Switching between different versions (pattern 2)

The procedure for changing the Load Balancer (redundant configuration) in use to the new Load Balancer version (redundant configuration) is described.
In the new version load balancer, this is a switching method that takes over the IP address used in the previous version load balancer and sets the same IP address.
Operations have been checked by NTT Communications, in terms of the following combinations of versions.

Old version

New version

11.0 Standard Edition 12.0 Standard Edition
10.5 Standard Edition 12.1 Standard Edition
12.0 Standard Edition 12.1 Standard Edition

System configuration to replace in this guide

This section explains how to replace a load balancer (NetScaler VPX) based on the following system configuration.
NetScaler VPX GUI

Prerequisites

  • Version upgrade is not possible, as described in the Service Descriptions .

  • For with-VRRP replacing from the old to new version, it is necessary to stop VRRP of the old LB and add VRRP settings of the new LB, because operations differ between the versions.

  • The customer is expected to check the functions with the new version beforehand.

  • It is assumed that VRRP operates in the interface for client side and does not operate in the interface for distribution server side because SNAT works there.

  • In vserver setting, please note that contents of settings are different between Pattern A where Virtual IP addresses are registered in the different segment from Virtual IPs registered for VRRP and are set as IP addresses to distribute so that redundancy of multiple VIP become possible, and Pattern B where Virtual IPs registered for VRRP are set as Virtual IP addresses.

  • As deleted vrID has to be newly created at the time of changeback, record the set values of vrID in advance.

  • Though the settings are not saved on the old LB side in this procedure, save the settings as required because rebooting will return the settings to those before saving. For saving method, please refer to Setting for configuration saving of NetScaler VPX.

  • For this procedure, operations have been checked with the following settings made.

  • `An error occurs when operating the customer portal of the load balancer (NetScaler VPX)<https://ecl.ntt.com/en/known-issues/loadbalancer-status-error/> `_ has been confirmed. In particular, this pattern includes the interface cutting process, so be careful when selecting the pattern. If an error occurs, the customer will need to recreate the load balancer, so be sure to make a backup of the config.


Settings of old LB1(excerpted from System - Diagnostics - running config)
#Enable feature
enable ns feature LB SSL

#VRID
add vrID 40 -priority 200 -preemption ENABLED

#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10

#service group
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http

#vserver(a: In case of using different Virtual Server IP and VIP for VRRP)
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#vserver(b: In case of using same Virtual Server IP and VIP for VRRP)
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#ssl
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "PrivateKeyPassword"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
bind ssl vserver ssl-vserver -certkeyName server1

#bind
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup

#hostname
set ns hostName lb1

#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"

Settings of old LB2(excerpted from System - Diagnostics - running config)
#Enable feature
enable ns feature LB SSL

#VMAC
add vrID 40 -priority 100 -preemption ENABLED

#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10

#service group
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http

#vserver(a: In case of using different Virtual Server IP and VIP for VRRP)
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#vserver(b: In case of using same Virtual Server IP and VIP for VRRP)
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#ssl
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "PrivateKeyPassword"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA
bind ssl vserver ssl-vserver -certkeyName server1

#bind
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup

#hostname
set ns hostName lb2

#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"


The image of replacing

The image of Load balancer (NetScaler VPX) switching work is explained below.

1.Advance state

The following is the configuration before switching.

2.Create new LB


Create a new version of the load balancer instance.

3.New / old LB2 interface switching and new LB2 setting


After stopping VRRP with the old version load balancer (old LB2), disconnect the interface. After that, register the interface connection and VRRP communication settings to the new version (new LB2) with the same IP address as the old LB2. After attaching, restore the settings with the new version of the load balancer (new LB2).

4.Stop communication of old LB1


Change Virtual Server IP of old load balancer (old LB1) to disable, delete VRID, and stop VRRP.
*VRRP needs to be disabled (not deleted), to ease switchback.

5.New LB2 communication started


Set the configuration for switching prepared in advance with the new load balancer (new LB2) and start VRRP. Confirm that it switches normally. Communication will be interrupted after VRRP is stopped in step 4 until VRRP is started in the new LB2.

