Getting started

Getting some basic understanding

Posted on by Johannes Norz / 0 Comment

A Citrix ADC / NetScaler runs two operating systems at the same time: NetScaler OS, a proprietary one belonging to Citrix, and BSD, a UNIX deviate developed by Barkley University (don’t call BSD Linux! It’s UNIX).

Let’s open putty.

Connect to you NSIP on port 22. There will be a warning about a potential security breach: Putty still does not know your ADC’s SSH keys. Confirm to it, It won’t come back.

Log on using nsroot as a user-name and password.

Try some of the most popular UNIX / Linux commands like ls, pwd, top, cd /etc, ifconfig. They all will fail as we are not in BSD but in NetScaler OS.

BSD

Type shell. We change to BSD. The prompt will change from > to #

Now, all UNIX commands work perfectly well. Even the world’s most important text processing engine, vi, is there! (don’t even think of nano, vim and similar ones, this is BSD, not Linux!)

Let’s call top:

You see, there is a process called nsppe-00, wasting 100% of CPU. Our first thought was, to kill this process (kill -9 1210). Not our best idea, to be true, as this process is just a dummy process, blocking a CPU core for NetScaler-OS. It will reboot the ADC (NetScaler), it’s quite similar to a “warm reboot” from the GUI.

There may be many nsppe-xx processes on Citrix ADC MPX and huge VPX appliances. The amount of processes depends on the number of CPU-cores and RAM. A VPX needs at least 2 GB of RAM per CPU core.

Never use ifconfig to change IP addresses from BSD side: BSD is not responsible for network I/O. You would completely mess up the appliance!

If we execute ls -l / we can see the file-system of a Citrix ADC. It’s a typical UNIX filesystem with some additions. The most important one is the nsconfig directory. It contains all configuration (the ns.conf file, up to 5 backups of ns.conf, certificates, licenses and more). Have a look at this directory, it’s rather important!

Executing df shows disk-space. This had been a newly created VPX, and 2 file systems are already full, one almost! What’s up?

devfs and procfs are full, but we don’t need to write something into it. That’s fine. but, more confusing, the root file-system (/dev/md0) is 96% full. It just has 386 MB, only 17 MB free space! That seems to be disconcerting!

/dev/md0 is a ram-drive. It’s as small as any possible.  It gets recreated every time you reboot the appliance. That’s why it’s that small.

Nothing, stored on this RAM-drive, will survive a reboot. This is also true for the most important UNIX directories like /etc (containing all UNIX configurations, the inittab, daemons to start and more). Citrix ADC has some tricks to change the content in /etc directory.

Let’s explore the other two file systems: /var and /flash. A /var directory usually stores logs and bulk data. That’s true for Citrix ADC / NetScaler as well. Firmware images (/var/nsinstall) go there, logs go there (/var/log, /var/nslog), portal customizations (/var/netscaler/logon/themes/), WAF-signatures (/var/download/custom/ and /var/ns_system_backup/backup).

In most cases, if /var runs out of disk-space, /var/core, /var/crash or /var/nsinstall is quilty. You may delete files in there without any risk.

 NetScaler shell

Citrix NetScaler OS is a proprietary OS, belonging to Citrix. It is responsible for all network I/O. It does not have a boot-loader, nor does it have a file-system, so it needs to work hand in hand with BSD.

The command syntax is very different from UNIX, so we have to learn how to deal with it. That sounds troubling, but it’s not, as the syntax is rather like spoken language. show ns ip, as an example, will list all IPs, our appliance currently has. show route lists the route. show ns running config prints the configuration in memory, show ns saved config the configuration on disk. diff ns config -outtype cli lists all differences between running and saved configuration (ever heard about something called documentation? Here you go!) save ns config saves the currently running configuration to disk.

The NetScaler shell has some auto-complete capabilities (so typing sho and than [tab] will autocomplete st show). You may skip some parts of a command. I will show using save ns config.

Instead of save ns config you could also type save config as the name of the object, ns, is not needed as there is nothing else to be saved. save c would be fine as well, as the most important thing, we could save, is the configuration.

If we don’t know what to save, add, show, bind, rm (remove), apply, …, we could just type the verb, save ? and it will give us a list of objects this verb could be used with. You might press tab twice instead of using the questionmark.




Johannes Norz

Leave a Comment

Your email address will not be published. Required fields are marked *