Table of Contents

How Citrix ADC uses a proxy for connections?

The proxy protocol safely transports the details of a client from one client to another on the Citrix ADC applications. The apportionment adds a proxy protocol header with the details of the client and transfers it to the main server. Here are some of the scenarios for using the proxy protocol in a Citrix ADC appliance

  • IP address of the original customer
  • Selecting a language for a website
  • Block the list of selected IP addresses
  • Registration and collection of statistics.

Here are the three operating modes:

  • Insert. The appeliance inserts the client details and sends them to the main server.
  • Moving forward. The appance transmits client details to the main server.
  • Stripped. The appance stores client details for newspaper purposes. In addition, if the proxy protocol is not supported on the main server, send the details of the client to the server using the configuration of the rewriting strategy

Limitations

The proxy protocol is not supported for the TCP Fast Open (TFO) and TCP MultiPath functionality. Functionality is only supported for services for which the Citrix ADC app ends the TCP connection. It does not support other services, for example “ANY”.

Operation of the proxy protocol in a Citrix ADC appliance

The following flow diagrams show how to configure the proxy protocol on Citrix ADC applications for insertion, transfer and counting operations:

3>Integration operation3>

  • On the Citrix ADC instance, you must activate the proxy protocol in the network profile and link it to the service.
  • In the insertion operation, Citrix ADC adds a proxy header with the details of the client connection and transfers it to the main server.
  • On the sending side, the appancel decides on the version of the proxy protocol according to the configuration of the command line interface.

3>Operation Forward3>

  • A client sends a request with the proxy header to Citrix ADC. The appancelion dynamically identifies the version.
  • In the Citrix ADC app, this is a transfer operation. The proxy protocol is activated on the virtual charge balancing server or the virtual content switching server and activated on the service. The appeliance receives the proxy header and transmits the header details to the main server.
  • If the details of the proxy header are not in incorrect format, the appance reset the connection.
  • On the sending side, the appancel decides on the version of the proxy protocol according to the configuration of the command line interface.

3>Scrambled operation3>

  • A customer sends a request with a proxy header to the Citrix ADC appelion
  • In the Citrix ADC app, if it is a Stripped transaction, the appancel transfers client information obtained from the proxy protocol and inserts it into the HTTP header using expressions of rewriting strategy.
  • Customer details, such as source IP address, destination IP address, source port and destination port, are added to an HTTP header using rewriting strategy expressions. The rewriting strategy assesses the expression and if it is “true”, the corresponding rewriting strategy action is triggered. Customer details are then transferred to the main server in an HTTP header
  • If the details of the proxy header are not in incorrect format, the appance reset the connection.

Proxy protocol version formats

The version of the Proxy protocol is available in two formats. The appancel decides to use a format based on the length of the incoming data. For more information, see DP on the proxy protocol .

  1. Version format 1 of the proxy protocol

    PROXY TCP4 / TCP6 / UNKNOWN

    • PROXY -> Single string format for the proxy version -1 header.
    • Support for TCP protocols on IPv4 and TCP on IPv6. For the other protocols, it’s UNKNOWN
    • IP SRC: source IP address (IP of the original customer) of a package.
    • IP DST: IP address of destination of a package.
    • Port SRC: source port of a package.
    • DST port: destination port of a package.
  2. Version format 2 of the proxy protocol

    0D 0A 0D 0A 00 0D 0A 51 55 49 54 0A <13th byte> <14th byte> <15-16th byte> <17th byte onwards>

    • D 0A 0D 0A 00 0D 0A 51 55 49 54 0A -> Single binary string for the Proxy version -2 header.
    • Support for TCP protocols on IPv4 and TCP on IPv6. For the other protocols, it’s UNKNOWN
    • Thirteenth byte – version of the protocol and order.
    • Fourteenth byte – family of addresses and protocols.
    • 15-16th byte: length of the address in the network order.
    • From the seventeenth byte – Addresses of information present in the network order – IP src, IP dst, port src, port dst.

Configure the proxy protocol in the Citrix ADC appretition

Take the next steps to configure the proxy protocol in your Citrix ADC appliance

  1. Activate the proxy protocol as a global.
  2. Configure the proxy protocol for the insertion operation
  3. Configure the proxy protocol for the Forward operation
  4. Configure the proxy protocol for the Strip operation
  5. Configure the proxy protocol without operation

3>Activate the proxy protocol as a global3>

At the command prompt, type the following:

set ns param –proxyProtocol ENABLED

3>Configure the proxy protocol for the insertion operation3>

To configure the proxy protocol for the insertion operation, you must activate or deactivate the protocol on the virtual load balancing server and activate it on the service.

Add a network profile with the disabled proxy protocol for the virtual charge balancing server

At the command prompt, type the following:

add netprofile -proxyProtocol ENABLED / DISABLED> -proxyprotocoltxversion

Example:

Add netprofile proxyprofile-1 –proxyProtocol DISABLED –proxyprotocoltxversion V1

Note :

If you deactivate the proxy protocol on your appelition, it is not necessary to define the version parameter of the protocol.