6.New / old LB1 interface switching and new LB1 setting

After confirming that communication via the new load balancer is stable, disconnect the interface of the old load balancer (LB1). After that, register the interface connection and VRRP communication settings with the same IP address as the old LB1 to the new version load balancer (new LB1). After attaching, restore the settings with the new version of the load balancer (new LB1). At this time, there is a possibility that a momentary interruption may occur because VRRP is switched.

Important

Check the config before disconnecting the interface, and if the target &quot;interface name&quot; and &quot;IP address&quot; are included in other settings, be sure to delete them. In particular, please be careful to delete the SNMP settings and syslog forwarding settings. If you disconnect without deleting it, an error will occur and you will need to recreate the load balancer.

7.Delete old LB


After confirming that the communication is stable after switching VRRP, delete the old load balancer.

8.Failback (only if communication does not recover)

8-1. If the communication through the new load balancer is still NG, it will fail back.

8-2. To return to the VRRP environment in the old LB, disconnect the new LB2 interface and connect the old LB2 interface. Check that communication is stable.

Work procedure

1 Pre-check

1-1. Save configuration of old LB1

1-1-1.Log into the Load Balancer (old LB1) by executing the command below.

1-1-2.Check the VRRP status of the Load Balancer (old LB1).
Click [ System ] → [ Network ] → [ VMAC ] and check that the set-up state of the Virtual Router ID agrees with the assumption.

1-1-3.Check the status pf Virtual Server etc.
Click [ Traffic Management ] → [ Load Balancing ] → [ Virtual Servers ] and check that the set-up state of the Virtual Server agrees with the assumption.
1-1-4.Save the backup file.
(Please refer to Configuration management)


1-2. Save configuration of old LB2

1-2-1.Log into the Load Balancer (old LB2).

1-2-2.Checking VRRP status
Click [ System ] → [ Network ] → [ VMAC ] and check that the set-up state of the Virtual Router ID agrees with the assumption.
1-2-3.Check the status of Virtual Server etc.
Click [ Traffic Management ] → [ Load Balancing ] → [ Virtual Servers ] and check that the set-up state of the Virtual Server agrees with the assumption.

1-2-4.Save the backup file.
(Please refer to Configuration management)


2.Creating new LB

2-1. Create new LB1

Create a new load balancer (new LB1) from the ECL2.0 Customer Portal.
(Please refer to Load Balancer instance application method , and create Load Balancer.)

Note

For creation of the Load Balancer (new LB1), select “zone1-groupa” for “Zone/group”.

2-2. Create a new LB2

Create a new load balancer (new LB2) from the ECL2.0 Customer Portal.
(Please refer to Load Balancer instance application method , and create Load Balancer.)

Note

For creation of the Load Balancer (new LB1), select “zone1-groupb” for “Zone/group”.

3.Switching the interfaces of new and old LB2

3-1. Stop VRRP of the old LB2

Note

Following this work, the redundant configuration of the firewall is canceled, resulting in operations in a single configuration.
3-1-1. Access the old LB2, click [ system ] → [ Network ] → [ IPs ], and select [ disable ] from the [ Action ] button with all Virtual IPs selected in the list.

Note

If only one Virtual IP is available, select the only one.

3-1-2. Click [ system ] → [ Network ] → [ VMAC ], select a corresponding Virtual Router ID from the list, and click the [ Delete ] button.

3-1-3. Click the Save icon in the upper right corner on the screen to save the configuration of the Load Balancer (old LB2). (Errors should not be displayed.)

3-2. Old LB2 interface disconnection

3-2-1.Using ECL2.0 Customer Portal, select the interface of old LB2 having VRRP configured and cancel the VRRP communication settings.

(Please refer to VRRP setting , and cancel the VRRP communication settings. Click the name of old LB2, click the right (▼) of the interface having VRRP configured, and then select “Cancel VRRP communication settings”.)


3-2-2. From the ECL2.0 Customer Portal, disconnect the logical network from all interfaces connected to the logical network.

Click the name of old LB2, click the right (▼) of the interface, and then select “Disconnect Logical Network“

3-3. New LB2 interface connection

3-3-1.Connect the Logical Network to the created Load Balancer(new LB2) through ECL2.0 Customer Portal.

(Please refer to Connecting the Logical Network , and connect the interface.)

Note

Repeat the procedure for all interfaces to be connected with the logical network.
Set values such as IP address are set to the same values as the old LB.
3-3-2.Register the VRRP communication settings in the interface of the Load Balancer (new LB2) through ECL2.0 Customer Portal.

(Please refer to the VRRP communication setting registration , and register VRRP communication setting.)

Note

Repeat the procedure for all interfaces to be connected with the logical network.
And set values such as Virtual IP address for VRRP are set to the same values as the old LB.
3-3-3.Register the default gateway of the Load Balancer (new LB2) through ECL2.0 Customer Portal.

Note

In the case where setting of the default gateway is not needed, omit this procedure.
3-3-4. Perform syslog transfer setting of Load Balancer (new LB2) through Customer Portal of ECL2.0.

(Please refer to Syslog transfer setting , and perform syslog transfer setting.)

Note

If syslog transfer setting is not required, skip this work step.

3-4. Pre-configuration restore to new LB2

3-4-1. Access the new LB2 with a browser in advance and enable SSH.

For details, please refer to How to access NetScaler VPX CLI (SSH).

3-4-2. If you need a certificate for SSL, register it first and link it between the certificates. For details, Please refer to How to register a certificate And Linking intermediate certificate and server certificate .

3-4-3. To connect to the new LB2 via SSH, execute the following command from a connectable server and log in.
$ ssh user-admin@172.16.10.249
###############################################################################
#                                                                             #
#        WARNING: Access to this system is for authorized users only          #
#         Disconnect IMMEDIATELY if you are not an authorized user!           #
#                                                                             #
###############################################################################
Password:

3-4-4. Paste the input configuration created from the old LB2 backup to the console.
  • a.If VIP of VRRP and Virtual Server IP are different

Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
And edit the configuration below for restoration.
#Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10

#Removing configuration in order to configure via GUI (ssl)
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "PrivateKeyPassword"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA


  • b.If VIP of VRRP and Virtual Server IP are same

Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
And edit the configuration below for restoration.
#Removing configuration in order to configure via GUI (ssl)
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "PrivateKeyPassword"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA

Note

For set-up and check method of configuration, please refer to Configuration management .
If reboot is required after saving configuration, please refer to Load Balancer instance operation method, and reboot Load Balancer from Portal screen.

4.Stop communication of old LB1

4-1. Virtual IP disable of old LB1

Log in to the old LB1, click system-Network-IPs, select all Virtual IPs in the list and select disable from the Action button

Note

After "work procedure: 4-1" the communication disconnection starts. After "work procedure: 5-1" the VRRP setting is applied to the new LB2, the new LB2 is promoted to MASTER and communication is restored.
For Citrix NetScaler VPX, the session is not retained at the time of replacing. Therefore, depending on applications, re-connections are required.

Note

If only one Virtual IP is available, select the only one.

4-2. Delete Virtual Router ID of old LB1

Click system-Network-VMAC, select the Virtual Router ID from the list, and click the Delete button.

4-3. Save configuration of old LB1

Click the Save icon in the upper right corner on the screen to save the configuration of the Load Balancer (old LB1). (Errors should not be displayed.)

5.New LB2 communication started

5-1. VRRP setting of new LB2

Paste the VRRP switching configuration to the SSH console.
a.If VIP of VRRP and Virtual Server IP are different
#Enable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10

#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
b.If VIP of VRRP and Virtual Server IP are same
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup

5-2. Confirm VRRP status of new LB2

Execute the following command to check the VRRP status of the load balancer (new LB2).
Check that MASTER is shown for the state.
#VRRP check command
> sh vrid

5-3. Confirm communication of new LB2

-Confirm the communication through the load balancer (browser, wget, etc.). If communication is not recovered, failback is performed. (Refer to “8 Failback” in this guide for the specific failback procedure.) -Check whether the configuration input to the load balancer (new LB2) matches the expected one. -Execute the following command to save the load balancer (new LB2) configuration. (No error is displayed)

> save ns config
 Done
>

6.New / old LB1 interface switching and new LB1 setting

6-1. Old LB1 interface disconnection

6-1-1. From the ECL2.0 Customer Portal, select the old LB1 interface where VRRP is set, and cancel the VRRP communication settings.

