Hi,
I setup a netscaler load balancer for sip traffic on Amazon EC2. Clients packets are arrived to the backend servers over to the load balancer but any responses cannot be arrived to clients. I see the responses on the load balancer.
I think there is a config problem for that but I don't know and did not find any solution for that. How can I fix the outbound traffic issue.
thanks
Bu e-posta mesaj? ve ekleri g?nderildi?i ki?i ya da kuruma ?zeldir ve gizlidir. Ayr?ca hukuken de gizli olabilir. Hi?bir ?ekilde ???nc? ki?ilere a??klanamaz ve yay?nlanamaz. E?er mesaj?n g?nderildi?i al?c? de?ilseniz bu elektronik postan?n i?eri?ini a??klaman?z, kopyalaman?z, y?nlendirmeniz ve kullanman?z kesinlikle yasakt?r ve bu elektronik postay? ve eklerini derhal silmeniz gerekmektedir. NETA? TELEKOM?N?KASYON A.?. bu mesaj?n i?erdi?i bilgilerin do?rulu?u veya eksiksiz oldu?u konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne ?ekilde olursa olsun i?eri?inden, iletilmesinden, al?nmas?ndan, saklanmas?ndan ve kullan?lmas?ndan sorumlu de?ildir. Bu mesajdaki g?r??ler g?nderen ki?iye ait olup, NETA? TELEKOM?N?KASYON A.?.'nin g?r??lerini yans?tmayabilir.
Hi Anil,
Have you setup MBF? I've seen that as an issue before. If you don't have a default route set, than MBF might help you send the response out the interface on which it was received.
Paul
Hi Paul,
Thanks for reply, it works :). But I have another problem; source port is altered by the virtual service. However, we need the source port to be the same on the destination servers. Is there a way to ensure this?
Thanks
Hi,
Thanks for solution but I cannot use it, because backend servers must know netscaler snip ip for clients. So I need fixed proxy port to communication with backend servers.
Hi again,
I continue to work on fixing the problem, but no success so far. Is there any way to use client port number without enabling "use source ip"??
Have you configured RNAT yet? Might tidy up your SIP problem. Do you need
the servers to see the client's source port, or is your issue that SIP
response traffic is not on the port the client expects?
Give the guide to setting up RNAT here a try -
http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-1-map/ns-lb-commonprotocols-sip-con.html
tl;dr though -
set rnat <server subnet> <netmask>
set lb sipParameters -rnatSrcPort 5060 -rnatDstPort 5060 -retryDur
1000 -addRportVip ENABLED -sip503RateThreshold 1000
My aim is forwarding all sip packages from netscaler snip:client port number to backend server ip: backend server port. I tried the following scenarios;
- "use source ip" is enabled, "use proxy port" is set no
o Result: we see client port as source port but no SNIP for source ip-address
- In additional above configured also RNAT
o Result: we see SNIP ip address as source ip address but source port again become random.
Checked the citrix support link for rnat, but our sip packages include 'via header' option with SNIP: client port number;
Via: SIP/2.0/UDP <netscaler SNIP:5060;received=192.168.184.13;branch=z9hZ4bb1ce74d0f-a161-43af-8f08-2d98cf702742_0efcfc5e_71732184846337
Hi Anil,
The command is for the service or servicegroup and it is:
set service <name> -useproxyport (NO|YES)
Paul
Hi Paul,
I use Netscaler 10.1, and “use proxy port” option depends on “use source ip”. I don’t understand why I cannot set no for proxy port without enabling source ip.
Its very bad solution for that.
