stupid question maybe, but how to roll back easily?

same problems with a Netscaler VPX

Also had this issue last night with updates so we rolled back, we also tried 4 different builds of the netscaler VPX 10.0-10.5 latest all had the same problem, if we moved the vm from a patched to unpatched host it would immediately start working again.

We had the same problem and have a new working situation now.

Haven't figured out the exact cause yet, but is has to do with a misconfiguration of the netsacler software in combination with delivery controllers/subnets/ network and/or arp requests.

Works as designed (which I think was wrong in the first place)

Ik took us 3 days to solve.

Yes we did the vmware update and had the same issue. Bring the network interfaces up and down, you have a ping and suddenly the netscaler stops responding. And on the console we were not able to ping any gateway or external server.  But we had 100+ other vmservers with no problems. And yes it looked like this was our only freebsd based server, and yes our only netscaler server. So why  did that one only have the problem.

I think the software thinks it has a new route based on an incoming packet from a citrix delivery controller and decides on it's own to change the default route to an other interface (not sure yet which one the Nsip/vip/mip/snip or whatever)

We got the latest netscaler software, buildt it on our XEN hypervisor environment got it working. And after a few hours we got a similar problem. In this case the ip adresses were still pingable but the result was the same. No access.

In the netscaler virtual server STA ticketing authority interface we had 4 controllers 2 down and 2 up. The ones that were up were  on a different subnet than the one that were down.

The up ones were our latest added delivery controllers. They were in the same ip-subnet as the NSIP interface.

So we removed them rebooted the netscaler and the problem was solved.

My concusion (for now) the STA must not be in the same subnet as the NSIP (and /or) the 2 VIP's we had. Our MIP was in allreadyin a different subnet.

Now I'm trying the figure out with our external party who installed out netscaler appliance 2 years ago what the requirements are for all the different interfaces and subnets/vi/STA etc within the netscaler software.

And I think it was pure luck the pasted 2 yearsk that the vmware hosts probably blocked that uninteded network trafic/arp requests or whatever.

When the smoke clears we will try to install it back on the vm platform and see if we get it working again

Forgive my typos etc, I'm in a hurry (lost 3days not puzzling 😉

Cheers and have a nice weekend.

Eric Burger

Do you happen to have a VM in the same port group with a VMXNET 2 adapter ?

VMware KB: Virtual machines in the same vSwitch or vNetwork Distributed Switch (VDS) as a virtual ma...

VMWare techsupport told me : The issue seems to be a NetScaler driver problem when setting the tx_ring size, the ESXi patch just exposes the issue, but it is not the root cause of it. This is the recommendation from engineering so far: "Suggest customer consult Citrix to upgrade the e1000 driver on NetScalar to see if the issue disappears.   can somebody open a case @ citrix and keep us updated> (i only have sa @ citrix and not a support contract)"

Thank you for posting this!  We've been searching up and down for the last 24hrs trying to find what caused the sudden issues on our Netscaler.  Rolling back the ESX patch using the above instructions solved the issue.  Please post back when a permanent fix is released.

Can anyone confirm if they also solved the problemby changing the STA(s) ip address(es) into an other subnet.

Afterwords I though there still could be 2 workarounds for the problem, the one I proposed or maybe all the STA's shouldl be in the same subnet.

Becasue we had  2 in one subnet and 2 in the one of the NSIP.

I would wait for a patch, because I think it's going wrong on the network level (by design) and my expirience is that even the big multinationals

make the same mistakes twice.

Eric