(Please refer to VRRP setting ,and cancel the VRRP communication settings. Click the name of old LB1, click the right (▼) of the interface having VRRP configured, and then select “Cancel VRRP communication settings”.)

6-1-2. Disconnect the logical network from all interfaces connected to the logical network from the ECL2.0 Customer Portal.

Click the name of old LB1, click the right (▼) of the interface, and then select “Disconnect Logical Network“

6-2. Interface connection of new LB1

6-2-1. From the ECL2.0 Customer Portal, connect the created load balancer (new LB1) logical network from the ECL2.0 Customer Portal.

(Please refer to Connecting the Logical Network , and connect the interface.)

Note

Repeat the procedure for all interfaces to be connected with the logical network.
And set values such as Virtual IP address for VRRP are set to the same values as the old LB.
6-2-2. Register the VRRP communication settings to the load balancer (new LB1) interface from the ECL2.0 Customer Portal.

(Please refer to the VRRP communication setting registration , and register VRRP communication setting.)

Note

Repeat the procedure for all interfaces to be connected with the logical network.
And set values such as Virtual IP address for VRRP are set to the same values as the old LB.
6-2-3. From the ECL2.0 Customer Portal, set the default gateway for the load balancer (new LB1).

Note

In the case where setting of the default gateway is not needed, omit this procedure.
6-2-4. Configure syslog transfer for the load balancer (new LB1) from the ECL2.0 Customer Portal.

(Please refer to Syslog transfer setting , and perform syslog transfer setting.)

Note

If syslog transfer setting is not required, skip this work step.

6-3. Pre-configuration restore to new LB1

6-3-1. Access the new LB1 with a browser in advance and enable ssh.
For details, please refer to How to access NetScaler VPX CLI (SSH).

6-3-2. If you need a certificate for SSL, register it first. For details, Please refer to How to register a certificate .

6-3-3. To connect to the new LB1 using SSH, log in by executing the following command from a connectable server.
$ ssh user-admin@172.16.10.250
###############################################################################
#                                                                             #
#        WARNING: Access to this system is for authorized users only          #
#         Disconnect IMMEDIATELY if you are not an authorized user!           #
#                                                                             #
###############################################################################
Password:

6-3-4. Paste the input configuration created from the old LB1 backup to the console.
  • a.If VIP of VRRP and Virtual Server IP are different

Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
And edit the configuration below for restoration.
#Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10

#Removing configuration in order to configure via GUI (ssl)
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "PrivateKeyPassword"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA


  • b.If VIP of VRRP and Virtual Server IP are same

Check that the configuration file to be pasted does not include settings for VRRP. For details, please refer to configuration example to be set at the last.
#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
And edit the configuration below for restoration.
#Removing configuration in order to configure via GUI (ssl)
add ssl certKey server1 -cert server1.crt -key server1.key.pass -passcrypt "PrivateKeyPassword"
add ssl certKey midCA -cert midcacert.pem
link ssl certKey server1 midCA

Note

For set-up and check method of configuration, please refer to Configuration management .
If reboot is required after saving configuration, please refer to Load Balancer instance operation method, and reboot Load Balancer from Portal screen.

6-4 VRRP setting of new LB1

6-4-1. Log in to the load balancer (new LB1) and paste the VRRP switching configuration into the SSH console.

※Communication interruption may occur during this work because of VRRP switching.

a.If VIP of VRRP and Virtual Server IP are different (for details, please refer to configuration example to be set at the last.)
#Enable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10

#VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
b.If VIP of VRRP and Virtual Server IP are same (for details, please refer to configuration example to be set at the last).
#VRRP
#add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup

6-4-2. Execute the following command to check the VRRP status of the load balancer (new LB1,2).
Check that MASTER is shown for the state of new LB1 and BACKUP for the new LB2.
#VRRP check command
> sh vrid

6-5. Communication check

  • Check the communication through the load balancer (browser, wget, etc.). If communication is not recovered, failback is performed. (Refer to “8 Failback” in this guide for the specific failback procedure.)