Add a network profile with an activated proxy protocol for service

At the command prompt, type the following:

add netprofile -proxyProtocol ENABLED / DISABLED> -proxyprotocoltxversion

Example:

add netprofile proxyprofile-2 –proxyProtocol ENABLED –proxyprotocoltxversion V1

Add a virtual load balancing server for the Citrix ADC app in the proxy layer

At the command prompt, type the following:

add lb vserver @ [(@ )]

Example:

add lb vserver lbvserver-1 http 1.1.1.1 80

Add an HTTP service for the Citrix ADC appletion in the proxy layer

At the command prompt, type the following:

add service @ (@ 拉 @)

Example:

Add service http-service-1 2.2.2.1 http 80

Set a network profile with a virtual load balancing server in the Citrix ADC app

At the command prompt, type the following:

set lb vserver -netprofile

Example:

set lb vserver lbvserver-1 –netprofile proxyProfile-1

Set a network profile with the HTTP service in the Citrix ADC app

At the command prompt, type the following:

set service -netprofile

Example:

set service http-service-1 –netprofile proxyProfile-1

3>Configure the proxy protocol for a transfer operation3>

To configure the proxy protocol for the transfer operation for the next Citrix ADC instance of the proxy layer. You must activate or deactivate the protocol and link to the server or virtual service.

Add a network profile with the activated proxy protocol for the virtual charge balancing server

At the command prompt, type the following:

add netprofile -proxyProtocol ENABLED / DISABLED> -proxyprotocoltxversion

Example:

add netprofile proxyprofile-3 –proxyProtocol ENABLED –proxyprotocoltxversion V1

Add a network profile with the proxy protocol activated for service

At the command prompt, type the following:

add netprofile -proxyProtocol ENABLED / DISABLED> -proxyprotocoltxversion

Example:

add netprofile proxyprofile-4 –proxyProtocol ENABLED –proxyprotocoltxversion V1

Add a virtual load balancing server for the Citrix ADC app in the proxy layer

At the command prompt, type the following:

add lb vserver @ [(@ )]

Example:

add lb vserver lbvserver-2 http 2.2.2.2 80

Add an HTTP service for the Citrix ADC appletion in the proxy layer

At the command prompt, type the following:

add service @ (@ 拉 @)

Example:

Add service http-service-2 3.3.3.1 http 80

Set a network profile with a virtual load balancing server in the Citrix ADC app

At the command prompt, type the following:

set lb vserver -netprofile

Example:

set lb vserver lbvserver-2 –netprofile proxyProfile-3

Set a network profile with the HTTP service in the Citrix ADC app

At the command prompt, type the following:

set service -netprofile

Example:

set service http-service-2 –netprofile proxyProfile-4

3>Configure the proxy protocol for the tape operation3>

To configure the proxy protocol for the counting operation, you must activate the proxy protocol on the virtual charge balancing server and deactivate the proxy protocol on the service.

Add a network profile with the activated proxy protocol for the virtual server

At the command prompt, type the following:

add netprofile -proxyProtocol ENABLED> -proxyprotocoltxversion

Example:

add netprofile proxyprofile-5 –proxyProtocol ENABLED –proxyprotocoltxversion V1

Add a virtual charge balancing or content switching server for the Citrix ADC appletion in the proxy layer

At the command prompt, type the following:

add lb vserver @ [(@ )]

Example:

add lb vserver lbvserver-3 http 2.2.2.2 80

Add an HTTP service for the Citrix ADC appletion in the proxy layer

At the command prompt, type the following:

add service @ (@ 拉 @)

Example:

Add service http-service-3 3.3.3.1 http 80

Set a network profile with a virtual load balancing or content switching server in the Citrix ADC app

At the command prompt, type the following:

set lb vserver -netprofile

Example: set lb vserver lbvserver-3 –netprofile proxyProfile-5

Configure the proxy protocol using the Citrix ADC graphical interface

  1. Access System> Settings> Modify the overall system parameters.
  2. In the page Configure the overall system parameters, activate the check box Protocol proxy .
  3. Click on OK and sure To close.

  4. Access System> Network> Network profiles.
  5. In the information pane, click on Add to create a network profile for the virtual load balancing server.
  6. In the page Network profile, define the following parameters:
    1. Last name. Name of the network profile.
    2. Proxy protocol. Activate or deactivate the proxy protocol for the virtual charge balancing server.
    3. TX version of the proxy protocol. Set the version of the proxy protocol on V1 or V2 according to the incoming data format.

  7. Click on OK.

  8. In the information pane, click on Add.
  9. In the page Virtual load balancing server, set the basic parameters.
  10. In the section Advanced parameters, select Profiles.
  11. In the section Profiles, click the pencil-shaped icon.
  12. Select a network profile, then click on OK.
  13. Click on Completed.

  14. In the information pane, click on Add.
  15. In the page Load balancing service, define the basic parameters.
  16. In the section Advanced parameters, select Profiles.
  17. In the section Profiles, click the pencil-shaped icon.
  18. Select a network profile, then click on OK.
  19. Click on Completed.

Note :

If multiple Citrix ADC applications are part of the proxy layer, you must define the configuration of the proxy protocol on each apportionment for the transfer operation.

The official version of this document is in English. Some contents of the Citrix documentation have been automatically translated for practical purposes only. Citrix has no control over automatically translated content, which may contain errors, inaccuracies or inappropriate language. No guarantees, explicit or implicit, is not provided for accuracy, reliability, the relevance or correctness of any translation made from the original English to another language, or as to the conformity of your Citrix product or service with any content automatically translated, and any guarantee provided under the end user license contract or the conditions of use of the applicable services, or any other agreement with Citrix, as to the conformity of the product or service with any documentation does not apply insofar as this documentation has been automatically translated. Citrix cannot be held responsible for any damage or problem due to the use of automatically translated content.

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *