What to submit when asking for layer4 service.

This document will help with what to put in the request when asking for layer4 services.

Things to keep in mind

Currently only specific subnets can be load balanced with the layer4 switch. If your server is not on one of these subnets it will have to move to a load balanced subnet.

Load balanced subnets as of 1/24/2017 are:

Subnet SLB Health Check IP Load Balancer Description
144.92.197.128/25 144.92.197.131 Citrix/Netscaler Portal Production Public(Note: VIPs are also behind firewall)
144.92.8.0/24 144.92.8.6 Citrix/Netscaler Portal Production Private
144.92.170.0/25 144.92.170.2 Citrix/Netscaler (ITE) Test Public(Note: VIPs are also behind firewall)
144.92.7.0/24 144.92.7.5 Citrix/Netscaler (ITE) Test Private
128.104.1.128/25 128.104.1.194 Citrix/Netscaler General purpose server load balancing - Production network(Note: VIPs are also behind firewall)
128.104.236.0/23 128.104.236.4 Citrix/Netscaler Learn @ UW (Production)
144.92.127.0/25 144.92.127.4 Citrix/Netscaler Learn @ UW (Beta)
144.92.119.128/25 144.92.119.134 Citrix/Netscaler Learn @ UW (WebDAV Beta)
144.92.49.192/26 144.92.49.198 Citrix/Netscaler General purpose server load balancing - Test network (Note: VIPs are also behind firewall)
144.92.9.0/24 144.92.9.7 Citrix/Netscaler General purpose server load balancing - Production network (Note: VIPs are also behind firewall)
144.92.128.0/25 144.92.128.6 Citrix/Netscaler Restricted Data - Test Subnet (Note: VIPs are also behind firewall)
144.92.201.128/25 144.92.201.134 Citrix/Netscaler Restricted Data 2 - Production Subnet (Note: VIPs are also behind firewall)
128.104.155.0/24
128.104.155.6
Citrix/Netscaler AIMS VM network (Note: VIPs are also behind firewall)
128.104.46.0/24
128.104.46.6
Citrix/Netscaler LTG/LIRA - Production Subnet (Note: VIPs are also behind firewall)
128.104.31.64/26
128.104.31.70
Citrix/NetscalerRestricted Data 3 - Production Subnet (Note: VIPs are also behind firewall)
128.104.22.0/24
128.104.22.6
Citrix/NetscalerGeneral purpose server load balancing - Production network (Note: VIPs are also behind firewall)
144.92.104.0/24
144.92.104.6
Citrix/NetscalerGeneral purpose server load balancing - Production network (Note: VIPs are also behind firewall)
144.92.26.96/27144.92.26.105Citrix/NetscalerGeneral purpose server load balancing - Production network (Note: VIPs are also behind firewall)
128.104.54.0/24
128.104.54.6
Citrix/NetscalerDoIT Shared Web Hosting Network 3 (Note: VIPs are also behind firewall)
128.104.53.160/27128.104.53.190
Citrix/NetscalerOCIS Logging (Note: VIPs are also behind firewall)
128.104.50.0/24
2607:f388:2:1::/64
128.104.50.6
2607:f388:2:1::6
Citrix/NetscalerCCI Shared L4 Services (Note: VIPs are also behind firewall)
128.104.221.0/25
128.104.221.6
Citrix/NetscalerCCI Shared Restricted Data L4 Services (Note: VIPs are also behind firewall)
128.104.82.0/25
128.104.82.6
Citrix/Netscaler
DoIT Data Center Prod Restricted Data 3 (Note: VIPs are also behind firewall)
10.130.165.0/24
10.130.165.6
Citrix/NetscalerOCIS Logging (Note: VIPs are also behind firewall)
10.128.127.0/24
10.128.127.6Citrix/NetscalerDoIT Shared Web Hosting RFC1918 Network
10.130.171.128/25
10.130.171.168
Citrix/NetscalerDoIT VOIP
144.92.5.128/25
144.92.5.134
Citrix/NetscalerAIMS VDI Access Points
Virtual IPs (VIPs) that are behind the firewall (noted above in "red"), normally have a rule of "allow any" to them. Traffic destined to a VIP and configured UDP or TCP port on the load balancer will be load balanced, everything else will be dropped. OpEng will still need to know what the VIP is for new services to be sure the firewall will allow traffic to the new VIP.

Add/change/deletion examples

Example #1
Please forward this case to Network Services.
I need the following L4 config created:

  VIP = 144.92.197.135 (my.wisc.edu)
    Server = 144.92.197.205 (unas.doit.wisc.edu)
    Server = 144.92.197.165 (djer.doit.wisc.edu)
    Server = 144.92.197.166 (sethos.doit.wisc.edu)
      TCP Port = 80, metric = hash
      TCP Port = 443, metric = hash
      TCP Port = 25, metric = roundrobin 

Date/Time when this can be done: anytime

Thanks,
sysadmin Chuck



Example #2
Please forward this case to Network Services.
I need the following server ADDED to an already existing VIP:

  VIP = 144.92.197.135 (my.wisc.edu)
    Server = 144.92.197.202 (den.doit.wisc.edu)
      TCP Port = 80
      TCP Port = 443

Date/Time when this can be done: anytime

Thanks,
sysadmin Chuck


Example #3
Please forward this case to Network Services.
I need the following server REMOVED from the layer4 switch:

    Server = 144.92.197.164 (darius.doit.wisc.edu)

Date/Time when this can be done: anytime

Thanks,
sysadmin Chuck



Example #4
Please forward this case to Network Services.
I need the following TCP port REMOVED from the followng VIP:

  VIP = 144.92.197.135 (my.wisc.edu)
      TCP Port = 25

Date/Time when this can be done: anytime

Thanks,
sysadmin Chuck

Citrix/Netscaler Metrics and Health Checking

Metrics for the Citrix Netscaler can be found here.
Health checks for the Citrix Netscaler can be found here


Keywordsl4 layer4 load balancing subnets portal test VIP persistence server ITE hash metric roundrobin   Doc ID4246
OwnerScott B.GroupNetwork Services
Created2005-12-06 19:00:00Updated2020-05-07 11:45:03
SitesDCTeam, DoIT Staff, Network Services, Office of Cybersecurity, Systems & Network Control Center, Systems Engineering
Feedback  0   0