Citrix Cloud Bridge



downloadWhy can't I download this file?

Applicable Products

Citrix
  • NetScaler SD-WAN (CloudBridge)

Symptoms or Error

Citrix CloudBridge 2000-010 - load balancing device overview and full product specs on CNET.

The CloudBridge GUI does not show any of the expected connections, in either the Accelerated Connections table or the Unaccelerated Connections table: CloudBridge > Monitoring > Connections > Accelerated Connections/Unaccelerated Connections. For more information, see Citrix eDocs - Connections.

Citrix cloud bridge printing

Solution

CloudBridge increasing the performance and reliability of mission critical applications for remote users. CloudBridge can help you effectively and economically increase WAN throughput while accelerating enterprise applications and ensuring the performance of virtual desktops. Home - Citrix Product Documentation. The CloudBridge Connector feature of the Citrix ADC appliance connects enterprise datacenters to external clouds and hosting environments, making the cloud a secure extension of your enterprise network. Cloud-hosted applications appear as though they are running on one contiguous enterprise network. You can use the CloudBridge Connector feature to connect a data center to an external cloud or another data center. To honor the IPR on public IP addresses.

CloudBridge not receiving data traffic could be caused by:

  • Data traffic not coming to NetScaler.

  • Traffic comes to NetScaler, but NetScaler does not forward it to CloudBridge.

Verify if Data Traffic is Received by the NetScaler

Citrix cloudbridge vpx

Citrix Netscaler Cloudbridge

On NetScaler, verify whether the traffic comes to the NetScaler. There are several ways to do this:

  • Using the CLI, verify connection tables using the command:
    show connectiontable
    Verify if there are connections from the remotes (127.x.y.z are internal, ignore these).

  • Using the NetScaler CLI, verify packet statistics on interfaces using the command:
    show interface
    Verify if received packets count increases significantly (interfaces 0/1, 0/2, 0/3, 10/3, 10/4, LO/1 are internal, ignore these).
    The following highlighted lines are an example of packet counts on two traffic interfaces:

  • Alternatively, use the NetScaler GUI, to verify packet statistics on interfaces.
    Verify if received packets count increases significantly (interfaces 0/1, 0/2, 0/3, 10/3, 10/4, LO/1 are internal, ignore these).

    The following highlighted line is an example of packet count on traffic interface.

  • Get NetScaler PCAP trace. From NetScaler GUI, Configuration > System > Diagnostics > Technical Support Tools > Start new trace.

    If the data traffic is not received by NetScaler, then verify WCCP router configuration.

Verify WCCP Router Configuration

Access the router (or switch, if applicable) that is configured for WCCP. For more information see Citrix eDocs - WCCP Mode (Non-Clustered).

The following are some troubleshooting commands for router configuration:
Note: It is strongly recommended to engage Cisco TAC to validate the router(s) configuration.

Bridge
  • show ip wccp

  • show running-config | i wccp

  • show ip wccp <service group> Mac os for toshiba satellite.

  • show access-lists

  • show ip wccp

    For more information, see Citrix eDocs - WCCP Testing and Troubleshooting.

    • Notice that no packets are redirected.
    • Notice that there is no access-list, but keep in mind that an ACL might not be required.
  • Verify if Redirect Statements are properly configured using command:
    show running-config | i wccp

    • Notice the absence of redirect statements.
    • Configure the appropriate interface(s) with the appropriate redirect statements.

      For example, it might be best to define 'ip wccp 51 redirect in' on the WAN interface and also on each of the LAN interfaces that the traffic is expected to be redirected.

      Or in case there are numerous LAN interfaces, you might prefer not to define 'ip wccp 51 redirect in' on all the interested interfaces, hence another option would be to use both 'ip wccp 51 redirect in' and 'ip wccp 51 redirect out' on just the WAN interface. However, keep in mind that the use of 'ip wccp 51 redirect out' forces the router to use software level WCCP instead of hardware level WCCP, and that software level WCCP introduces significant overhead on the router, which many times can be a detrimental to performance.

  • If the Redirect Statements are correctly configured, verify if the ACLs are correctly configured for the intended traffic.

    In this example, the client is 30.0.1.100 and the server is 30.0.2.200, make a note of the ACL name for corresponding traffic.

    Verify if the same ACL name is in use in the WCCP configuration of the interface.

    Notice that the ACL in use is a wrong ACL. Modify the ACL name by using the following command:

    Initiate connection(s) that would expect to be WCCP redirected to the CloudBridge.

    Now notice that after the preceding modification, the traffic gets redirected to the correct ACL as shown from the router results:
    show access-lists

    Also now the CloudBridge shows connection in the Accelerated Connections table. For more information, see Citrix eDocs - Connections.

NetScaler Does Not Forward Traffic to CloudBridge

If traffic gets to NetScaler but NetScaler does not forward it to CloudBridge, the possible reasons for this are:

Citrix Cloudbridge Vpx 20mbps

  • Virtual server is down: This can be found from NetScaler GUI, Configuration > Traffic Management > Load Balancing > Virtual Servers. It can be re-enabled by selecting the load balancing (LB) policy, right-clicking it and selecting Enable.

  • Service is down: This can be found from NetScaler GUI, Configuration > Traffic Management > Services. To re-enable it, right-click the service that is down, and select Enable.

  • Misconfigured LB policy: The following are the default policies added by the SVM when you run the initial setup wizard, and their purposes.

    Vserver NamePurpose
    BR_LB_VIP_1Catches all accelerated (TCP options) TCP traffic coming from remote sites where CloudBridges/Plugins are installed.
    Note: NetApp traffic (TCP ports - 10565, 10566) will not hit this Vserver.
    BR_LB_VIP_2Catches all TCP traffic coming from LAN and unaccelerated traffic coming from remote branches.
    Note: NetApp traffic (10565, 10566) will not hit this Vserver.
    BR_LB_VIP_NETAPPCatches only the NetApp traffic (10565, 10566).
    BR_LB_VIP_SIGCatches Signaling connections coming from CloudBridge Plug-ins.
    BR_LB_VIP_UDPCatches all UDP traffic.

    Follow the steps of 'Virtual server is down' to find the policies through NetScaler GUI. Click the arrow to the left of the policy name to see the details of the policy.

    Or, it can be found through NetScaler CLI command:
    show lb vserver to show all policies, or show lb vserver <name> to show a specific policy, like show lb vserver BR_LB_VIP_1.

    Verify if the State is UP.

  • Verify Vserver statistics:
    Verify Vserver statistics using the following command and go through each policy:
    stat lb vserver xxx

    Verify if traffic hits the expected policy.

    Connections that are not fully established will show in connection table for a brief time and then time out. Default time out value is 60 seconds.

    Failed TCP handshake can be caused by CloudBridge4000/5000 not returning the SYN to router. From release 7.2, on CloudBridge 4000/5000, ReturnToEthernetSender must be enabled.

    To enable ReturnToEthernetSender through NetScaler GUI navigate to, Configuration > Network > Configure Layer 2 Parameters and check the box next to Return To Ethernet Sender.

Citrix Enable Cloudbridge

Problem Cause

Citrix Cloud Bridgend

  • Redirect statements are configured incorrectly.

  • Misconfiguration of ACLs.

  • Misconfiguration of NetScaler.