Efficient hosting of applications in the cloud requires continuous optimization of app availability. Until now, a high availability (HA) solution across an availability zone required the use of a public/elastic IP configured along with ipset. But what about scenarios where only internal apps are required, the network only requires a private IP, or the IT admin doesn’t want to use an elastic IP? In these cases, HA configuration wasn’t possible.

Now, we’ve made it possible to configure HA across availability zones without using a public IP. For Citrix ADC builds 13.0.67.x and above, we support configuration of private IP HA across availability zones in AWS.

HA with private IP movement across availability zones supports the use of private IPs as your VIP or SNIP, as well as the configuration of HA between two ADCs.

The design is cost effective and can be integrated with your existing multizone EIP solution. It’s also easy for customers to consume without any overhead associated with changing existing configurations.

Using the Feature

In this example, we create a single VPC in which two VPX instances are created in two availability zones. Each instance has three subnets — one for management, one for the client, and one for the back-end server.

The following diagrams show the Citrix ADC VPX high availability setup in INC mode, on AWS.

For this scenario, use CLI to configure high availability.

1) Set up high availability in INC mode on both the instances. Type the following commands on the primary and the secondary nodes.

On primary:

add ha node 1 192.168.4.10 -inc enabled

Here, 192.168.4.10 refers to the private IP address of the management NIC of the secondary node.

On secondary:

add ha node 1 192.168.1.10 -inc enabled

Here, 192.168.1.10 refers to the private IP address of the management NIC of the primary node.

2) Add a virtual server on the primary instance.

Use the following command:

add lbvserver vserver1 http 10.10.10.10 80

Then, follow these steps:

  1. Save the configuration.
  2. Add a route on the AWS VPC for 10.10.10.0/24 pointing to the Primary ENI
  3. After a forced failover:
    • The secondary instance becomes the new primary instance.
    • The VPC route pointing to the primary ENI migrates to the secondary client ENI.
    • Client traffic resumes to the new primary instance.

Citrix ADC Delivers

For secure networks or where the public IP can’t be configured, this HA can be configured easily. And like on-prem Citrix ADCs, you have the flexibility to choose your own range of private IP subnets. Also, AWS limits the number of IPs used per interface based on instance type. However, this feature allows you to use multiple private IPs on a single ENI.

It’s also easy to configure, in just two steps. You don’t need ipsets, ENI, a cloud load balancer, or other components that can get complicated. You just configure the HA in INC mode and create a VPC route for the client subnet pointing to Primary ENI. It also offers faster failover times and easily integrates with elastic IP HA solutions, so you get the benefits of the elastic IP and the private IP solution together in a multizone.

To learn more about deploying a VPX high-availability pair with private IP addresses across different AWS zones, check out our product documentation.