TFTP Load Balancing on NetScaler using Direct Server Return

To be able to provide Provisioning Server (PVS) High Availability (HA), there are a few options.  One option stands out, direct server return (DSR).  With DSR, NetScaler provides the initial load balancing to an appropriate TFTP server, and then the TFTP and the client talk directly freeing up bandwidth on the NetScaler.  The process of the request is as follows:

1. A DHCP request is sent by a client, at which the DHCP server responds with an IP address and 2 DHCP options, 66 and 67.  Option 66 holds the TFTP server IP, and option 67 holds the boot file name.

2. The preboot execution environment (PXE) on the client then makes a request to the TFTP IP.

3. NetScaler now makes a load balancing decision.  NetScaler uses the MAC address and forwards the request while not changing the destination IP.  The frame arrives at the TFTP server with the same destination IP as the VIP configured on NetScaler.  The TFTP is able to process this frame because of a loopback adapter with the same IP assigned.

4. After the TFTP server receives the request, it forwards the request to the loopback adapter.  It then sends to the client the initial segment of its boot file.

The advantage of DSR for TFTP load balancing is that it provides robust scalability and availability.  The disadvantage of using DSR is that it requires a bit more effort in configuration and also requires a loopback interface on the TFTP servers.

Now on to the fun stuff.  Below you will find instructions on how to configure TFTP load balancing using NetScaler DSR.  In this scenario, there are 2 PVSs with the TFTP service installed on each.  The PVSs have initially 2 network adapters.  The first network adapter is used to connect to the server VLAN.  The second adapter is to connect to the PVS VLAN for streaming images.  We are using 1 NetScaler (or you could use 2 in an HA pair) using subnet IP (SNIP) instead of mapped IP (MIP).  There are 3 VLANS connected to the NetScaler.  First, the management interface which is where the NetScaler IP (NSIP) is allocated.  Second, the server VLAN.  Finally, the PVS VLAN  So it logically looks like:

Steps

1. Open the NetScaler GUI and log in.

2. Navigate to "System" | "Settings".

3. Click on "Configure modes".

4. Select "Use Source IP".Select "MAC Based Forwarding".

5. Create the SNIP for the PVS VLAN if not already created.

6. Create load balancing servers in NetScaler - Navigate to "Load Balancing" | "Servers" and click "Add". Enter a name and IP address, then click "Create". Repeat this for each TFTP server.

7. Create a new service group - Navigate to "Load Balancing" | "Service Groups" and click "Add". Select "ANY" for Protocol. Select "Server based". Select the TFTP servers created earlier. Enter * for the port. Add a ping monitor, or create your own TFTP monitor. Navigate to the "Advanced" tab. Select "Use Source IP".Select "Client Keep-Alive".Select "TCP Buffering".De-select "Surge Protection".Click "Create".

8. Create a new virtual server - Navigate to "Load Balancing" | "Virtual Servers". Type in a name and IP.  This is the IP that needs to be used in DHCP option 66.  This is also the IP address to be used for the loopback adapters. Set the protocol to "Any". Set the port to *. Navigate to the "Services Group" tab. Select the service group created earlier. Navigate to the "Method and Persistence" tab. Select "SOURCEIP" for persistence. Navigate to the "Advanced" tab. Set redirection mode to "MAC Based".

9. Navigate to the device manager.

10. Right-click the TFTP server name in the middle pane and choose "Add legacy hardware".

11. Click "Next".

12. Select "Install the hardware that I manually select from a list (Advanced)".Click "Next".

13. Select "Network adapters".

14. Click "Next".

15. Select "Microsoft" for the manufacturer.

16. Select "Microsoft Loopback Adapter" for the network adapter.

17. Click "Next".Click "Finish".

18. Navigate to the properties of the new loopback adapter and uncheck IPv6.

19. Go to the properties of IPv4 and type in the IP address and subnet mask.  This is the same IP address when you created the virtual server earlier.  Do not enter a gateway or DNS servers.

20. Disable DNS registration on this adapter.

21. Disable NetBIOS on this adapter.

22. Open a command prompt as an administrator.

23. Enter the following commands for the loopback adapter and PVS VLAN adapter:

24. netsh interface ipv4 set interface "[name of adapter]" weakhostreceive=enabledEnter the following command for just the loopback adapter:

25. netsh interface ipv4 set interface "[name of adapter]" weakhostsend=enabled

26. Navigate to C:\Program Files\Citrix\Provisioning Services.

27. Open tftpcpl.cpl as an administrator.

28. Click on the "TFTP Network" tab.

29. Select the loopback adapter created earlier and de-select any other adapters.

30. Restart the Citrix TFTP service.

31. Test TFTP load balancing with NetScaler DSR. Install the TFTP client feature on a server that is on the PVS VLAN but is not a TFTP server.

32. Open a command prompt and enter the following -

33. tftp [IP of TFTP virtual server created earlier] GET ardbp32.bin ardbp32.bin