There is a Citrix cluster deployed in our environment. But cluster ip not working from an outside network, although working fine in same network.

Checked MS doc – troubleshooting NLB, foud following cause:

There is no response when you use ping to access the cluster's IP address from an outside network.

Verify that you can use ping to access the dedicated IP addresses for the cluster hosts from a computer outside the router. If this test fails, and you are using multiple network adapters, the issue is not related to NLB. If you are using a single network adapter for the dedicated and cluster IP addresses, consider the following causes:

  • Cause: If you are using multicast support, you might find that your router has difficulty resolving the primary IP address into a multicast media access control (MAC) address by using the Address Resolution Protocol (ARP).
  • Solution: Verify that you can use ping to access the cluster from a client on the cluster's subnet and to access the cluster hosts' dedicated IP addresses from a computer outside the router. If these tests work properly, the router is probably at fault. You should be able to add a static ARP entry to the router to circumvent the issue. You can also turn off NLB multicast support and use a unicast network address without a hub.
  • Cause: When using NLB in multicast or unicast mode, routers need to accept proxy ARP responses (IP-to-network address mappings that are received with a different network source address in the Ethernet frame).
  • Solution: Make sure that your router has proxy ARP support turned on. You can also set a static ARP entry to keep proxy ARP support disabled in the router.
  • Cause: Internet control message protocol (ICMP) to the cluster is blocked by a router or firewall.
  • Solution: Allow ICMP traffic through the router or firewall. Be aware that this may expose your system to additional security risk.
Those citrix server are ESX virtualized and connecting to Cisco 4506 switch. Show arp did not see Cluster ip's mac address but physical ip addresses of both cluster members are in the arp table. 
Manually add arp record into table such as :
arp 03bf.0a5e.12cb arpa

We are able to see cluster ip's arp record. ICMP and Application access from outside network is no problem. 

By Jon

Leave a Reply