  • Check if the configuration input to the load balancer (new LB1) matches the expected one.

  • Execute the following command to save the load balancer (new LB1) configuration. (No error is displayed)

> save ns config
 Done
>

7.Delete old LB

*Please operate this procedure after confirming that communication after switching is stable.

7-1. List of load balancers

  • From the ECL2.0 Customer Portal, go to “Network” → “Load Balancer” to display a list of load balancers.


7-2. Delete old LB1

  • Delete the load balancer (old LB1) from the ECL2.0 Customer Portal.

(Please refer to Load Balancer instance deletion method , and delete Load Balancer.)

Note

Check again that the Load Balancer (old LB1) to be deleted has been properly selected.

7-3. Delete old LB2

  • Delete the load balancer (old LB2) from the ECL2.0 Customer Portal.

(Please refer to Load Balancer instance deletion method , and delete Load Balancer.)

Note

Perform this work after checking that the old LB1 has been deleted.
Check again that the firewall (old LB2) to be deleted has been properly selected.


8.Failback (only if communication does not recover)

Note

When switching back from “6-5. Confirm communication”, after the communication of the new LB1 is stopped (Virtual IP disable for load balancing and the virtual IP for VRRP is deleted), the interface of the new LB1 is disconnected from the ECL2.0 customer portal and the old Perform the following procedure after connecting the LB1 interface in advance.

8-1. Stop communication of new LB2

Log in to the load balancer (new LB2) and paste the failback configuration into the SSH console.
#Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10

#Removing Virtual IP for VRRP
rm ns ip 192.168.10.251 -td 10

#Save
save ns config

8-2. Start communication of old LB1

8-2-1. Log in to the load balancer (old LB1), click system-Network-VMAC, and click the Add button.

8-2-2. Set the following parameters and click the Create button.

8-2-3. Confirm that the set value (Virtual Router ID is 40) is displayed in the list.

8-2-4. Click system-Network-IPs, select the Virtual IP for VRRP, and click the Edit button.

8-2-5. Specify Virtual Router ID as 40 and click the OK button.


8-2-6. After returning to the list, select enable from the Action button with all Virtual IPs selected.


8-2-7. Confirm that all the states of the selected Virtual IP are turned green.

8-3. Communication check

Check communications which pass through the Load Balancer(Browser, wget etc.).

8-4. Save configuration

Click the Save icon in the upper right corner on the screen to save the configuration of the Load Balancer (old LB1). (Errors should not be displayed.)

Note

Though the communication has been recovered in the above, execute the command below if LB2 changeback is also required.

8-5. New LB2 interface disconnection

8-5-1. From the ECL2.0 Customer Portal, select the new LB2 interface where VRRP is set, and cancel the VRRP communication settings.

(Please refer to`VRRP setting <https://ecl.ntt.com/en/documents/tutorials/rsts/LoadBalancer/network/lb_vrrp.html>`_ ,and cancel the VRRP communication settings. Click the name of new LB2, click the right (▼) of the interface having VRRP configured, and then select “Cancel VRRP communication settings”.)

8-5-2. From the ECL2.0 Customer Portal, select the interface for which VRRP communication settings have been canceled, and disconnect the logical network. (Click the name of the new LB2, click ▼ on the right side of the interface, and select “Disconnect Logical Network”.)

Note

Click the name of old LB2, click the right (▼) of the interface, and then select “Disconnect Logical Network“

8-6. Interface connection of old LB2

8-6-1. Connect the created load balancer (formerly LB2) logical network from the ECL2.0 Customer Portal.

(Please refer to Connecting the Logical Network , and connect the interface.)

Note

Repeat the procedure for all interfaces to be connected with the Logical Network. Set values such as IP address are set to the same values as the old LB.
8-6-2. From the ECL2.0 Customer Portal, register the VRRP communication settings on the load balancer (formerly LB2) interface.

(Click the name of old LB2, click the right (▼) of the interface having VRRP configured, and then select [ Register VRRP communication settings ].)

