in NetScaler, Platforms

Some notes about Citrix Netscaler on Azure

Now while Microsoft has had some huge announcements made at AzureCon around support for NVIDIA GRID Architecture we still to have Netscaler in place in order to be able to optimize traffic to endpoints which want to leverage this capabilities. This post is just to point out some tips & tricks about implementing Netscaler on Azure

  • Only VPX 10, 200 & 1000 are available
  • Its a bring your own license model but you still pay for the compute and bandwidth
  • Runs in single IP mode (meaning that VIP – SNIP and NSIP run using the same IP)
  • Runs a custom firmware version (do not update!)
  • IP is given using the DHCP service of Azure, we can define a static IP address using the new management portal
  • If we want to use Framehawk we need to add the specific ports using endpoints in the management portal
  • Alot of ports are not available for use to services since they are reserved by the Netscaler, for instance port 80, 22 and such, but we can do endpoint port translation within Azure
  • Some features are not available at this time:
    Gratuitous ARP (GARP)
    L2 Mode
    Tagged VLAN
    Dynamic Routing
    Virtual MAC (VMAC)
    CloudBridge Connector)
    This is because of limitations within Azure, so hopefully when Microsoft is adding more and more networking capabilities that we can enable the use of all these features within Azure.

What do you think?


  1. QQ- if port 80 is published in IIS and I want to LB that service does this mean it will not work within azure at this time? I heard multi -ip support is not available in azure right now. Few want to load balance internally only so end points are no good when I am forced to put a public port number. Any suggestions are welcomed. Thanks

    • Hi Ryan, if you want to load balance port 80 externally using NetScaler in Azure, that works perfectly fine. Because in Azure there are the concepts of endpoints. Which specify which port should be available externally. Here we can again define a custom port nr, think of it as a NAT engine. So since we cannot setup port 80 externally on the NetScaler we can use another port for instance 88. So from a enduser perspective when going to a load balanced netscaler http via Azure the connection would look like this.

      Client –> Azure (port 80) –> LB VIP NetScaler (port 88) –> Server IIS (Port 80=)