Categories: citrix
Tags: , , ,

NetScaler ADC - Hidden vServer for HTTPS redirect

Table of Contents

Starting with release 11.1, NetScaler ADC offers an easy way to redirect traffic from HTTP to HTTPS within the configuration of a load-balanced vServer. With 11.1, Citrix introduced the paramter  -redirectFromPort and -redirectURL.

While playing with a NetScaler ADC in my lab, I discovered a strange error message as I tried to configure the redirect.

[caption id=“attachment_3453” align=“alignnone” width=“382”]NetScaler HTTP Redirect Error Message Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0[/caption]

Internal vserver couldn’t be set?! Okay, there was already a vServer, that was listening on port 80. After removing the vServer, I was able to setup the redirection and it was working as expected.

A hidden vServer

Later, I was really suprised to find a hidden vServer in the output of the “stat lb vserver” command.

> stat lb vserver lb_vsrv_https_httpredir_31 -fullValues

Virtual Server Summary vsvrIP port Protocol lb_vsrv_https_httpredir_31 192.168.200.146 80 HTTP

                                                       State

lb_vsrv_https_httpredir_31 DOWN

                                          Health              actSvcs

lb_vsrv_https_httpredir_31 0 0

                                       inactSvcs

lb_vsrv_https_httpredir_31 0

Virtual Server Statistics Rate (/s) Total Vserver hits 0 0 Requests 0 0 Responses 0 0 Request bytes 108 1131 Response bytes 66 690 Total Packets rcvd 1 15 Total Packets sent 1 12 Current client connections – 3 Current Client Est connections – 0 Current server connections – 0 Requests in surge queue – 0 Requests in vserver’s surgeQ – 0 Requests in service’s surgeQs – 0 Spill Over Threshold – 0 Spill Over Hits – 0 Labeled Connection – 0 Push Labeled Connection – 0 Deferred Request 0 0 Invalid Request/Response – 0 Invalid Request/Response Dropped – 0 Vserver Down Backup Hits – 3 Current Multipath TCP sessions – 0 Current Multipath TCP subflows – 0 Done

The name of the vServer is always the same (name of the vServer plus suffix _httpredir_##). Sometimes, the vServer has an other ending number after a reboot. There is no hint to this vServer in the config of the NetScaler. The behaviour is the same for NetScaler ADC 11.1 and 12.0.

I don’t think that this some kind of a hack or an issue. But I think that’s something you should know when working with HTTPS redirection, or for troubleshooting purposes.

Patrick Terlisten
Infrastructure Cloud/ On-Prem/ Hybrid | Dad of 👧 👧 👦 | Podcaster | Landleben

Related