Note

Repeat the procedure for all interfaces to be connected with the Logical Network. And set values such as Virtual IP address for VRRP are set to the same values as the old LB.

8-7. Start communication of old LB2

Perform the same operation as “8-2. Start communication of old LB1” for old LB2.

8-8. Check status of old LB1,2

  • Check the VRRP status of the load balancer (old LB1,2).

Click [ system ] → [ Network ] → [ VMAC ]. Check that the State is displayed as assumed.
NetScaler VPX GUI

9.Input configuration example

Examples of configurations to be used for the aforementioned work are presented below. Note that the values set here are merely examples used for descriptions on the manual. When switching practically, revise as needed.


1.New LB1 Prior-restoration configuration (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Enable feature
enable ns feature LB SSL

#VRID
add vrID 40 -priority 200

#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10

#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http

#vserver for loadbalancing
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

##Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup

#hostname
set ns hostName lb1

#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"

#save
save ns config

Note

Virtual IP for VRRP is excluded from prior restoration. (It will be set up at the time of VRRP switching.)
Though Virtual IP for load balancing is set up in prior restoration, IP will be disabled for safety purposes. (It will be set enabled at the time of VRRP switching.)
b.If VIP of VRRP and Virtual Server IP are same
#Enable feature
enable ns feature LB SSL

#VRID
add vrID 40 -priority 200

#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10

#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http

#hostname
set ns hostName lb1

#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"

#save
save ns config

Note

Virtual IP for VRRP is excluded from prior restoration. (It will be set up at the time of VRRP switching.)

2.New LB1 VRRP switching configuration (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Eisable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10

#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

b.If VIP of VRRP and Virtual Server IP are same
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup
3.New LB2 Prior-restoration configuration (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Enable feature
enable ns feature LB SSL

#VRID
add vrID 40 -priority 100

#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10

#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http

#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 172.16.100.100 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 172.16.100.200 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#Disable Virtual IP for loadbalancing
disable ns ip 172.16.100.100 -td 10
disable ns ip 172.16.100.200 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup

#hostname
set ns hostName lb2

#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"

#save
save ns config

Note

The differences of the configuration for prior restoration from LB1 are vrID Priority (=100) and hostname.
Configuration for VRRP switching has no difference from LB1.

b.If VIP of VRRP and Virtual Server IP are same
#Enable feature
enable ns feature LB SSL

#VRID
add vrID 40 -priority 100

#Server
add server Web-server-01 172.16.10.11 -td 10
add server Web-server-02 172.16.10.12 -td 10

#ServiceGroup
add serviceGroup HTTPGroup HTTP -td 10 -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
bind serviceGroup HTTPGroup Web-server-01 80
bind serviceGroup HTTPGroup Web-server-02 80
bind serviceGroup HTTPGroup -monitorName http

#hostname
set ns hostName lb2

#timezone
set ns param -timezone "GMT+09:00-JST-Asia/Tokyo"

#save
save ns config

Note

The differences of the configuration for prior restoration from LB1 are vrID Priority (=100) and hostname.
Configuration for VRRP switching has no difference from LB1.
4.Configuration for new LB2 VRRP switching (Example)
a.If VIP of VRRP and Virtual Server IP are different
#Eisable Virtual IP for loadbalancing
enable ns ip 172.16.100.100 -td 10
enable ns ip 172.16.100.200 -td 10

#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10
b.If VIP of VRRP and Virtual Server IP are same
#Virtual IP for VRRP
add ns ip 192.168.10.251 255.255.255.0 -type VIP -snmp DISABLED -mgmtAccess ENABLED -vrID 40 -td 10

#VirtualServer for loadbalancing
add lb vserver http-vserver HTTP 192.168.10.251 80 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10
add lb vserver ssl-vserver SSL 192.168.10.251 443 -persistenceType NONE -Listenpolicy None -cltTimeout 180 -td 10

#SSL
bind ssl vserver ssl-vserver -certkeyName server1

#bind configuration for VirtualServer
bind lb vserver http-vserver HTTPGroup
bind lb vserver ssl-vserver HTTPGroup