to run the feature rich DC version of NetScaler (KVM VMs) not only on AWS, but also on Google Cloud.
We have captured the steps on how to run NetScaler KVM VMs on an earlier blog post. This post details the benefits of running NetScaler VPX using Ravello in AWS compared to running the NetScaler AMIs in AWS.
By design AWS doesn’t expose access to the L2 Networking, and while there are virtual ethernet adapters connected to the virtual L2 network in public clouds, the frames that are actually sent and received are heavily filtered. Specifically, broadcast datagrams and non-IP payloads are not allowed with very limited exceptions needed to enable basic ARP and DHCP. This means IP broadcast and multicast which rely on broadcasting ethernet frames don’t work natively on AWS and Google Cloud.
Ravello’s Software Defined Networking (SDN) overlay on top of the public cloud VM allow the NetScaler application running on top of Ravello has full L2 Networking access including broadcast and multicast.
With IPV4 addresses running out fast, many organizations are working to migrate to IPV6. However, AWS natively doesn’t support IPV6 addressing on EC2 instances. With Ravello’s SDN overlay, however you can support IPV6 addressing for any web-servers and application servers that are located behind the load-balancer - mirroring the same network design as deployed in the DCs.
Gratuitous ARP (GARP) relies on the ability to broadcast a datagram - which are filtered on public clouds such as AWS and Google Cloud. As a result, GARP is not supported on either AWS or Google Cloud. NetScaler needs GARP to move the IP to the secondary device’s NIC after a HA failover so that network devices do not send traffic to the failed device. Because of GARP support limitation, the L2 HA failover between NetScaler pairs doesn’t work in AWS and HA implementation requires an alternate approach.
With Ravello’s SDN overlay however NetScaler KVM VMs have access to L2 network, including the GARP, allowing network architects to configure NetScaler pairs using GARP as they do in their data centers even while running in public cloud (AWS or Google) to ensure a more efficient failover.
Enabling dynamic routing on NetScaler allows the routing process to monitor the route updates and also advertise routes. This enables an upstream router to use the Equal Cost Multipath technique (ECMP) to load-balance traffic to identical virtual servers hosted on two stand-alone NetScaler virtual appliances.
Due to AWS limitations, Dynamic Routing is not supported on NetScaler’s AMIs in AWS. However, with Ravello’s SDN overlay, one can enable Dynamic Routing with NetScaler VPX (KVM VM) on AWS & Google Cloud - allowing upstream routers to use ECMP to load-balance to virtual servers on two stand-alone NetScalers.
VLAN tags are commonly used in many NetScaler deployments to segment the internal network into multiple zones - each responsible for responding to a specific set of services. For example, a network architect may choose to put the set of servers load-balancing requests for company web-sites in a separate VLAN from the set of servers responding to request for SharePoint services.
Unfortunately, VLAN tags are not supported on NetScaler’s AMIs in AWS, but they are on NetScaler VPX (KVM VM). With Ravello’s SDN overlay, one can use the NetScaler VPX (KVM VM) ‘as is’ on Google Cloud or AWS and continue using VLANs tags to segment the network services on two different virtual networks.
Virtual MACs (VMAC) are very useful in NetScaler High Availability deployment scenarios. VMAC is a virtual MAC address that can 'failover' between devices, and can compliment the built-in High Availability or be used to create an active/active NetScaler pair. Virtualizing MAC address ensures that there is no drop in network connectivity during the failover as the address is shared across NetScaler pairs - and CAM/MAC table on switches upstream do not require any update. This results in a less intrusive and faster failover between NetScaler pairs with regards to user sessions.
Since access to L2 networking is very limited on public clouds, this feature which requires L2 access is not supported on NetScaler AMIs for AWS. However, with Ravello’s SDN overlay, L2 networking features - such as VMACs are supported. Hence, network architects can design their deployment for L2 High Availability using VMACs for a faster and less intrusive failover.
Ravello’s nested virtualization and overlay networking platform helps enterprises avoid limitations with NetScaler AMIs for AWS by allowing them to run NetScaler KVM VMs on both AWS & Google Cloud. Just sign up for a free Ravello trial, and drop us a line – we can help you get your NetScaler VPX KVM VMs running ‘as-is’ in Ravello in no time.